CoSign: Collaborative Single Sign-On  
AnnouncementsDiscussion
 

cosign-discuss at umich.edu
general discussion of cosign development and deployment
 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Cosign and cyrus imap and IMP



Wes,


Thanks for that, really cool, as we will be moving our student mail systems
to this in the near future and it is good to know how you guys have done it.

But, the problem I am having is mainly with Kerberos, in reality, because
the tickets are tied to the cosign server, and thus will not work on the web
server with my IMP and IMAP proof of concept (more of a kinda it-can-be-done
than POC). I cannot see how you guys get around it, other than perhaps your
Kerberos server gives out address-less tickets by default???

I will need to wander through the PHP stuff to try to figure out why it is
attempting to proxy me to the apache user.

Thanks

Brett

-----Original Message-----
From: Wesley D Craig [mailto:wes@xxxxxxxxx] 
Sent: Sunday, 7 November 2004 5:35 a.m.
To: Brett Lomas on vxchange
Cc: 'cosign-discuss@xxxxxxxxx'
Subject: Re: Cosign and cyrus imap and IMP

On 06 Nov 2004, at 06:12, Brett Lomas on vxchange wrote:
> Has anyone gotten cosign working Cyrus IMAP through IMP?

This is exactly what we're running at UMich today, tho we're using  
Cyrus Murder, so maybe it's more complex than you require.  We're also  
using up-imapproxy:

	http://www.imapproxy.org/

(which appears to be down just now) to cache IMAP connections, thus  
reducing load on the IMAP servers.  /etc/imapproxy.conf has these  
lines:

	server_hostname 127.0.0.1
	listen_address 127.0.0.1
	listen_port 8143

to tell it to just talk to the local proxyd and to listen on the  
loopback on an alternate port.

We also made a small change to proxyd:

	http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus- 
devel&msg=755

which has been accepted into the cyrus imap CVS.  Cyrus proxyd is  
running locally on the IMP machines, with the above -N option.  IMP has  
been modified to authenticate to port 8143 using the REMOTE_USER as  
provided by Cosign for both ID & password.

I've attached a picture.  This set up works much better than our old  
setup, which used the Cosign provided TGT to make a new connection for  
each HTTP transaction.

:wes



 
Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010