> I'm fairly new to PHP programming, I'm trying to achieve single > sign-on between SquirrelMail and our Java-based portal (uPortal). > > I'm using JASIG CAS as the authentication system (via PAM CAS on the > IMAP server). CAS uses one-time password tokens, so each brand new > IMAP authentication attempt will require a new password. Every page opened in SquirrelMail authenticates towards the IMAP server, so having one-time password won't work. > To complicate this further, I'm also planning to use IMAP proxy > (up-imapproxy). So I'll need to cache password tokens for a short > while in the session and once they expire in the proxy re-obtain new > password credentials from CAS. When using IMAP Proxy, SquirrelMail authenticates towards the proxy, and the proxy authenticates towards the IMAP server. This should allow you to stay logged in longer when using one-time passwords. It's probably possible to configure the proxy for how long it will keep the connection towards the IMAP server open. > I'd also like to continue offering the non-CAS method of IMAP > authentication. Incidentally, I'm using ESUP phpCAS software. > > I've managed to get something working by directly modifying the source > code of several SquirrelMail source files (including imap_general.php and > webmail.php) but it doesn't feel right. > > I think I should really be using hooks. As I understand it, I need a > hook to be called every time the function sqimap_login from > imap_general.php is called. This hook will need to be able to modify the > password string used for IMAP connection. It will need to attempt IMAP > authentication and when the password token expires in the IMAP proxy it > will acquire a new password token and re-attempt authentication. You can insert your own hooks into the SquirrelMail source code, if the ones there already isn't useful for you. Keep it as a patch, which will help you reinstating the hooks when upgrading SquirrelMail the next time. Using hooks is generally a better idea then source code modifications. > Does anybody have any advice on the best way to implement this? On the other hand, I don't know how the JASIG CAS authentication system works, so I might be completely wrong. Sincerely, Fredrik. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
