On Tue, Feb 9, 2010 at 7:15 AM, cliarc wl <cliarcwl@xxxxxxxxx> wrote: > On Mon, Feb 8, 2010 at 2:27 PM, Marc Powell <marc@xxxxxxx> wrote: >> >> On Feb 8, 2010, at 3:16 PM, cliarc wl wrote: >> >> > SquirrelMail Version : 1.4.8 >> > Plugins : default install plugins - no additions or subtractions >> > PHP 5.1.6 >> > Apache 2.2.3 >> > Dovecot 1.0.7 >> > Postfix 2.3.3 >> > Linux webmail 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 >> > i686 i386 GNU/Linux - Rhel 5.4 >> > SquirrelMail installed via YUM >> > >> > Hello. I'm trying to tie squirrelmail into our LDAP/RSA environment for >> > auth. I have dovecot working via pam with rsa and was hoping I could use >> > mod_auth_imap http://ben.brillat.net/projects/mod_auth_imap/ as noted in the >> > squirrelmail documentation to pass auth duties to dovecot. >> >> Auth duties are already passed to your IMAP server; there are none built >> in that I am aware of. Squirrelmail simply takes the username and password >> pair provided via the login screen and tries to log in with them on the IMAP >> server. If they work, you're allowed in (and they are securely stored for >> future requests to the IMAP sever during that session). If they don't work, >> you're presented with the invalid login screen. >> >> If your IMAP server uses your LDAP for it's account/auth info, there's >> nothing you can or need to do with Squirrelmail. > > Thanks for the reply. I'm a bit confused now. You say SquirrelMail is > already auth'ing against my IMAP server with out the need for mod_auth_imap. > My IMAP server (dovecot) is using ldap/pam-rsa to auth with a username and > passcode from the rsa token and it works fine. When I try to login to > SquirrelMail it kind of works. I get the frame split on the left but still > get an unknown user error. If I disable pam rsa and go back to pam kerbros > then SquirrelMail works fine. Is this a limit of SquirrelMails Basic auth? If you get a frame split, then the login worked. You should debug what went wrong after that (usually has to do with cookies, but because changing auth method fixes it, it's something else in your case). Is the passcode a one-time code (different for each login)? Any webmail client needs to log in for EVERY page request due to the stateless nature of HTTP, so do keep that in mind. The use of an IMAP proxy can help alleviate this problem, but when the proxy times out your login session, the webmail client doesn't usually have any way to know what happened and gives you an ugly error. > Also is it possible to do pass through auth in SquirrelMail so I can just > use the apache rsa module and not have to worry about getting > SquirrelMail/Dovecot working with my pam-rsa backend? You keep asking about pass through auth in SquirrelMail.... SquirrelMail is just an IMAP client. That means all it does is give your username and password to the IMAP server to see if it can do an IMAP login successfully. That's it. It's "pass through" by design. > Thanks for the help! > -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users