List,
I have enabled in the plone site for the cookie sharing for mydomain.com
and shared a secret is there "blah"
Now in the server machine for apache I enabled mod_auth_tkt ( the
plone version supports mod_auth_tkt compatible systems.)
The plone site and SM both runs in the same machine under same
apache were mod_tkt is loaded.
Vhost entry for Squirrel mail
<VirtualHost *:80>
ServerAdmin webmaster@xxxxxxxxxxxx
DocumentRoot /usr/local/www/SquirrelMail
ServerName webmail.mydomain.com
ServerAlias webmail.mydomain.com
TKTAuthSecret "blah"
<Location /src/login.php>
TKTAuthIgnoreIP on
TKTAuthDebug 2
TKTAuthDomain .mydomain.com
TKTAuthTimeout 2w
TKTAuthCookieExpires 2w
TKTAuthRequireSSL off
TKTAuthCookieSecure off
</Location>
ErrorLog /var/log/httpd-error.log
CustomLog /var/log/httpd-access.log combined
</VirtualHost>
There is an existing IMAP account user: kkchn@xxxxxxxxxxxxxxxxxxxx
password:
mypass
Then I created the same user kkchn@xxxxxxxxxxxxxxxxxxxx in Plone
Site with same password "mypass"
Restarted apache
I logged in to the plone site (intranet.mydomain.com) with the
user name "kkchn@xxxxxxxxxxxxxxxxxxxx" with "mypass" and click
the link for webmail.mydomain.com but it prompts me for username
and password.
Do I miss any configuration other than the above in the Squirrel
Mail virtualhost config ? Or anything additional work required?
This is my Virtual host configuration for Plone site.
<VirtualHost *:80>
ServerAdmin kk@xxxxxxxxxxxxxxxxxxxx
ServerName intranet.mydomain.com
RewriteEngine On
RewriteRule ^/(.*)
http://127.0.0.1:8081/VirtualHostBase/http/intranet.mydomain.com:80/Intranet/VirtualHostRoot/$1
[L,P]
ErrorLog /var/log/apache/intranet.mydomain.com/error_log
CustomLog /var/log/apache/intranet.mydomain.com/access.log combined
</VirtualHost>
Please shed some light on this regard.
Thanks in advance
KKCHN
On 5/12/12, Paul Lesniewski <paul@xxxxxxxxxxxxxxxx> wrote:
> On Fri, May 11, 2012 at 10:54 PM, KK CHN <kkchn.in@xxxxxxxxx> wrote:
>> List,
>>
>> I have a plone 4.1.4( CMS) installation, and a squirrel mail web client
>> running on
>> different machines but under the same domain. say
>> intranet.mydomain.com
>> and webmail.mydomain.com
>>
>> I am trying to implement a SSO for this plone intranet site and Squirrel
>> Mail client. ( The plone site is integrated with LDAP server. Both Plone
>> site and Squirrel mail refers the same user credentials in this LDAP
>> server)
>>
>>
>> What configurations/additional work I have to make for the SM instance
>> for SSO to work from plone site, so clicking a link in the plone
>> site
>> to the squirrel mail site should logged in to the squirrel mail client
>> so
>> users can see their emails, without signing again to the squirrel mail
>> login page.
>>
>> Please give your guidance/workarounds how to accomplish this SSO for
>> Squirrel Mail.
>
> You could try to hack something into one or the other of these two
> applications (or both) so that they understand each other's cookies,
> for example (still may present problems authenticating against the
> IMAP server - keep in mind that SquirrelMail passes authentication to
> the IMAP server, so it MUST have a username and password to
> authenticate with, and in that sense, it's far smarter to ask how to
> modify plone to understand when a user has been authenticated via
> SquirrelMail), but the more robust way to handle this is to find a SSO
> authentication implementation that both applications are compatible
> with. Shibboleth is one popular example, but there are others. Do
> your homework. There is a SquirrelMail plugin that is compatible with
> some such authentication systems that will be available soon - but it
> is not trivial to set this kind of system up because you must be able
> to integrate it with your IMAP server too.
>
>
> --
> Paul Lesniewski
> SquirrelMail Team
> Please support Open Source Software by donating to SquirrelMail!
> http://squirrelmail.org/donate_paul_lesniewski.php
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> -----
> squirrelmail-users mailing list
> Posting guidelines: http://squirrelmail.org/postingguidelines
> List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
> List info (subscribe/unsubscribe/change options):
> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
