[Kolab-devel] krb_authentication in roundcube
Jochen Hein
jochen at jochen.org
Tue Jan 12 00:08:09 CET 2016
Hi,
I'm looking at
https://github.com/roundcube/roundcubemail/commit/1b8ca08e5b042035b096c61d094fab0157941f17
especially at the changes in
program/lib/Roundcube/rcube_imap_generic.php:
+ elseif ($type == 'GSSAPI') {
+ if (!extension_loaded('krb5')) {
+ $this->setError(self::ERROR_BYE,
+ "The krb5 extension is required for GSSAPI authentication");
+ return self::ERROR_BAD;
+ }
In my tries I didn't see that messages in the logs.
Do I understand correctly that this needs the php_krb5 module from
http://pecl.php.net/package/krb5 installed and active? There seems to
be no Debian package available - Fedora seems to have an up-to-date
package. If it is indeed needed I'll try to package the module.
Are there any hints what configuration for apache is needed? My initial
tries were not successful, but now it seems that I missed the dependency
on php_krb5. It may be useful to add something to
https://git.kolab.org/T468 (Document the configuration changes (to Kolab
components) required to enable GSSAPI authentication).
This is what I tried in my apache config:
root at kolab35:/etc/apache2/conf-available# cat auth_kerb.conf
<Location /roundcubemail>
SSLRequireSSL
AuthType Kerberos
AuthName "Kerberos Login JOCHEN.ORG"
KrbMethodNegotiate On
KrbMethodK5Passwd On
KrbSaveCredentials On
KrbAuthRealms JOCHEN.ORG
Krb5KeyTab /etc/apache2/http.keytab
KrbServiceName HTTP
require valid-user
</Location>
Any hints or tips?
Jochen
--
The only problem with troubleshooting is that the trouble shoots back.
More information about the devel
mailing list