General discussion on installation and configuration of SOGo

Text archives Help


Re: [SOGo] kerberos authentication


Chronological Thread 
  • From: Marco Bencivenni < >
  • To:
  • Subject: Re: [SOGo] kerberos authentication
  • Date: Tue, 1 Feb 2011 10:38:08 +0100
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=tnChxMNHtJuvVwLvg05wwJdG6peQO3KWy3Gk7B/o9gddu79qNlI4ISYLSe6p0x0TSp 9c7am1POpYT/uz5zB3fLtqYbDo2Y+FI2oG7+c0REkOKFbHbwNouImUupNuVAdRzn7p2C dPw2WCalZG14K1OyilUMgYJy/COcTRfYoqLeU=

Dear all,

excuse me but I prevoiulsy posted an incorrect configuration.
The problem is that I tru to use a kerberos authentication but I got a blank page withe the only word "Unauthorized"
The configuration apache-kerberos is correct, but there is something in SOGo configuration in order to use kerberos credentials.
I hope that someone has already faced this type of problem.
Thanks in advance,
Marco B


In my SOGo.conf  I uncomment:

<Location /SOGo>
  AuthType Kerberos
  AuthName "Kerberos Login"
  KrbMethodNegotiate Off
  KrbMethodK5Passwd On
  KrbAuthRealms ####.IT
  KrbServiceName HTTP/
  Krb5KeyTab /etc/httpd/conf/keytab
  require valid-user
  Order allow,deny
  Allow from all
</Location>
 
and

  RequestHeader set "x-webobjects-remote-user" "%{REMOTE_USER}e"


My .GNUstepDefaults is

        <key>OCSFolderInfoURL</key>
        <string>mysql://sogo: :3306/sogo/sogo_folder_info</string>
        <key>SOGoACLsSendEMailNotifications</key>
        <string>YES</string>
        <key>SOGoAppointmentSendEMailNotifications</key>
        <string>YES</string>
        <key>SOGoDraftsFolderName</key>
        <string>Drafts</string>
        <key>SOGoFoldersSendEMailNotifications</key>
        <string>YES</string>
        <key>SOGoIMAPServer</key>
        <string>imaps://###.it:993/?tls=YES</string>
        <key>SOGoLanguage</key>
        <string>Italian</string>
        <key>SOGoMailDomain</key>
        <string>cnaf.infn.it</string>
        <key>SOGoProfileURL</key>
        <string>mysql://sogo: :3306/sogo/sogo_user_profile</string>
        <key>SOGoSentFolderName</key>
        <string>Sent</string>
        <key>SOGoTimeZone</key>
        <string>Europe/Rome</string>
        <key>SOGoTrashFolderName</key>
        <string>Trash</string>
        <key>SOGoTrustProxyAuthentication</key>
        <string>YES</string>
        <key>SOGoUserSources</key>
        <array>
            <dict>
                <key>CNFieldName</key>
                <string>cn</string>
                <key>IDFieldName</key>
                <string>uid</string>
                <key>UIDFieldName</key>
                <string>uid</string>
                <key>baseDN</key>
                <string>ou=people,ou=cnaf,o=infn,c=it</string>
                <key>canAuthenticate</key>
                <string>YES</string>
                <key>displayName</key>
                <string>Shared Addresses</string>
                <key>hostname</key>
                <string>131.154.128.32</string>
                <key>id</key>
                <string>public</string>
                <key>isAddressBook</key>
                <string>YES</string>
                <key>port</key>
                <string>389</string>
                <key>type</key>
                <string>ldap</string>
            </dict>
        </array>
    </dict>
</dict>
</plist>



2011/1/26 < " target="_blank"> >
Hi Marco,

to use external authentication like Kerberos you have to use HTTP Header in
front of SOGo:
http://www.sogo.nu/english/support/faq/article/how-to-use-webauth-with-sogo-2.html

There are a lot of examples in the Web for doing that. But the exact
configuration steps depend on your setup. Especially for Apache and Kerberos
there are a lot of how-tos.

esco




Archive powered by MHonArc 2.6.16.

Top of page