If you aren't sure what CAS is, check out: http://www.jasig.org/cas This is a fork of Alex Li's cas_authentication plugin. (http://code.google.com/p/rc-cas-plugin) We share some of the same config names so we should not be run together. The main differences are: - This plugin should work with stock Roundcube 0.6+ - This plugin can be configured to not force all users to have to use CAS - This plugin supports using a CAS proxy ticket for SMTP authn This plugin has been tested and works with the following: - Roundcube 0.6-0.8 - RHEL (specifically, Oracle Enterprise Linux) 6.1-6.2 x64 - DEBIAN Squeeze 2.6.26 x64 - JASIG CAS 3.3.2, 3.4.11, 3.4.14 (http://www.jasig.org/cas) - pam_cas (https://sourcesup.cru.fr/frs/?group_id=213, Pam_cas-2.0.11-esup-2.0.5.tar.gz) - phpCAS 1.2.2 (php-pear-CAS from EPEL) - up-imapproxy 1.2.7 (http://www.imapproxy.org) - Dovecot 2.0.13 (http://dovecot.org) Setup is very similar to most Roundcube plugins. Copy cas_authn to your Roundcube plugin directory. Then, copy config.inc.php.dist to config.inc.php, edit for your environment, and activate the plugin. Some things to be aware of: - This plugin assumes your IMAP server can authenticate (a) CAS proxy tickets (if cas_proxy is true) - or - (b) any user using the "master" password (if cas_proxy is false and cas_imap_password is set). For (a), the most common way to do this is with pam_cas. See http://www.esup-portail.org/consortium/espace/SSO_1B/tech/cas/cas_pam.html for help configuring and testing that. (It is in French, but Google Translate does a good job.) - If cas_proxy is true and Roundcube is set to authenticate to SMTP, this plugin will generate a PT for your SMTP service and send that to the SMTP server. As with IMAP, you should test this via telnet to make sure your SMTP server is validating CAS tickets. - If you are running Roundcube on multiple servers behind a load balancer and cas_proxy is true, your PGTIOU storage must be shared; when the CAS server does the PGT callback there is no guarantee (unless you do something special) that it will hit the same host the user is on. And if you're not sure what "PGT callback" is, check out https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough especially the PDF linked at the bottom.
f51902d2 · by