Mailing List CGatePro@mail.stalker.com Message #92157
From: Adrian Centeno Arias <ultimasilverphoenix@hotmail.com>
Subject: RE: Integration with your Invironment
Date: Fri, 10 Aug 2007 20:39:44 +0000
To: <CGatePro@mail.stalker.com>

>CGPro can "integrate" in a couple ways:
>
>1. If you're running on a Windows-based server, you can authenticate
>accounts through the OS Password using their domain password, assuming you
>can tie the account names directly to AD.
>
>2. It can, with the right setup, use AD as it's directory server and thus
>provide direct provisioning of accounts through AD. I can't comment on the
>correct setup of this, though I expect it would involve extending the AD
>schema to support CGPro.
>
>3. It can, with appropriate script coding, use LDAP to connect to AD to
>authenticate users (see cgAuthLDAP.pl on www.stalker.com/CGPerl which
>requries a small mod for authentication to AD), and if said external
>authentication script implemented the NEWUSER feature, could cause new
>accounts to be added automatically the first time they authenticate or
>receive a message. Doing any of this currently limits the authentication
>methods CGPro can support to "plain text login" since in order to
>authenticate, the script needs to know the password, which isn't passed in
>any other authentication method.
>
>With options 1 and 2, in theory, you can set up kerberos authentication so
>that logged-in users aren't required to separately authenticate with CGPro.
>I say "in theory" because I have yet to make this work here, but a few
>others have been successful at doing it.
>
>HTH,
>Bret

Ok, Thanks a lot for that information. I appreciate it.

Now I have onother question about the kerberos Authenticaition.

I guided myself today using cgpguide pdf. I Have a windows server 2003 [SAVGATE.LOCAl] which is the Domain Controller (AD). (192.168.4.10)

I have the CGPro server in another domain [cgpro.linux.local], in a linux computer. (10.10.10.8)

I went and after installing the support tools in de Win. server (I needed ktpass), I created a user under Administrative Tools --> Active Directory Users and Computers in the user map. And then I made the keytab.

ktpass -princ imap/linux.local@SAVGATE.LOCAL -mapuser cgatepro -pass 1!2@3$ -out keytab.data -crypto DES-CBC-MD5 -ptype KRB5_NT_SRV_HST

I imported this keytab to CGPRO webinterface under Users, Domains, CGPro.linux.local, Security, Kerberos.

Now I am trying to log in in webmail with this users and it does not work.

I may be so that I made a mistake somewhere or that I am not finished with the authentication.

Or did I misunderstood the whole point of kerberos authentication?



MSN Latino: el sitio MSN para los hispanos en EE.UU. ˇVisítanos hoy!
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster