Mailing List CGatePro@mail.stalker.com Message #92738
From: Darren Sundborg <d.sundborg@ukintpress.com>
Subject: RE: Passwords
Date: Wed, 26 Sep 2007 15:12:59 +0100
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: CommuniGate Pro MAPI Connector 1.2.9/1.2.10
Hi

Thanks for everyones support so far...

I have followed Message #91168 and have this error in the log..

15:07:11.377 2 EXTAUTH launching /root/bin/authPAM.pl
15:07:11.381 2 EXTAUTH '/root/bin/authPAM.pl' launched
15:07:11.387 2 EXTAUTH reading finished
15:07:11.387 1 EXTAUTH reading failed: Error Code=external helper output
closed
15:07:11.387 2 EXTAUTH task terminated. retCode=13
15:07:23.385 2 EXTAUTH '/root/bin/authPAM.pl' relaunching
15:07:23.385 2 EXTAUTH launching /root/bin/authPAM.pl
15:07:23.389 2 EXTAUTH '/root/bin/authPAM.pl' launched
15:07:23.394 2 EXTAUTH reading finished
15:07:23.394 1 EXTAUTH reading failed: Error Code=external helper output
closed
15:07:23.394 2 EXTAUTH task terminated. retCode=13


Any ideas would be most grateful...

 
 
Disclaimer
 
================================================================
This email (which includes any files transmitted with it) is
confidential and may also be legally privileged.
It is intended solely for the use of the individual to whom it is
addressed. Any views or opinions presented are solely those of the
author and do not necessarily represent those of UKIP Media & Events
Ltd.
 
If you are not the intended recipient, be advised that any use,
dissemination, forwarding, printing, or copying of this email is
strictly prohibited. If you have received this message in error, do not
open any attachment but please notify the sender (above) deleting this
message from your system. Please rely on your own anti-virus system, no
responsibility is taken by the sender for any damage rising out of virus
infection.
 
UKIP Media & Events Ltd.
Registered Address: 82 St John Street, London EC1M 4JN VAT No. GB879
4451 71 Registration Number: 5893940 Company registered in England and
Wales
 
 
-----Original Message-----
From: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com] On
Behalf Of Bret Miller
Sent: 25 September 2007 23:39
To: CommuniGate Pro Discussions
Subject: Re: Passwords

> On Tue, 2007-09-25 at 16:44 +0100, Martin.Hepworth wrote:
> > http://lists.communigate.com/Lists/CGatePro/Message/91168.html
> > and other things in archive about handling AD/Kerberos
> authentication well.
>
> Bearing in mind that Darren has been chewing his own legs off in the
> past over the local inability (not his, but local nonetheless) to get
> full client/server Kerberos to work, might I suggest that:
>
> 1. If you (Darren) are running CGP on Linux, then you can use the PAM
> module pam_krb5 to authenticate against your Active Directory for you
> via an external authenticator. This is what we do for Webmail.
>
> 2. If you (Darren) are running CGP on Windows, then run it on a domain
> controller or promote your CGP server to be a domain
> controller and then authenticate against the local system.

OS Password authentication (built in to CGPro) works even if the server
is simply a member server in the domain. We set the account in the
domain account defaults to *%addomain (ours is *%hq.wcg.org) and the
authentication just works (as long as users don't try SASL methods).

Users still have to change the password stored in their Outlook account
every time they change their windows password. Kerberos would solve
that, but I haven't had the time to get back to that. The big reason it
failed to begin with is that my CGPro server address resolves to a
public address and kerberos requires it to resolve to the private
(behind firewall) address. I'm fairly sure the rest can be worked out
now that I've solved the basic block on it, and perhaps this will help
Darren too.

>
> Alternatively, use the method John Rudd just posted.
>
> Our external authenticator does something similar to that simply so we
> have a copy of up-to-date passwords kept within CGP itself -
> this way we
> can make use of challenge/response or SASL methods such as
> those used by
> SIP, XIMSS et al.


Bret




#############################################################
This message is sent to you because you are subscribed to
  the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to
<CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>



Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster