|
List Info Thread: Re: shibbolising dbmail possible?
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
Re: shibbolising dbmail possible? |
|
List Info Thread: Re: shibbolising dbmail possible?
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
mh-itc.de> said:
>> the username is available. The dbmail-imap server
gets the request
>> > for user joe and should deliver the mails,
without password.
>> Why not propagate the users password to the imap
server, and use it
>> for authenticating? It should not be that hard
>> to keep Shibboleth and dbmail's authentication
table in sync.
>
>
> thats not how shibboleth is working .... as far as i
can say the framework
> only tells the webapp the user is authenticated. it is
also possible to
> exchange some attributes. something like the user is
authorized to read all
> books from categories A-C but not from D-F. A password
exchange is not
> possible. So this is no option.
> For sure it is possible (with a propper set up identity
management) to keep
> the passwords in sync.
These sorts of systems work by giving a username and an
authorization
code. The application server then checks with the
authentication server
and says, "I got this username and this authorization
code, is it valid?"
and the auth server says yes or no. It's one level of
abstraction away
from actually keeping password lists all over the place.
Aaron
_______________________________________________
DBmail mailing list
DBmail