Click here to download sso_passwd.tar.gz.
/** * File: imp/_custom/INSTALL v1.0 * Created: 2002/04/15 * Modified: 2002/04/15 * See http://vkinetic.com/hordedev for current version and information. * * Copyright 2002 Ben Gerber <ben@vkinetic.com> * See http://www.fsf.org/copyleft/gpl.html for license information (GPL). * * This code is provided free of charge without warranty of any kind, either * expressed or implied, including, but not limited to, the implied warranties * of merchantability and fitness for a particular purpose. * */ This code implements single sign-on for Horde/IMP. It employs a mySQL backend for authentication and includes the capability for users to change their passwords. This code is intended to require as little modification to standard Horde/IMP code as possible to avoid interfering with existing and future Horde/IMP functionality. It has been tested with Horde 2.0 and IMP 3.0 using PHP 4.1.2. Configuration and installation is documented in the file headers and summarized below. This distribution (sso_passwd.tar.gz) contains six files: _custom/custom_imp_users.php This provides the administrator with the ability to maintain records in the table custom_imp_users, which contains the following columns: id -> the primary key horde_user_uid -> the foreign key (joins to the user's user_uid in horde_users) imp_imapuser -> the user's username for their POP3/IMAP account imp_pass -> the user's (encrypted) password for their POP3/IMAP account imp_server -> the user's POP3/IMAP server as named in imp/config/servers.php ($servers['name_of_the_server']) enabled -> enable / disable the user's login last_updated -> when the record was last updated _custom/custom_passwd.php This provides the user with the ability to change their passwords. _custom/imp_sql_auth.php This authenticates users with their user_uid and user_pass (md5) in horde_users; and looks up their imp_imapuser, imp_pass, and imp_server in custom_imp_users for the standard IMP code to authenticate against (and access) the user's POP3/IMAP account. _custom/key.php This contains a symmetric key to encrypt/decrypt the POP3/IMAP passwords stored in the database. _custom/.htaccess This restricts access via http to the imp/_custom directory (see your web server's documentation and horde/docs/INSTALL). _custom/INSTALL This file contains the text you are reading right now. Configuration and installation overview: Extract the files: tar zxvf sso_passwd.tar.gz Move them to the Horde and IMP web roots: mv _custom/custom_imp_users.php horde/admin/ mv _custom/custom_passwd.php horde/imp/ mv _custom horde/imp/ (Do not forget to chmod the files as required to maintain your Horde/IMP implementation's security.) Create the custom table (custom_imp_users), refer to imp_sql_auth.php. In imp/_custom/imp_sql_auth.php set the database values. (Setting $_custom_enable_custom_auth to false turns off custom authentication.) In horde/admin/custom_imp_users.php set the database values and the path to key.php. In imp/custom_passwd.php set the database values and whether you want failed attempts and/or successes e-mailed to an administrator (and set the administrator's e-mail address). In imp/_custom/key.php set $_custom_key to a secret (symmetric) key. In horde/templates/admin/index/admin.inc add a link to horde/admin/custom_imp_users.php (refer to horde/admin/custom_imp_users.php). If you do not add a link to this page -- you can access it directly with IE, however Netscape may require the Horde session to be passed to the page (example of passing the session: http://example.com/horde/admin/custom_imp_users.php?Horde=d77c34c25a6916dcdc7033d18376360a) Login to Horde as the administrator. Create (at least) the administrator's account in horde_users (via horde/admin/user.php or via mysql client). Insert the administrator's POP3/IMAP account information into custom_imp_users via horde/admin/custom_imp_users.php. (The administrator must be a valid user in custom_imp_users. When IMP is handling the authentication for Horde it is the IMP user (imp_imapuser) that is returned by Auth::getAuth(). In horde/config/horde.php set the administrator's imp_imapuser: $conf['auth']['admins'] = array(admin-imp_imapuser);.) Add a single line of code to imp/lib/IMP.php (refer to imp/_custom/imp_sql_auth.php). Set authentication for Horde to be handled by IMP (in horde/config/registry.php). Enable ['server']['server_list'] and ['server']['server_list_hidden'] in imp/config/conf.php; this produces a login screen requiring only a username and password. Add imp/custom_passwd.php to imp/config/menu.php (refer to imp/custom_passwd.php). Operation: The administrator maintains users' login accounts via standard Horde's horde/admin/user.php (horde_users table). The administrator maintains the users' corresponding POP3/IMAP account information via horde/admin/custom_imp_users.php (custom_imp_users table). Users click on the password icon on the IMP menu to change their login password (horde_users table). That's all folks!