Custom Horde/IMP Code

This code implements single sign-on for Horde/IMP.
It employs a mySQL backend for authentication and includes the capability for
users to change their passwords.
Click here to download sso_passwd.tar.gz.
/**
 *     File: imp/_custom/INSTALL v1.0
 *  Created: 2002/04/15
 * Modified: 2002/04/15
 * See http://vkinetic.com/hordedev for current version and information.
 *
 * Copyright 2002 Ben Gerber <ben@vkinetic.com>
 * See http://www.fsf.org/copyleft/gpl.html for license information (GPL).
 *
 * This code is provided free of charge without warranty of any kind, either
 * expressed or implied, including, but not limited to, the implied warranties
 * of merchantability and fitness for a particular purpose.
 *
 */

This code implements single sign-on for Horde/IMP.
It employs a mySQL backend for authentication and includes the capability for
users to change their passwords.

This code is intended to require as little modification to standard Horde/IMP
code as possible to avoid interfering with existing and future Horde/IMP
functionality.

It has been tested with Horde 2.0 and IMP 3.0 using PHP 4.1.2.

Configuration and installation is documented in the file headers and summarized
below.


This distribution (sso_passwd.tar.gz) contains six files:

_custom/custom_imp_users.php

This provides the administrator with the ability to maintain records in the
table custom_imp_users, which contains the following columns:

            id -> the primary key
horde_user_uid -> the foreign key
                  (joins to the user's user_uid in horde_users)
  imp_imapuser -> the user's username for their POP3/IMAP account
      imp_pass -> the user's (encrypted) password for
                  their POP3/IMAP account
    imp_server -> the user's POP3/IMAP server as named in
                  imp/config/servers.php ($servers['name_of_the_server'])
       enabled -> enable / disable the user's login
  last_updated -> when the record was last updated


_custom/custom_passwd.php

This provides the user with the ability to change their passwords.


_custom/imp_sql_auth.php

This authenticates users with their user_uid and user_pass (md5) in horde_users;
and looks up their imp_imapuser, imp_pass, and imp_server in custom_imp_users
for the standard IMP code to authenticate against (and access) the user's
POP3/IMAP account.


_custom/key.php

This contains a symmetric key to encrypt/decrypt the POP3/IMAP passwords stored
in the database.


_custom/.htaccess

This restricts access via http to the imp/_custom directory (see your web
server's documentation and horde/docs/INSTALL).


_custom/INSTALL

This file contains the text you are reading right now.


Configuration and installation overview:

Extract the files:
tar zxvf sso_passwd.tar.gz


Move them to the Horde and IMP web roots:
mv _custom/custom_imp_users.php horde/admin/
mv _custom/custom_passwd.php horde/imp/
mv _custom horde/imp/

(Do not forget to chmod the files as required to maintain your Horde/IMP
implementation's security.)


Create the custom table (custom_imp_users), refer to imp_sql_auth.php.


In imp/_custom/imp_sql_auth.php set the database values.
(Setting $_custom_enable_custom_auth to false turns off custom authentication.)


In horde/admin/custom_imp_users.php set the database values and the path to
key.php.


In imp/custom_passwd.php set the database values and whether you want failed
attempts and/or successes e-mailed to an administrator
(and set the administrator's e-mail address).


In imp/_custom/key.php set $_custom_key to a secret (symmetric) key.


In horde/templates/admin/index/admin.inc add a link to
horde/admin/custom_imp_users.php (refer to horde/admin/custom_imp_users.php).
If you do not add a link to this page -- you can access it directly with IE,
however Netscape may require the Horde session to be passed to the page
(example of passing the session:
http://example.com/horde/admin/custom_imp_users.php?Horde=d77c34c25a6916dcdc7033d18376360a)


Login to Horde as the administrator.


Create (at least) the administrator's account in horde_users
(via horde/admin/user.php or via mysql client).


Insert the administrator's POP3/IMAP account information into custom_imp_users
via horde/admin/custom_imp_users.php.

(The administrator must be a valid user in custom_imp_users.
When IMP is handling the authentication for Horde it is the IMP user
(imp_imapuser) that is returned by Auth::getAuth().
In horde/config/horde.php set the administrator's imp_imapuser:
$conf['auth']['admins'] = array(admin-imp_imapuser);.)


Add a single line of code to imp/lib/IMP.php
(refer to imp/_custom/imp_sql_auth.php).


Set authentication for Horde to be handled by IMP
(in horde/config/registry.php).


Enable ['server']['server_list'] and ['server']['server_list_hidden']
in imp/config/conf.php; this produces a login screen requiring only a username
and password.


Add imp/custom_passwd.php to imp/config/menu.php
(refer to imp/custom_passwd.php).


Operation:

The administrator maintains users' login accounts via standard Horde's
horde/admin/user.php (horde_users table).


The administrator maintains the users' corresponding POP3/IMAP account
information via horde/admin/custom_imp_users.php (custom_imp_users table).


Users click on the password icon on the IMP menu to change their login password
(horde_users table).


That's all folks!