Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:28582 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 73068 invoked by uid 1010); 24 Mar 2007 05:32:45 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 73053 invoked from network); 24 Mar 2007 05:32:45 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 24 Mar 2007 05:32:45 -0000 Authentication-Results: pb1.pair.com smtp.mail=backports@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=backports@gmail.com; sender-id=pass; domainkeys=bad Received-SPF: pass (pb1.pair.com: domain gmail.com designates 64.233.162.224 as permitted sender) DomainKey-Status: bad X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01 X-PHP-List-Original-Sender: backports@gmail.com X-Host-Fingerprint: 64.233.162.224 nz-out-0506.google.com Linux 2.4/2.6 Received: from [64.233.162.224] ([64.233.162.224:27394] helo=nz-out-0506.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id B8/36-18427-BF7B4064 for ; Sat, 24 Mar 2007 00:32:44 -0500 Received: by nz-out-0506.google.com with SMTP id k1so1008405nzf for ; Fri, 23 Mar 2007 22:32:41 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=t35wG3uDLHGVg8Wdfv9s63X5srIx4WPBgDgFVggAhnOUB4jX36eLNDNyhOk1toslJpJMN8EDRIFVVmU2sYOZ/42WT3ScE+G6Fzw4ha0khcSuVSg+huwhZtP7Hh45o/B1vQ7cvvl30k3kM02aqqwYQ1tGsmrlVuYYQ85EJQIAL8I= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=J/0Pr9WzPYLAe0CEyQlVY2yQy8JCtiHU5fY2CfNyjEdzant/p+vhD7BltNXre9rDkFfHEYFhKV30/rkYOvNtnkpair14jFGBeYlo5kphvEEJgnHWo1C/zRZ9Xsa9VbKmp3CuM7PYcXUiPKw2KazMaMqwFi/irVtQcM99S6+Bhfo= Received: by 10.64.204.19 with SMTP id b19mr8231777qbg.1174714361484; Fri, 23 Mar 2007 22:32:41 -0700 (PDT) Received: by 10.64.3.8 with HTTP; Fri, 23 Mar 2007 22:32:41 -0700 (PDT) Message-ID: <3e1c67bc0703232232x7eece58foc05c0bb1319192b1@mail.gmail.com> Date: Sat, 24 Mar 2007 10:32:41 +0500 To: "Michael B Allen" Cc: internals@lists.php.net In-Reply-To: <20070322153530.01de5971.mba2000@ioplex.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <3e1c67bc0703220002x12faf6c6oa6f5796603f31561@mail.gmail.com> <20070322153530.01de5971.mba2000@ioplex.com> Subject: Re: [PHP-DEV] Bug # 33500 | imap auth fails when server advertises gssapi From: backports@gmail.com ("Back Ports") Mike, Thanks for your reply. On 3/23/07, Michael B Allen wrote: > On Thu, 22 Mar 2007 12:02:50 +0500 > "Back Ports" wrote: > > > Hi all, > > > > Is there any progress on the following bug report: > > > > http://bugs.php.net/bug.php?id=33500&thanks=6 > > > > It was reported quite a while ago -- I also saw a relevant post on the > > mit kerberos mailing list where discussed patches fixed the issue, > > however, they appear impossible to track down. > > > > http://mailman.mit.edu/pipermail/kerberos/2006-April/009629.html > > I'm not a php dev and I don't know the status of this bug but I have a > possible solution for you anyway. > > If you're on an Active Directory network (very possible if your IMAP > server is offering GSSAPI) then you could use our product to get the > necessary credential so that the IMAP extension's GSSAPI auth works. We're on MIT kerberos, openldap & dovecot is the imap server. Our gssapi bit works well for all clients, etc. -- it's only the php imap call which chokes. > With our Plexcel PHP extension (see sig) you can acquire Kerberos > credentials in three ways - 1 Single Sign-On (the delegated credential > from the web client); 2 use the HTTP service account cred; or 3 explicit > logon with username and password. The problem is that php doesn't go ahead and try plain auth if gssapi doesn't work out -- I don't think supplying krb5 credentials would work -- however, I will go ahead and give that a shot. We're using stanford's webauth and a user ticket can easily be made available when trying gssapi. ldap_sasl_auth() doesn't support gssapi either, though my earlier post to this list ended up on a web site somewhere with a note saying 'theoretically it's possible'. Appreciate your help. mustafa.