I just recently set up SquirrelMail connected to an existing Cyrus
2.1.15 installation. So far so good, things are working well.
However, I'd like to move towards a single sign-on model, and this
should be possible given that the clients are running Windows/IE and
authentication against a Samba domain controller. I believe I can set up
mod_ntlm in Apache to learn the remote user's name and pass that to
SquirrelMail, but then I need to get SquirrelMail successfully logged in
to the Cyrus mailbox for that user _without knowing the user's password_...
I can think of some possibilities:
- make SquirrelMail always log in as some type of "super user" in Cyrus
land, with authorization to access the user mailboxes
- somehow use NTLM authentication in Cyrus as well (although I don't
know if that could be made to work, seeing as Cyrus is not actually
talking to the real client)
- make Cyrus believe the IMAP connection is "preauthed" as user "x" and
not require any type of IMAP LOGIN
Anyone have any suggestions?
