Gary: I've already got an ugly hack ready - we did something similar to use squirrelmail against our GSSAPI IMAP server. We use the imtest helper program to open the GSSAPI-authenticated session (passing in the Kerberos credential file that we got from the pubcookie module). We passed that file descriptor back into squirrelmail, bypassing the normal connection open.
I'd like to something similar in roundcube, but it's pretty difficult using only plugins. I can certainly set up my own imap_connect hook that would open the proper connection, but I don't see any way to put the resulting file descriptor into the imap object, since all that stuff is private to the rcube_imap_generic module.
I'll admit that I'm not a PHP expert here, so maybe I'm looking at it all wrong.
Tod Pike
Gary Mort wrote:
Interesting....I learned a lot of new stuff, but in the end Roundcube has it's own imap functions instead of using the ones built into PHP and they don't support GSSAPI so I don't see anyway to do this short of an ugly hack.
The ugly hack would call for you to extend the HTTP authentication module and modify it to detect when someone has logged on via pubkey...then use the imap_connect event to change the userid/password from the userid for the specific user, to a system userid that has access to everyone's mailboxes.
The best way to do this would be to extend the imap functions to support gssapi when authenticating. But that would require hacking the source files.