[Kroupware] Kolab IMAP -> iCal

Jason A. Pattie pattieja at pcxperience.com
Fri May 30 15:40:41 CEST 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just to let you know, I just found this:

$PHP_AUTH_USER
$PHP_AUTH_PW

These apparently are available environment variables.  The way to access
them is by sending a "WWW-Authenticate: Basic realm=\"Whatever goes
here\"" inside a Header() call.  You can check to see if the
$PHP_AUTH_USER variable is set using the isset() function which will
then allow us to know whether or not this is the first time the
requesting application is requesting data.  If the USER and PW values
are incorrect (i.e., authentication to the IMAP server fails), we can
send back an additional Header() of "HTTP/1.0 401 Unauthorized".

- --------------

Since we would have access to the username and password entered at this
point, might it be possible to use that information to open a connection
to the IMAP server (however that is accomplished) passing the user's
credentials to that connection to authenticate to the IMAP server?  This
way, this script could be used for both imap->ical and ical->imap using
the actual user's information rather than having to setup a generic user
and an ACL, etc.

Jason A. Pattie wrote:
> Diego Rivera wrote:
>
>>Either today or tomorrow I'll be starting with the reverse process -
>>ical -> IMAP using a php page, so it's easier to deploy in the existing
>>framewok (in my mind at least).  I'll be using a rudimentary caching
>>mechanism to lessen the load where possible.
>>
>>I'm going to assume the use of a single "proxy user" that only has read
>>access to the users' Calendar folders is OK'd by everyone.  I'll do this
>>using ACL's so that access can also be denied to particular users.
>
>
> But I just found out yesterday how to authenticate using mod_perl to the
> webserver so you can use the username and password credentials to
> authenticate to the IMAP server.
>
> Also, if we go the route that the user of the data has to be used, there
> isn't that added administration of setting up the ACL for the "special"
> user, and I would hope, it increases the security of the process
> overall.  You should hopefully only be able to mess with one person's
> data if security is compromised rather than every person's data.
>
> --
> Jason A. Pattie
> pattieja at xperienceinc.com

- --
Jason A. Pattie
pattieja at xperienceinc.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQE+17O4uYsUrHkpYtARAsb/AJ9GR3h8+Cr02oF/y/iwoSAbnJZitQCdEJke
MaJHsZ4ntqqxmKGSnybcvtA=
=AwO5
-----END PGP SIGNATURE-----


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Kroupware mailing list