Single Sign on

Hello folks,

I am trying to do a major migration (75.000 users/mailboxes)from exchange to zimbra but the pilot has to be succesfull.

My biggest concern now is single sign on with kerberos.

our network is based on active directory and an opensource authentication server with a trust to the windows domain. Both authentication servers are based on kerberos version 5.

I have searched the forums the wiki's and the official documentation but i cannot find a satisfying answer to my question.

Does zimbra do single sign on to the web portals? Does zimbra do single sign on from the desktop and does it do single sign on from outlook/evolution?

If it does can someone point me to some documentation which i probably have missed.

With kind regards,

William

Welcome to the forums.

The documentation you're looking for is Preauth, it's in the wiki here: Preauth - Zimbra :: Wiki

that is something but i already have a kerberos setup wich works fine.

i hoped that zimbra could use kerberos tickets with a keytab file so i wouldn't have to do something special like the preauth keys and stuff.

Are there no other possibilities?

With kind regards

Well i have looked to the preauth thing but thats not what i wanna do/mean.

I have i few web apps who do single sign on right now.

The browsers do support spnego/gss-api which provides a challenge response authentication. I have setup a few webapps like mantis which can see if a user is logged on with mod_auth_kerb if so then the username is set in apache, then zimbra could look if the username is set and consider the authentication succesfull if the user also exists in the zimbra ldap server.

I don't think that should be hard to implement but i don't have the time right now to look at it.


Do you folks know if that should be possible?

could it be a feature request?

With kind regards

William van de Velde

bump !

Does someone has an idea about the above?

With kind regards

William van de Velde