community.egroupware.org: Community wiki

  
Community wiki
Mail Auth

Quick intro to setting up mail auth on a new install.

Note: Unless you are quite certain that all of your eGroupWare user accounts have the exact same username/passwords as you main server you should NOT switch an existing install to mail auth.

  1. Install eGroupWare using SQL account.
  2. Once everything works, create your "admin" email account, this account login name and password must already exsist on the mail server, and add this new user to the Admin group and make sure access is granted to the Administration app either through the Admin group or directly on the account. Alternatively, in setup you can just use this login name for the admin acocunt, if you do so skip Step 3.
  3. Logout and login as the new user. You should now delete the original Admin account.
  4. Now setup the Email server settings in Adminitration and make sure the email app works without using the Custom email settings in the user prefs. DO NOT CONTINUE UNTILL THIS WORKS!!
  5. You are now ready to switch to mail auth. Change your eGroupWare password to something other than what's on the email server. This will cause email to not work for now but will help to verify that mail auth is indeed working once the change is made. Logout and Login to Setup/Config and change the setting in the Step2 section.
  6. Log back in normally this time using your mail server password. Email and everything else should work normally. You will notice that there is no longer an option to change your password, all password changes will now have to be done on the mail server. Also, when adding new users you may enter whatever you want for the passord in eGroupWare, this password will be forever ignored.

PROs: Simplify account management by centralizing passwords.
CONs: You can no longer have users in eGroupWare that don't have a mail account. Login time will increase very slightly due to the overhead involved in conecting to the mail server but this will not be noticed on most systems.

The CONs can be slightly helped by changing the authentication by application (in 1.6 at least). For example the web pages and rss feed can be still allowed anonymous access without a mail account for anonymous by adding into database a config value using direct SQL command like "insert into egw_config values ('phpgwapi', 'auth_type_sitemgr-link', 'sql');" You'll still need to create the account "anonymous" with password "anonymous" and access to Website. Any other users will also be forced to the backend, but they'll be authenticated using a cached password.

more information about multiple-account-creation

You are here