Login: HTTP Authentication plugin for SquirrelMail ================================================== Ver 2.0, 06/10/04 Original Author: Tyler Akins Updated By: Paul Lesneiwski Description =========== If you keep SquirrelMail behind a password-protected directory on your web server and if PHP has access to the username and password used by the web server, this plugin will bypass the login screen and use that username/password pair. Note that this means that you must keep your usernames and passwords in synch between your web server's authentication file (typically .htpasswd for Apache) and your IMAP server! If both username/password stores do not contain the same information, your users will not be able to log in without entering the two different sets of usernames and passwords! If you have not password-protected your SquirrelMail directory, this plugin will turn itself off, and logins will work as they normally do using the SquirrelMail login page. Help Requests ============= Help requests are welcome at my personal email address, but I request that you first post to the SquirrelMail Plugins mailing list, where you'll get faster help from more people and other people with the same problem will be able to see how your issue was resolved. If you don't get good answers that way, you may try emailing me directly. Info about the SquirrelMail Plugins mailing list can be found on the SquirrelMail web site. It is currently located at: http://lists.sourceforge.net/mailman/listinfo/squirrelmail-plugins squirrelmail-plugins@lists.sourceforge.net Change Log ========== 2.0 (06/10/04) - Paul Lesneiwski * Rewrote the whole plugin so that it works as a normal plugin (as opposed to a bit of a hack) * If username/password pairs don't match, SquirrelMail's login page is correctly shown again * Conformance with SquirrelMail plugin requirements and other cleanup 1.1 - Removed serious security issue -- the password was being logged in the web server logs. 1.0 - Initial version