Avoiding double-login for Roundcube located on a different server

chris445

Registered
Apr 2, 2020
4
0
1
United States
cPanel Access Level
Root Administrator
Hi All,
We've added our own webmail option to the cPanel webmail list. When the user clicks on it, we're redirecting him from cPanel to our external (non-cPanel) server, where we have Roundcube installed. The user logs into Roundcube on our server, which in turns logs in to IMAP on the original cPanel server.

So we're in essence replacing the basic version of Roundcube that comes with cPanel with an external version of Roundcube that includes a lot of additional skins and plugins.

What we'd like to do is avoid the double-login issue similarly to the way the 'cpanellogin' Roundcube login does.

We can get the following information from cPanel before redirecting the user to Roundcube on our server:

getenv('cp_security_token') -- for example: /cpsess9445373123 -- we can use this to create the return path to cPanel when someone logs out of Roundcube on our server.

$_ENV['REMOTE_USER'] -- the username we can use to log in to Roundcube

$_ENV['REMOTE_PASSWORD'] -- this gives us something like this: cpses_te2iaho33p[::cpses::]HVTpfuajgAPGrT8PenEo6tTfNBA25P6a

This REMOTE_PASSWORD string is used to automatically log in to the local cPanel version of Roundcube, so the user doesn't have to type their username password again.

The question is, how do we use this REMOTE_PASSWORD string to log in to cPanel's IMAP server from an external location? What is this format? Is it the user's password encrypted/hashed using one the methods used by Dovecot? Or is it something that's cPanel specific?

Thank you, any help would be appreciated.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
I believe disabling our Roundcube would be pretty simple by going to WHM>>Server Configuration>>Tweak Settings -> Enable Roundcube Webmail and select disable. This would remove our roundcube package.

The documentation here would be useful:
as well as: How to Customize Roundcube Webmail | cPanel & WHM Documentation

Further than that, these threads might be helpful?
 

chris445

Registered
Apr 2, 2020
4
0
1
United States
cPanel Access Level
Root Administrator
Thanks for the reply, Lauren, but that's not what we're asking about. We don't want to disable Roundcube; we want to know about the format of the string that cPanel puts into this PHP variable:

$_ENV['REMOTE_PASSWORD']

What does this string include? How can we use this string to log in to cPanel IMAP server?