[dev] Renew Horde credentials for each IMP login
Michael M Slusarz
slusarz at horde.org
Thu Dec 18 15:37:54 UTC 2014
Quoting SSRI <ssri_abo at u-paris2.fr>:
> Michael M Slusarz <slusarz at horde.org> a écrit :
>
>> Quoting SSRI <ssri_abo at u-paris2.fr>:
>>
>>> Michael M Slusarz <slusarz at horde.org> a écrit :
>>>
>>>> Quoting SSRI <ssri_abo at u-paris2.fr>:
>>>>
>>>>> Michael M Slusarz <slusarz at horde.org> a écrit :
>>>>>
>>>>>> Quoting SSRI <ssri_abo at u-paris2.fr>:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> We've built a custom authentication driver that provides Horde
>>>>>>> a One-Time password (OTP) : this password will allow only one
>>>>>>> login to IMAP server.
>>>>>>>
>>>>>>> How do you force the authentication driver to renew
>>>>>>> credentials for each IMP login ? We didn't find any
>>>>>>> OTP-compatible authentication driver included in Horde.
>>>>>>
>>>>>> Do you mean on every IMP access?
>>>>>
>>>>> Yes
>>>>>
>>>>>>
>>>>>> If so, your best bet is to use the 'pushapp' hook - grab the
>>>>>> IMP_Imap object using the IMP_Imap factory and set the password
>>>>>> in the Horde_Imap_Client object using setParam('password',
>>>>>> Password Object).
>>>>>>
>>>>>
>>>>> Ok.
>>>>>
>>>>> And should I grab the new password with Horde_Core_Factory_Auth (
>>>>> calling
>>>>> $GLOBALS['injector']->getInstance('Horde_Core_Factory_Auth')->create()
>>>>> ) inside the pushapp hook ?
>>>>
>>>> Don't know what you are asking for here. If you designed/created
>>>> the system to generate a new IMAP password, you should get the
>>>> new password from that system. This has nothing to do with Horde
>>>> authentication, as far as I can tell.
>>>>
>>>
>>> The system to generate the new IMAP password is in the Auth driver
>>> ... Wouldn't be easier ( cleaner ? ) if Horde authentication
>>> system would allow to update credentials inside an auth driver ?
>>
>>
>> No.
>>
>> The problem is that we may be using cached information that relies
>> on the previous auth credentials. There is currently no way of
>> broadcasting that the auth credentials has changed for a certain
>> application that is guaranteed to update this cached information
>> everywhere.
>>
>> This is why we require a brand new session when changing a password
>> via the passwd application, for example.
>>
>
> What about invalidate the current auth with validateAuth() function
> inside the auth driver ?
This was already discussed. Changing the auth credentials in the
authentication object does NOT remove other cached bits that may be
using the old data.
> Wouldn't be too heavy to have a brand new session for each password
> renewing ?
We *do* have a brand new session for each password change, so I guess
I'm not seeing what you are asking here.
michael
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the dev
mailing list