[horde] Sending 401 [pid xxx on line 158 of .../Horde/Rpc/ActiveSync.php

Michael J Rubinsky mrubinsk at horde.org
Wed Jan 20 16:59:02 UTC 2016 

Quoting Simon B <simon.buongiorno at gmail.com>:

> On 20 Jan 2016 13:48, "Michael J Rubinsky" <mrubinsk at horde.org> wrote:
>>
>>
>> Quoting Simon B <simon.buongiorno at gmail.com>:
>>
>>> Hi
>>>
>>> Yesterday I upgraded Prod to:
>>> Address Book Address Book (turba) 4.2.11
>>> Calendar Calendar (kronolith) 4.2.11
>>> content 2.0.5
>>> Filters Filters (ingo) 3.2.7
>>> Horde Horde (horde) 5.2.8
>>> Mail Mail (imp) 6.2.11
>>> Notes Notes (mnemo) 4.2.8
>>> Password Password (passwd) 5.0.4
>>> Tasks Tasks (nag) 4.2.6
>>> timeobjects 2.1.0
>>>
>>> This morning, I have this in my logs..
>>>
>>> 2016-01-19T06:13:50+00:00 ERR: HORDE-PROD Sending 401 [pid 14588 on line
>>> 158 of "/usr/share/php/Horde/Rpc/ActiveSync.php"]
>>> 2016-01-19T06:28:52+00:00 ERR: HORDE-PROD Sending 401 [pid 14592 on line
>>> 158 of "/usr/share/php/Horde/Rpc/ActiveSync.php"]
>>> 2016-01-19T06:43:54+00:00 ERR: HORDE-PROD Sending 401 [pid 14721 on line
>>> 158 of "/usr/share/php/Horde/Rpc/ActiveSync.php"]
>>> 2016-01-19T06:58:55+00:00 ERR: HORDE-PROD Sending 401 [pid 21453 on line
>>> 158 of "/usr/share/php/Horde/Rpc/ActiveSync.php"]
>>> 2016-01-19T07:13:58+00:00 ERR: HORDE-PROD Sending 401 [pid 14683 on line
>>> 158 of "/usr/share/php/Horde/Rpc/ActiveSync.php"]
>>> 2016-01-19T07:28:59+00:00 ERR: HORDE-PROD Sending 401 [pid 21524 on line
>>> 158 of "/usr/share/php/Horde/Rpc/ActiveSync.php"]
>>> 2016-01-19T07:44:01+00:00 ERR: HORDE-PROD Sending 401 [pid 14592 on line
>>> 158 of "/usr/share/php/Horde/Rpc/ActiveSync.php"]
>>> 2016-01-19T07:59:02+00:00 ERR: HORDE-PROD Sending 401 [pid 14592 on line
>>> 158 of "/usr/share/php/Horde/Rpc/ActiveSync.php"]
>>> 2016-01-19T07:59:49+00:00 ERR: HORDE-PROD Sending 401 [pid 21529 on line
>>> 158 of "/usr/share/php/Horde/Rpc/ActiveSync.php"]
>>> 2016-01-19T08:14:02+00:00 ERR: HORDE-PROD Sending 401 [pid 21454 on line
>>> 158 of "/usr/share/php/Horde/Rpc/ActiveSync.php"]
>>> 2016-01-19T08:29:05+00:00 ERR: HORDE-PROD Sending 401 [pid 25042 on line
>>> 158 of "/usr/share/php/Horde/Rpc/ActiveSync.php"]
>>> 2016-01-19T08:29:07+00:00 ERR: HORDE-PROD Sending 401 [pid 25047 on line
>>> 158 of "/usr/share/php/Horde/Rpc/ActiveSync.php"]
>>> 2016-01-19T08:33:42+00:00 ERR: HORDE-PROD Sending 401 [pid 25047 on line
>>> 158 of "/usr/share/php/Horde/Rpc/ActiveSync.php"]
>>> 2016-01-19T08:33:45+00:00 ERR: HORDE-PROD Sending 401 [pid 25047 on line
>>> 158 of "/usr/share/php/Horde/Rpc/ActiveSync.php"]
>>>
>>> Going back to the minute I restarted Apache yesterday after doing the
>>> upgrade..
>>>
>>> I don't see anything here that would cause an issue:
>>> 157             } catch (Horde_Exception_AuthenticationFailure $e) {
>>> 158                 $this->_sendAuthenticationFailedHeaders($e);
>>> 159                 exit;
>>>
>>> Thanks.
>>>
>>> Simon
>>
>>
>> Looks like some client is constantly sending incorrect authentication
> data.
>
> Hi Mike
>
> I find that hard to believe given the timing.

Well, the only way for that code to be reached is if authentication  
failed. Failure can happen in a number of ways - some of which will  
give you more detailed logging in the actual sync log (such as denying  
access per policy settings - though those give a 403 response IIRC),  
and not the general horde log. You can also look in the webserver log  
to see which client is issuing the requests.

>  And the fact that a Google
> search didn't turn anything up.

Why would google search turn up someone using an incorrect password?

> My user can't be the first user to have
> ever had a mis-configured client.  Additionally, I know no one changed
> their password yesterday.
>
> However, couldn't it say that instead?  From the log entries supplied it's
> impossible to tell which user/client has the issue.

Say what? HTTP 401 *is* an authentication denied code. We don't have  
any other details at that point in the failure to indicate which user  
it is because, well, the user isn't authenticated. The server log will  
show you the actual request - which would include the client's  
identification. In addition, a well-behaving client will tell the user  
it received a 401 response - and prompt the user for his/her  
credentials.



-- 
mike
The Horde Project
http://www.horde.org
https://www.facebook.com/hordeproject
https://www.twitter.com/hordeproject
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5751 bytes
Desc: S/MIME Signature
URL: <http://lists.horde.org/archives/horde/attachments/20160120/1d45d692/attachment.bin>

More information about the horde mailing list