[Tickets #10892] Password not change in memory

bugs at horde.org bugs at horde.org
Fri Dec 30 09:43:02 UTC 2011


Ticket URL: http://bugs.horde.org/ticket/10892
  Ticket             | 10892
  Created By         | azurit at pobox.sk
  Summary            | Password not change in memory
  Queue              | Passwd
  Version            | 4.0
  Type               | Bug
  State              | Unconfirmed
  Priority           | 3. High
  Milestone          |
  Patch              |
  Owners             |

azurit at pobox.sk (2011-12-30 09:43) wrote:


we are havign problems with password changing - is it correctly  
changes on IMAP server but not in memory in Horde, so session is  
broken and user must relogin (with new password). This is, maybe,  
happening cos we are using memcached for sessions inside PHP.

I started to digging deeper into this and i found out something
interesting. When password is changed it is reseted in cache via
resetCredentials function. This function is reseting password stored
in memory (in session). Problem is that password from session is NEVER
used for logging into IMAP server.

Login to IMAP is done via Horde_Imap_Client which takes login and
password as argument (in $params) and these values are set ONLY in
constructor (this is done by Horde/IMP in createImapObject function
called in Auth.php). Problem is that IMAP object is initialized only
ONCE per IMAP login in our installation - so, when password changes,
it is correctly updated in session but gets NEVER updated in IMAP
object. I was doing some debug logging inside Horde and Horde/IMP and
it is really like this, constructor for Horde_Imap_Client is called
only once per login, the IMAP object is probably serialized and cached

Sending patch which works for me:

File: passwd/lib/Passwd.php
Function (at the end of file): resetCredentials
Code (i added 3 lines which starts by '$imp_imap'):

       static public function resetCredentials($old_password, $new_password)
           if ($GLOBALS['registry']->getAuthCredential('password') ==
$old_password) {

               $imp_imap =
               $imp_imap->ob = NULL;

$new_password, IMP_Auth::getAutoLoginServer());

More information about the bugs mailing list