[dev] Renew Horde credentials for each IMP login

SSRI ssri_abo at u-paris2.fr
Tue Dec 16 13:10:29 UTC 2014 

Michael M Slusarz <slusarz at horde.org> a écrit :

> Quoting SSRI <ssri_abo at u-paris2.fr>:
>
>> Michael M Slusarz <slusarz at horde.org> a écrit :
>>
>>> Quoting SSRI <ssri_abo at u-paris2.fr>:
>>>
>>>> Michael M Slusarz <slusarz at horde.org> a écrit :
>>>>
>>>>> Quoting SSRI <ssri_abo at u-paris2.fr>:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> We've built a custom authentication driver that provides Horde  
>>>>>> a One-Time password (OTP) : this password will allow only one  
>>>>>> login to IMAP server.
>>>>>>
>>>>>> How do you force the authentication driver to renew credentials  
>>>>>> for each IMP login ? We didn't find any OTP-compatible  
>>>>>> authentication driver included in Horde.
>>>>>
>>>>> Do you mean on every IMP access?
>>>>
>>>> Yes
>>>>
>>>>>
>>>>> If so, your best bet is to use the 'pushapp' hook - grab the  
>>>>> IMP_Imap object using the IMP_Imap factory and set the password  
>>>>> in the Horde_Imap_Client object using setParam('password',  
>>>>> Password Object).
>>>>>
>>>>
>>>> Ok.
>>>>
>>>> And should I grab the new password with Horde_Core_Factory_Auth (
>>>> calling
>>>> $GLOBALS['injector']->getInstance('Horde_Core_Factory_Auth')->create()
>>>> ) inside the pushapp hook ?
>>>
>>> Don't know what you are asking for here.  If you designed/created  
>>> the system to generate a new IMAP password, you should get the new  
>>> password from that system.  This has nothing to do with Horde  
>>> authentication, as far as I can tell.
>>>
>>
>> The system to generate the new IMAP password is in the Auth driver  
>> ... Wouldn't be easier ( cleaner ? ) if Horde authentication system  
>> would allow to update credentials inside an auth driver ?
>
>
> No.
>
> The problem is that we may be using cached information that relies  
> on the previous auth credentials.  There is currently no way of  
> broadcasting that the auth credentials has changed for a certain  
> application that is guaranteed to update this cached information  
> everywhere.
>
> This is why we require a brand new session when changing a password  
> via the passwd application, for example.
>

What about invalidate the current auth with validateAuth() function  
inside the auth driver ?
Wouldn't be too heavy to have a brand new session for each password renewing ?

> michael
>
> ___________________________________
> Michael Slusarz [slusarz at horde.org]
>
> -- 
> dev mailing list
> Frequently Asked Questions: http://wiki.horde.org/FAQ
> To unsubscribe, mail: dev-unsubscribe at lists.horde.org

More information about the dev mailing list