[dev] Auth driver : validateAuth false and imp still try to login to Imap

SSRI ssri_abo at u-paris2.fr
Wed Mar 11 14:33:34 UTC 2015


Michael M Slusarz <slusarz at horde.org> a écrit :

> Quoting Ralf Lang <lang at b1-systems.de>:
>
>> On 06.03.2015 17:26, SSRI wrote:
>>>
>>> Hi,
>>>
>>> We use a custom authentication backend and have implemented a
>>> validateAuth() function.
>>>
>>> When validateAuth() returns false, we have noticed that imp still try to
>>> login to our IMAP server 3 times before user is logged out.
>>>
>>> Why user isn't disconnected immediatly after the first time
>>> validateAuth() returns false ?
>>
>> The Imap code stores a cached copy of the credentials used during login.
>> Last time I worked in this area in 2013, there was no way of notifying
>> this storage about changed credentials.
>
> That's a different issue - namely dealing with changing credentials.
>
> validateAuth() deals with authentication checks that are independent  
> of credential checking.
>
> validateAuth() should immediately terminate any authentication  
> process.  So that would be a bug.  However, it is suspicious that  
> validateAuth() would fail *AND* the stored credentials didn't work.   
> If that is the case, it sounds like some process has changed the  
> IMAP/POP3 authentication.

We use a credential cache mechanism on our IMAP server. When the  
credentials are deleted from the cache, IMAP authentication is refused  
: the stored credentials from Horde doesn't work *AND* validateAuth()  
fail - as credentials are considered expired.

We try to use validateAuth() the same way it is used in the Shibboleth driver.

> In which case, validateAuth() should return true since that has  
> nothing to do with credential checking.  (in other words, this  
> sounds like what Ralf reports - you can't change authentication  
> credentials during a session without destroying the session.  This  
> is not an issue with Horde's design though - it's the same reason  
> you inevitably need to log out of any application/website/etc. when  
> changing your password/authentication)
>
> michael
>
> ___________________________________
> Michael Slusarz [slusarz at horde.org]
>
> -- 
> dev mailing list
> Frequently Asked Questions: http://wiki.horde.org/FAQ
> To unsubscribe, mail: dev-unsubscribe at lists.horde.org




More information about the dev mailing list