[horde] Potential Security Risk in specific Configuration

[Markus Petzsch]

Hello,

I've been using the Horde Framework for a couple of years now and am 
very happy with it. It really is great software even If many features 
are never exlored by many of my users it still brings alot of benefit to 
those who do. :) So First of all: Thank you for the great product!

Now to my problem. I'm in a multiserver envoirment where users create 
own domains and email accounts by a Control Panel (VHCS). Some users 
have access to so called reseller priviledges so they can create own 
domains without providing prove that they own it or it actually 
delegates to their server. All those servers use a central Horde login, 
which identifys the users by IMP IMAP login functionallity. The Server 
is choosen from a dropdown box upon login. Now the security problem: If 
an identicall user account exists on two servers they share same 
settings, kallendar data, notes and adressbook. This is because the 
object user is only described by their emailadress. On the other hand 
merging servername*username to a unique username would bring problems in 
the kallendar or notes sharing among different users. Either way the 
current state is not acceptable for me. Hope you can help me.

Thank's for your help in advance

Markus Petzsch