[horde] How to switch horde login authentication to system files?

Roberto Maurizzi roberto.maurizzi at gmail.com
Tue Aug 18 19:03:40 UTC 2009


2009/8/18 Robert P. J. Day <rpjday at crashcourse.ca>

>  My problem:  all attempts at logging into horde are now rejected, for what
> I think is the following reason.  I'm guessing that, before I upgraded this
> Debian system, authentication was done via IMAP.  I'm assuming I can verify
> that by checking, what, the conf.php file?


Yes, but be sure to check in /var/www/horde/config/conf.php

In the file you should find a line like:

$conf['auth']['driver'] = 'drivername';

You can find more info on initial configuration here
http://wiki.horde.org/FAQ/Admin/Config#toc11 and in the howtos here
http://wiki.horde.org/HowTo

More importantly, to gain access to the system as administrator again and
then checking and reconfiguring it using the web interface, you can edit
conf.php substituting or commentig all the $conf['auth'] lines with:

$conf['auth']['admins'] = array('Administrator');
$conf['auth']['driver'] = 'auto';

This will allow ANY user to login into Horde as Horde admin, and they'll be
able to check the configuration and (depending on file permissions in the
webroot) updating it.


> Where it should be easy to see what was being used.  So if, in the midst of
> my Debian upgrade, I managed to trash some of that info, that would
> certainly explain why authentication no longer works.


Beware that the Debian install could have overwritten more than a few
important files in the various /config/ dirs under /var/www/horde. That's a
problem especially if the old version and the packaged version are different
(and they probably are). If you can, try to recover the whole dir from a
backup.


>   Finally, while I'm figuring out how to get the IMAP authentication back
> (if that's what's necessary), is it a big deal to switch to just
> /etc/{passwd,shadow} system file authentication?  As far as I can tell,
> everyone who needs to log in has a regular user account, so would making
> that switch (temporarily) just to let folks get in be difficult?  Or a bad
> idea?  I just want to do whatever it takes right now to allow users to be
> able to log in.


There is a ton of auth mechanism you can use. Read the howto and select and
configure your favorite from the admininstration menu from a browser after
setting the "auto" driver as explained above.
Keep in mind however that the system's users will have, after all, to login
to the IMAP server to be able to read their email, so you can keep that
authentication mechanism after all. Also, remember to check using a IMAP
client or a telnel on the POP3 port that the IMAP server is still working ok
(that is, is running AND accepting the right user credentials)


Ciao,
   Roberto


More information about the horde mailing list