[horde] passwd with Horde 4

Tue Jun 14 18:53:58 UTC 2011

Quoting Kareem Dana <kareem.dana at gmail.com>:

> On Fri, Jun 10, 2011 at 5:01 PM, Ralf Lang <lang at b1-systems.de> wrote:
>
>> Am Donnerstag, 9. Juni 2011, 20:19:17 schrieb Kareem Dana:
>> > I just saw Ralf's post, but I didn't want to hijack his thread with my
>> own
>> > passwd question. Right now I used passwd with the poppassd driver on
>> Horde
>> > 3 in production and am gearing up to move to Horde 4.
>> >
>> > I am using the passwd code from git which I downloaded on June 6. It
>> works,
>> > but does not reset my credentials within Horde, so I have to log out and
>> > log back in. My system is setup such that Horde authenticates via Imp and
>> > Imp uses IMAP Authentication. When I change my password with passwd, it
>> > successfully changes the password but IMP keeps trying to authenticate
>> > with the old password. I understand this is unreleased code but I'm
>> > willing and able to make some code changes to get this to work.
>> >
>> > Inside passwd/lib/Passwd.php I found the function resetCredentials which
>> > calls setAuthCredential() to set the new password but that either doesn't
>> > work or is not enough to get IMP to use the new password when talking to
>> > the IMAP server. Does something else need to be called here or some
>> cached
>> > IMAP sessions invalidated? Any tips would be helpful as I'm familiar with
>> > PHP but not the horde framework.
>> >
>> > Thanks,
>> > Kareem Dana
>>
>> Hi Kareem, can you please file a bug report?
>> I am on a long weekend holiday and might forget,
>> but maybe you can patch it yourself.
>>
>> What resetCredentials basically needs to do (but doesn't) is
>>
>>  * look if the authentication backend is Horde_Auth_Application
>>  * If so, call
>>  $GLOBALS['registry']->setAuthCredential('password', $new_password,
>> $appname);
>> after
>>  $GLOBALS['registry']->setAuthCredential('password', $new_password);
>>
>>
>> --
>> Ralf Lang
>> Linux Consultant / Developer
>>
>> B1 Systems GmbH
>> Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
>> GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
>> --
>>
>
>
> I submitted a bug report Ticket #10228. I added an additional comment
> because I tried what you suggested and IMP still did not authenticate with
> the new password. It didn't even try to log back into the IMAP server.
> Thanks for taking a look at it.

IMP caches its password within the Horde_Imap_Client object.  It does  
not use Horde credentials once a login is successful.

Changing a password mid-session is not a good idea.  It will break  
using something like imapproxy, for example.  And AFAIK, there is no  
guarantee that a password changed by the passwd module will do  
something like change an IMAP password - since in most cases, the IMAP  
server is entirely remote to the Horde installation.  So simply  
changing all current passwords in a Horde session is a Bad Idea.

michael

___________________________________
Michael Slusarz [slusarz at horde.org]