[horde] passwd with Horde 4
Ralf Lang
lang at b1-systems.de
Tue Jun 14 19:35:48 UTC 2011
Am Dienstag, 14. Juni 2011, 20:53:58 schrieb Michael M Slusarz:
> Quoting Kareem Dana <kareem.dana at gmail.com>:
> > On Fri, Jun 10, 2011 at 5:01 PM, Ralf Lang <lang at b1-systems.de> wrote:
> >> Am Donnerstag, 9. Juni 2011, 20:19:17 schrieb Kareem Dana:
> >> > I just saw Ralf's post, but I didn't want to hijack his thread with my
> >>
> >> own
> >>
> >> > passwd question. Right now I used passwd with the poppassd driver on
> >>
> >> Horde
> >>
> >> > 3 in production and am gearing up to move to Horde 4.
> >> >
> >> > I am using the passwd code from git which I downloaded on June 6. It
> >>
> >> works,
> >>
> >> > but does not reset my credentials within Horde, so I have to log out
> >> > and log back in. My system is setup such that Horde authenticates via
> >> > Imp and Imp uses IMAP Authentication. When I change my password with
> >> > passwd, it successfully changes the password but IMP keeps trying to
> >> > authenticate with the old password. I understand this is unreleased
> >> > code but I'm willing and able to make some code changes to get this
> >> > to work.
> >> >
> >> > Inside passwd/lib/Passwd.php I found the function resetCredentials
> >> > which calls setAuthCredential() to set the new password but that
> >> > either doesn't work or is not enough to get IMP to use the new
> >> > password when talking to the IMAP server. Does something else need to
> >> > be called here or some
> >>
> >> cached
> >>
> >> > IMAP sessions invalidated? Any tips would be helpful as I'm familiar
> >> > with PHP but not the horde framework.
> >> >
> >> > Thanks,
> >> > Kareem Dana
> >>
> >> Hi Kareem, can you please file a bug report?
> >> I am on a long weekend holiday and might forget,
> >> but maybe you can patch it yourself.
> >>
> >> What resetCredentials basically needs to do (but doesn't) is
> >>
> >> * look if the authentication backend is Horde_Auth_Application
> >> * If so, call
> >> $GLOBALS['registry']->setAuthCredential('password', $new_password,
> >>
> >> $appname);
> >> after
> >>
> >> $GLOBALS['registry']->setAuthCredential('password', $new_password);
> >>
> >> --
> >> Ralf Lang
> >> Linux Consultant / Developer
> >>
> >> B1 Systems GmbH
> >> Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
> >> GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
> >> --
> >
> > I submitted a bug report Ticket #10228. I added an additional comment
> > because I tried what you suggested and IMP still did not authenticate
> > with the new password. It didn't even try to log back into the IMAP
> > server. Thanks for taking a look at it.
>
> IMP caches its password within the Horde_Imap_Client object. It does
> not use Horde credentials once a login is successful.
>
> Changing a password mid-session is not a good idea. It will break
> using something like imapproxy, for example. And AFAIK, there is no
> guarantee that a password changed by the passwd module will do
> something like change an IMAP password - since in most cases, the IMAP
> server is entirely remote to the Horde installation. So simply
> changing all current passwords in a Horde session is a Bad Idea.
>
It wasn't about all current passwords but only if a passwd driver is set to be
horde authentication (currently the default but after the discussion with eric
I'm thinking of flipping this around) and imp is the authentication driver.
I'm not sure what would be the right behaviour in this case. Should we force-
logout the user to re-init everything on login?
--
Ralf Lang
Linux Consultant / Developer
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
More information about the horde
mailing list