[horde] passwd with Horde 4

Tue Jun 14 19:44:08 UTC 2011

Quoting Ralf Lang <lang at b1-systems.de>:

> Am Dienstag, 14. Juni 2011, 20:53:58 schrieb Michael M Slusarz:
>> Quoting Kareem Dana <kareem.dana at gmail.com>:
>> > On Fri, Jun 10, 2011 at 5:01 PM, Ralf Lang <lang at b1-systems.de> wrote:
>> >> Am Donnerstag, 9. Juni 2011, 20:19:17 schrieb Kareem Dana:
>> >> > I just saw Ralf's post, but I didn't want to hijack his thread with my
>> >>
>> >> own
>> >>
>> >> > passwd question. Right now I used passwd with the poppassd driver on
>> >>
>> >> Horde
>> >>
>> >> > 3 in production and am gearing up to move to Horde 4.
>> >> >
>> >> > I am using the passwd code from git which I downloaded on June 6. It
>> >>
>> >> works,
>> >>
>> >> > but does not reset my credentials within Horde, so I have to log out
>> >> > and log back in. My system is setup such that Horde authenticates via
>> >> > Imp and Imp uses IMAP Authentication. When I change my password with
>> >> > passwd, it successfully changes the password but IMP keeps trying to
>> >> > authenticate with the old password. I understand this is unreleased
>> >> > code but I'm willing and able to make some code changes to get this
>> >> > to work.
>> >> >
>> >> > Inside passwd/lib/Passwd.php I found the function resetCredentials
>> >> > which calls setAuthCredential() to set the new password but that
>> >> > either doesn't work or is not enough to get IMP to use the new
>> >> > password when talking to the IMAP server. Does something else need to
>> >> > be called here or some
>> >>
>> >> cached
>> >>
>> >> > IMAP sessions invalidated? Any tips would be helpful as I'm familiar
>> >> > with PHP but not the horde framework.
>> >> >
>> >> > Thanks,
>> >> > Kareem Dana
>> >>
>> >> Hi Kareem, can you please file a bug report?
>> >> I am on a long weekend holiday and might forget,
>> >> but maybe you can patch it yourself.
>> >>
>> >> What resetCredentials basically needs to do (but doesn't) is
>> >>
>> >>  * look if the authentication backend is Horde_Auth_Application
>> >>  * If so, call
>> >>  $GLOBALS['registry']->setAuthCredential('password', $new_password,
>> >>
>> >> $appname);
>> >> after
>> >>
>> >>  $GLOBALS['registry']->setAuthCredential('password', $new_password);
>> >>
>> >> --
>> >> Ralf Lang
>> >> Linux Consultant / Developer
>> >>
>> >> B1 Systems GmbH
>> >> Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
>> >> GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
>> >> --
>> >
>> > I submitted a bug report Ticket #10228. I added an additional comment
>> > because I tried what you suggested and IMP still did not authenticate
>> > with the new password. It didn't even try to log back into the IMAP
>> > server. Thanks for taking a look at it.
>>
>> IMP caches its password within the Horde_Imap_Client object.  It does
>> not use Horde credentials once a login is successful.
>>
>> Changing a password mid-session is not a good idea.  It will break
>> using something like imapproxy, for example.  And AFAIK, there is no
>> guarantee that a password changed by the passwd module will do
>> something like change an IMAP password - since in most cases, the IMAP
>> server is entirely remote to the Horde installation.  So simply
>> changing all current passwords in a Horde session is a Bad Idea.
>>
>
> It wasn't about all current passwords but only if a passwd driver is  
> set to be
> horde authentication (currently the default but after the discussion  
> with eric
> I'm thinking of flipping this around) and imp is the authentication driver.
> I'm not sure what would be the right behaviour in this case. Should we force-
> logout the user to re-init everything on login?

At this point, yes.  Unless we added a Registry application API call  
that is called when a user's credentials are changed during a session.

michael

___________________________________
Michael Slusarz [slusarz at horde.org]