[horde] passwd with Horde 4

Wed Jun 15 10:44:30 UTC 2011

Zitat von Michael M Slusarz <slusarz at horde.org>:

> Quoting Ralf Lang <lang at b1-systems.de>:
>
>> Am Dienstag, 14. Juni 2011, 20:53:58 schrieb Michael M Slusarz:
>>> Quoting Kareem Dana <kareem.dana at gmail.com>:
>>>> On Fri, Jun 10, 2011 at 5:01 PM, Ralf Lang <lang at b1-systems.de> wrote:
>>>>> Am Donnerstag, 9. Juni 2011, 20:19:17 schrieb Kareem Dana:
>>>>> > I just saw Ralf's post, but I didn't want to hijack his thread with my
>>>>>
>>>>> own
>>>>>
>>>>> > passwd question. Right now I used passwd with the poppassd driver on
>>>>>
>>>>> Horde
>>>>>
>>>>> > 3 in production and am gearing up to move to Horde 4.
>>>>> >
>>>>> > I am using the passwd code from git which I downloaded on June 6. It
>>>>>
>>>>> works,
>>>>>
>>>>> > but does not reset my credentials within Horde, so I have to log out
>>>>> > and log back in. My system is setup such that Horde authenticates via
>>>>> > Imp and Imp uses IMAP Authentication. When I change my password with
>>>>> > passwd, it successfully changes the password but IMP keeps trying to
>>>>> > authenticate with the old password. I understand this is unreleased
>>>>> > code but I'm willing and able to make some code changes to get this
>>>>> > to work.
>>>>> >
>>>>> > Inside passwd/lib/Passwd.php I found the function resetCredentials
>>>>> > which calls setAuthCredential() to set the new password but that
>>>>> > either doesn't work or is not enough to get IMP to use the new
>>>>> > password when talking to the IMAP server. Does something else need to
>>>>> > be called here or some
>>>>>
>>>>> cached
>>>>>
>>>>> > IMAP sessions invalidated? Any tips would be helpful as I'm familiar
>>>>> > with PHP but not the horde framework.
>>>>> >
>>>>> > Thanks,
>>>>> > Kareem Dana
>>>>>
>>>>> Hi Kareem, can you please file a bug report?
>>>>> I am on a long weekend holiday and might forget,
>>>>> but maybe you can patch it yourself.
>>>>>
>>>>> What resetCredentials basically needs to do (but doesn't) is
>>>>>
>>>>>  * look if the authentication backend is Horde_Auth_Application
>>>>>  * If so, call
>>>>>  $GLOBALS['registry']->setAuthCredential('password', $new_password,
>>>>>
>>>>> $appname);
>>>>> after
>>>>>
>>>>>  $GLOBALS['registry']->setAuthCredential('password', $new_password);
>>>>>
>>>>> --
>>>>> Ralf Lang
>>>>> Linux Consultant / Developer
>>>>>
>>>>> B1 Systems GmbH
>>>>> Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
>>>>> GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
>>>>> --
>>>>
>>>> I submitted a bug report Ticket #10228. I added an additional comment
>>>> because I tried what you suggested and IMP still did not authenticate
>>>> with the new password. It didn't even try to log back into the IMAP
>>>> server. Thanks for taking a look at it.
>>>
>>> IMP caches its password within the Horde_Imap_Client object.  It does
>>> not use Horde credentials once a login is successful.
>>>
>>> Changing a password mid-session is not a good idea.  It will break
>>> using something like imapproxy, for example.  And AFAIK, there is no
>>> guarantee that a password changed by the passwd module will do
>>> something like change an IMAP password - since in most cases, the IMAP
>>> server is entirely remote to the Horde installation.  So simply
>>> changing all current passwords in a Horde session is a Bad Idea.
>>>
>>
>> It wasn't about all current passwords but only if a passwd driver  
>> is set to be
>> horde authentication (currently the default but after the  
>> discussion with eric
>> I'm thinking of flipping this around) and imp is the authentication driver.
>> I'm not sure what would be the right behaviour in this case. Should  
>> we force-
>> logout the user to re-init everything on login?
>
> At this point, yes.  Unless we added a Registry application API call  
> that is called when a user's credentials are changed during a session.

Which we should add then. Logging users out because they changed their  
password is not a good practice.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/