[horde] Questions on using passwd http driver
John H. Bennett III
bennettj at thebennetthome.com
Tue Jul 2 00:47:08 UTC 2013
Quoting "John H. Bennett III" <bennettj at thebennetthome.com>:
> Quoting Ralf Lang <lang at b1-systems.de>:
>
>>> The server that I'm trying to use passwd on to change a users password
>>> is same, that the user logs into, so I would think that it's already
>>> trusted.
>>
>> This can easily be tested with a curl command against the password
>> changing url. We don't need to guess.
>
> First off, thank you for your help. Didn't state that last time. I
> didn't know about testing with curl, had to do some reading. If I
> use curl and try to go to the https site, I get:
> curl https://www.mytestdomain.com/user-password
> curl: (60) Peer certificate cannot be authenticated with known CA
> certificates
> More details here: http://curl.haxx.se/docs/sslcerts.html
>
> curl performs SSL certificate verification by default, using a "bundle"
> of Certificate Authority (CA) public keys (CA certs). If the default
> bundle file isn't adequate, you can specify an alternate file
> using the --cacert option.
> If this HTTPS server uses a certificate signed by a CA represented in
> the bundle, the certificate verification probably failed due to a
> problem with the certificate (it might be expired, or the name might
> not match the domain name in the URL).
> If you'd like to turn off curl's verification of the certificate, use
> the -k (or --insecure) option.
>
> If I use the --cacert parameter, then I'm able to get to the site.
>
> curl --cacert /etc/ssl/certs/www.mytestdomain.com.crt
> https://www.thebennetthome3.com
Sorry for re-replying, as someone could say that what I said I did
wasn't possible. So, here's the real deal. My test server domain is
thebennetthome3.com.
Command that doesn't work, curl https://www.thebennetthome3.com/user-password
Command that works, curl --cacert
/home/e-smith/ssl.crt/www.thebennetthome3.com.crt
https://www.thebennetthome3.com/user-password
>
>>
>>>> Out of curiosity: What kind of authentication do the website and horde
>>>> use?
>>>
>>> The website with the password changing page, uses username. Horde also
>>> uses username, but appends the realm, via a hook when loggin.. So when
>>> I go to passwd, I see user at domain, which is another issue that I may
>>> need to work out later.
>>
>> Have you tried the "horde" passwd backend?
>
> Yes, and I didn't expect it to work. Error states, "Failure in
> changing password for Horde Authentication: The current horde
> configuration does not allow changing passwords."
>
> These users don't log into a Linux shell, they are mostly Windoze
> users using file sharing, webmail, and some other servers.
>>
>>
>> --
>> Ralf Lang
>> Linux Consultant / Developer
>> Tel.: +49-170-6381563
>> Mail: lang at b1-systems.de
>> B1 Systems GmbH
>> Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
>> GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
>>
>
> John
>
>
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
More information about the horde
mailing list