[horde] Authentication issues

Steven Swarts steven at swartsit.com
Wed Jul 24 15:48:13 UTC 2013 

On 24/07/2013 11:17 PM, Steven Swarts wrote:
>
> On 24/07/2013 7:52 PM, Ralf Lang wrote:
>> On 24.07.2013 13:31, avp wrote:
>>>> So would this be better?
>>>>
>>>> // IMAP server
>>>> $servers['imap'] = array(
>>>>      // ENABLED by default; will connect to IMAP port on local server
>>>>      'disabled' => false,
>>>>      'name' => 'Server',
>>>>      'hostspec' => 'localhost',
>>>>      'hordeauth' => full,
>>>>      'protocol' => 'imap',
>>>>      'port' => 993,
>>>>      // Plaintext logins are disabled by default on IMAP servers (see
>>>> RFC 3501
>>>>      // [6.2.3]), so TLS is the only guaranteed authentication
>>>> available by
>>>>      // default.
>>>>      'secure' => 'ssl',
>>>> );
>>>>
>>> Shouldn't "full" be "'full'", or does this matter?  That is, have 
>>> single
>>> quotes around it?
>> Yes, it needs to be quoted.
>>
>>
>
> Thanks for the heads up, what about the others? like 'disabled' => 
> false, should that be 'disabled' => 'false', and then also the port?
>
> // IMAP server
> $servers['imap'] = array(
>     // ENABLED by default; will connect to IMAP port on local server
>     'disabled' => false,
>     'name' => 'Server',
>     'hostspec' => 'localhost',
>     'hordeauth' => 'full',
>     'protocol' => 'imap',
>     'port' => 143,
>     // Plaintext logins are disabled by default on IMAP servers (see
> RFC 3501
>     // [6.2.3]), so TLS is the only guaranteed authentication
> available by
>     // default.
>     'secure' => 'tls',
> );
>
>
> Regards,
> Steve
>

I will use then only port 143 and TLS

currently my backend.local.php looks like this:

// IMAP server
$servers['imap'] = array(
     // ENABLED by default; will connect to IMAP port on local server
     'disabled' => false,
     'name' => 'Server',
     'hostspec' => 'localhost',
     'hordeauth' => 'full',
     'protocol' => 'imap',
     'port' => 143,
     // Plaintext logins are disabled by default on IMAP servers (see 
RFC 3501
     // [6.2.3]), so TLS is the only guaranteed authentication available by
     // default.
     'secure' => 'tls',
);

I can log in using my email address (its the root/admin/super user 
account for horde) but the other users which can access the server via 
this command ...

openssl s_client -connect mail.example.com:143 -starttls imap

still come up as not authorized for horde.

Any suggestions ?? Can I up the logging level some place? All I see is 
the php error, not the attempt to authenticate using IMP to Dovecot.

[Wed Jul 24 23:47:02 2013] [error] [client 58.XXX.135.XXX] PHP Fatal 
error:  Uncaught exception 'Horde_Exception_PushApp' with message 'User 
john at example.com.au is not authorized for Horde.' in 
/usr/share/php/Horde/Registry.php:1517\nStack trace:\n#0 
/usr/share/php/Horde/Registry.php(1171): 
Horde_Registry->pushApp('horde', Array)\n#1 
/usr/share/php/Horde/Registry.php(2089): 
Horde_Registry->callAppMethod('horde', 'logout')\n#2 
/usr/share/php/Horde/ErrorHandler.php(35): 
Horde_Registry->clearAuthApp('horde')\n#3 [internal function]: 
Horde_ErrorHandler::fatal(Object(Horde_Exception_AuthenticationFailure))\n#4 
{main}\n  thrown in /usr/share/php/Horde/Registry.php on line 1517, 
referer: 
https://cleandrum.com/horde/login.php?horde_logout_token=OydmXgQgBxtb0pPXTCtHvg7&logout_reason=4

Regards,
Steve

More information about the horde mailing list