[horde] Authentication issues
Steven Swarts
steven at swartsit.com
Wed Jul 24 15:50:36 UTC 2013
On 24/07/2013 11:48 PM, Steven Swarts wrote:
> On 24/07/2013 11:17 PM, Steven Swarts wrote:
>>
>> On 24/07/2013 7:52 PM, Ralf Lang wrote:
>>> On 24.07.2013 13:31, avp wrote:
>>>>> So would this be better?
>>>>>
>>>>> // IMAP server
>>>>> $servers['imap'] = array(
>>>>> // ENABLED by default; will connect to IMAP port on local server
>>>>> 'disabled' => false,
>>>>> 'name' => 'Server',
>>>>> 'hostspec' => 'localhost',
>>>>> 'hordeauth' => full,
>>>>> 'protocol' => 'imap',
>>>>> 'port' => 993,
>>>>> // Plaintext logins are disabled by default on IMAP servers (see
>>>>> RFC 3501
>>>>> // [6.2.3]), so TLS is the only guaranteed authentication
>>>>> available by
>>>>> // default.
>>>>> 'secure' => 'ssl',
>>>>> );
>>>>>
>>>> Shouldn't "full" be "'full'", or does this matter? That is, have
>>>> single
>>>> quotes around it?
>>> Yes, it needs to be quoted.
>>>
>>>
>>
>> Thanks for the heads up, what about the others? like 'disabled' =>
>> false, should that be 'disabled' => 'false', and then also the port?
>>
>> // IMAP server
>> $servers['imap'] = array(
>> // ENABLED by default; will connect to IMAP port on local server
>> 'disabled' => false,
>> 'name' => 'Server',
>> 'hostspec' => 'localhost',
>> 'hordeauth' => 'full',
>> 'protocol' => 'imap',
>> 'port' => 143,
>> // Plaintext logins are disabled by default on IMAP servers (see
>> RFC 3501
>> // [6.2.3]), so TLS is the only guaranteed authentication
>> available by
>> // default.
>> 'secure' => 'tls',
>> );
>>
>>
>> Regards,
>> Steve
>>
>
> I will use then only port 143 and TLS
>
> currently my backend.local.php looks like this:
>
> // IMAP server
> $servers['imap'] = array(
> // ENABLED by default; will connect to IMAP port on local server
> 'disabled' => false,
> 'name' => 'Server',
> 'hostspec' => 'localhost',
> 'hordeauth' => 'full',
> 'protocol' => 'imap',
> 'port' => 143,
> // Plaintext logins are disabled by default on IMAP servers (see
> RFC 3501
> // [6.2.3]), so TLS is the only guaranteed authentication
> available by
> // default.
> 'secure' => 'tls',
> );
>
> I can log in using my email address (its the root/admin/super user
> account for horde) but the other users which can access the server via
> this command ...
>
> openssl s_client -connect mail.example.com:143 -starttls imap
>
> still come up as not authorized for horde.
>
> Any suggestions ?? Can I up the logging level some place? All I see is
> the php error, not the attempt to authenticate using IMP to Dovecot.
>
> [Wed Jul 24 23:47:02 2013] [error] [client 58.XXX.135.XXX] PHP Fatal
> error: Uncaught exception 'Horde_Exception_PushApp' with message
> 'User john at example.com.au is not authorized for Horde.' in
> /usr/share/php/Horde/Registry.php:1517\nStack trace:\n#0
> /usr/share/php/Horde/Registry.php(1171):
> Horde_Registry->pushApp('horde', Array)\n#1
> /usr/share/php/Horde/Registry.php(2089):
> Horde_Registry->callAppMethod('horde', 'logout')\n#2
> /usr/share/php/Horde/ErrorHandler.php(35):
> Horde_Registry->clearAuthApp('horde')\n#3 [internal function]:
> Horde_ErrorHandler::fatal(Object(Horde_Exception_AuthenticationFailure))\n#4
> {main}\n thrown in /usr/share/php/Horde/Registry.php on line 1517,
> referer:
> https://cleandrum.com/horde/login.php?horde_logout_token=OydmXgQgBxtb0pPXTCtHvg7&logout_reason=4
>
> Regards,
> Steve
Actually I lied, in /var/log/syslog it shows the attempt:
Jul 24 23:49:16 mail dovecot: IMAP(john at example.com.au): Disconnected:
Logged out bytes=40/672
Jul 24 23:49:16 mail dovecot: imap-login: Login:
user=<john at example.com.au>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS
Jul 24 23:49:16 mail dovecot: IMAP(john at example.com.au): Disconnected:
Logged out bytes=39/427
I don't know why it doesn't authenticate then??
More information about the horde
mailing list