[horde] Ingo using wrong credentials on AUTHENTICATE PLAIN?

Jens-U. Mozdzen jmozdzen at nde.ag
Wed Nov 19 12:24:48 UTC 2014 

Hi *,

I've had to change quite a lot of our mail server infrastructure  
recently and just noticed that authentication against our Sieve server  
does not work anymore. This is most likely a configuration error, but  
I've failed to spot my mistake.

Ingo is at 3.2.1, imp is 6.2.2, Horde_Imap_Client is 2.25.1 and our  
Kolab stuff is Horde_Kolab_Format at 2.0.5, Horde_Kolab_Server at  
2.0.2, Horde_Kolab_Session at 2.0.1, and Horde_Kolab_Storage at 2.1.1.

I log in as "username" (not "username at domain.com") and get  
successfully authenticated to our Cyrus IMAP server. Horde portal does  
show "username at domain.com" as the logged-in user.

I have created a hook for Ingo so that the IMAP credentials are to be  
used when authenticating to the Sieve server (by activating the  
according piece of code from the hooks.php.dist file).

Whenever I try to update/load/activate Sieve scripts, the Horde UI  
reports an authentication error.

Debugging Horde/Ingo shows me in the Sieve trace, that the information  
passed on the "AUTHENTICATE PLAIN" command (base64-encoded) is  
"username<sep>username at domain.com<sep>password", while I would have  
expected "username at domain.com<sep>password". (The hook mentioned above  
makes sure that the fully-qualified username is used - without, it'd  
send "username<sep>username<sep>password").

I have checked via "sivtest" that I need to authenticate  
fully-qualified, which may be the result of one of the major changes  
throughout the previous months. Before those changes, I did not need  
that hook mentioned above.

It seems strange that I see the username *twice* in the authentication string.

Some configuration infos:

- Ingo

--- cut here: horde/ingo/config/backends.d/configfile.php ---
<?php

$backends['imap']['disabled'] = true;

$backends['sieve']['disabled'] = false;
$backends['sieve']['transport'][Ingo::RULE_ALL]['params']['hostspec']  
= $GLOBALS['conf']['kolab']['imap']['server'];
$backends['sieve']['transport'][Ingo::RULE_ALL]['params']['port'] =  
$GLOBALS['conf']['kolab']['imap']['sieveport'];
$backends['sieve']['transport'][Ingo::RULE_ALL]['params']['debug'] = true;
// $backends['sieve']['script'][Ingo::RULE_ALL]['params']['imapflags'] = true;
--- cut here ---

As can be seen from the Horde log below (and the syslog of the sieve  
daemon), the connection itself is ok, but the authentication fails.

--- cut here: horde/ingo/config/conf.php ---
$conf['storage']['driver'] = 'prefs';
$conf['rules']['userheader'] = true;
$conf['spam']['header'] = 'X-Spam-Level';
$conf['spam']['char'] = '*';
$conf['spam']['compare'] = 'string';
--- cut here ---

--- cut here: horde/ingo/config/hooks.php ---
<?php
class Ingo_Hooks
{
     public function transport_auth($driver)
     {
             $ob = $GLOBALS['registry']->call('mail/imapOb');

//Horde::debug( $ob->getParam('username'));
//Horde::debug( $ob->getParam('password'));
             return array(
                 'password' => $ob->getParam('password'),
                 'username' => $ob->getParam('username')
             );
    }
}
--- cut here ---

When activated, the debug outputs do show the proper (fully-qualified)  
username and the password, as verified via the Sieve trace.

- Horde

--- cut here: horde/config/conf.php ---
[...]
$conf['prefs']['maxsize'] = 65535;
$conf['prefs']['driver'] = 'KolabImap';
[...]
--- cut here ---

--- cut here: horde.log ---
[...]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] Load config file  
(conf.php; app: ingo) [pid 29473 on line 109 of  
"/usr/share/php5/PEAR/Horde/Registry/Loadconfig.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] Load config file  
(hooks.php; app: ingo) [pid 29473 on line 109 of  
"/usr/share/php5/PEAR/Horde/Registry/Loadconfig.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] Load config file  
(prefs.php; app: ingo) [pid 29473 on line 109 of  
"/usr/share/php5/PEAR/Horde/Registry/Loadconfig.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] Hook transport_auth in  
application ingo called. [pid 29473 on line 58 of  
"/usr/share/php5/PEAR/Horde/Core/Hooks.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] S: "IMPLEMENTATION"  
"Cyrus timsieved v2.3.11" [pid 29473 on line 105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] S: "SASL" "PLAIN" [pid  
29473 on line 105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] S: "SIEVE"  
"comparator-i;ascii-numeric fileinto reject vacation imapflags notify  
include envelope body relational regex subaddress copy" [pid 29473 on  
line 105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] S: "STARTTLS" [pid 29473  
on line 105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] S: OK [pid 29473 on line  
105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] C: CAPABILITY [pid 29473  
on line 105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] S: "IMPLEMENTATION"  
"Cyrus timsieved v2.3.11" [pid 29473 on line 105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] S: "SASL" "PLAIN" [pid  
29473 on line 105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] S: "SIEVE"  
"comparator-i;ascii-numeric fileinto reject vacation imapflags notify  
include envelope body relational regex subaddress copy" [pid 29473 on  
line 105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] S: "STARTTLS" [pid 29473  
on line 105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] S: OK [pid 29473 on line  
105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] C: STARTTLS [pid 29473  
on line 105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] S: OK "Begin TLS  
negotiation now" [pid 29473 on line 105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] STARTTLS negotiation  
successful [pid 29473 on line 105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] S: "IMPLEMENTATION"  
"Cyrus timsieved v2.3.11" [pid 29473 on line 105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] S: "SASL" "PLAIN" [pid  
29473 on line 105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] S: "SIEVE"  
"comparator-i;ascii-numeric fileinto reject vacation imapflags notify  
include envelope body relational regex subaddress copy" [pid 29473 on  
line 105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] S: OK [pid 29473 on line  
105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] C: CAPABILITY [pid 29473  
on line 105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] S: "IMPLEMENTATION"  
"Cyrus timsieved v2.3.11" [pid 29473 on line 105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] S: "SASL" "PLAIN" [pid  
29473 on line 105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] S: "SIEVE"  
"comparator-i;ascii-numeric fileinto reject vacation imapflags notify  
include envelope body relational regex subaddress copy" [pid 29473 on  
line 105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] S: OK [pid 29473 on line  
105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] C: AUTHENTICATE "PLAIN"  
***base64 - see text***" [pid 29473 on line 105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
2014-11-19T13:02:40+01:00 DEBUG: HORDE [ingo] S: NO "Authentication  
Error" [pid 29473 on line 105 of  
"/srv/www/htdocs.www.nde.ag.ssl/horde/ingo/lib/Transport/Timsieved.php"]
--- cut here ---

I'd be grateful for any hints or pointers.

With regards,
Jens

More information about the horde mailing list