[horde] passwd again

Ralf Lang lang at b1-systems.de
Thu Nov 17 12:35:52 UTC 2016


Rule of thumb: If you can edit passwords in horde's "admin/users" 
screen, then the passwd hordeauth driver probably can do it, too. Its 
beauty lies in needing virtually no configuration at all.

I use hordeauth a lot - it uses the current auth driver's capabilities 
to change the current user's passwords. In practice, the user backend 
for many imap servers is actually a database or some directory 
(ADS/LDAP). Some installations prefer these searchable, browseable 
backends over using the imap protocol as horde's auth backend.

Hordeauth passwd  works in a lot of LDAP scenarios and most sql 
authentication scenarios - probably for some specific imap or imp based 
scenarios, too, but this is out of my scope. However, passwd can even be 
used to change credentials for whatever unrelated scope the admin 
configures.


Am 17.11.2016 um 11:35 schrieb Jan Schneider:Zitat von Frank Lienhard 
<frank at mclien.de>:
>> On 11/16/2016 03:23 PM, Hendrik Noack wrote:
>>>> -----Ursprüngliche Nachricht-----
>>>> Von: horde [mailto:horde-bounces at lists.horde.org] Im Auftrag von Frank
>>>> Lienhard
>>>> Gesendet: Mittwoch, 16. November 2016 15:14
>>>> An: horde at lists.horde.org
>>>> Betreff: Re: [horde] passwd again
>>>>
>>>>
>>>>
>>>> On 11/16/2016 03:00 PM, Hendrik Noack wrote:
>>>>>> -----Ursprüngliche Nachricht-----
>>>>>> Von: horde [mailto:horde-bounces at lists.horde.org] Im Auftrag von
>>>>>> Frank Lienhard
>>>>>> Gesendet: Mittwoch, 16. November 2016 14:45
>>>>>> An: horde at lists.horde.org
>>>>>> Betreff: Re: [horde] passwd again
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 11/16/2016 01:32 PM, Arjen de Korte wrote:
>>>>>>> Citeren Frank Lienhard <frank at mclien.de>:
>>>>>>>
>>>>>>>> I installed passwd according to official doku via pear.
>>>>>>>>
>>>>>>>> But I get:
>>>>>>>> No backend configured for this host when trying to change 
>>>>>>>> passwords
>>>>>>>> as user.
>>>>>>>>
>>>>>>>> I understand there is some backend to configure, but I lack the
>>>>>>>> knowledge where to define and more important what backend (most
>>>>>> post
>>>>>>>> talk about ldap, which seams wrong in my setup, since I don't use
>>>>>>>> any ldap server. So what is the default way of how horde organizes
>>>>>>>> user/passwd)?
>>>>>>>
>>>>>>> Horde by default uses the IMAP server to authenticate users. If you
>>>>>>> didn't change that, you're the only one who can tell how your IMAP
>>>>>>> server authenticates users. The backend you need to configure,
>>>>>>> depends on the method your IMAP server uses.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> Is that still so, if I use the groupware variante of horde (without
>>>>>> the
>>>>> webmail
>>>>>> part) ?
>>>>>
>>>>> So how do you organize your user accounts? The webinterface offers
>>>>> quite a lot of options for user authentication, even if you don't use
>>>>> an IMAP server. If you have local user accounts only on that server,
>>>>> you could use PAM for authentication, simply because most linux
>>>>> distributions have PAM already set up. If you have a Microsoft
>>>>> environment with Active Directory running, LDAP ist he way to go,
>>>>> since AD is just a little different from normal LDAP. There a lots of
>>> good
>>>> tutorials out there for AD.
>>>>>
>>>>> I personally use the webmail edition. User authentication is done via
>>>>> PAM, but not in Horde directly. I have my SMTP and IMAP server set to
>>>>> authenticate users against PAM. I have my users and groups in an
>>>>> Active Directory which is connected to PAM via winbind (or sssd in
>>>>> newer installations). That way I can ues different services, but
>>>>> always the same authentication mechanism.
>>>>
>>>> What I did is I installed the grouware edition and didn't touch the
>>> default
>>>> values that com with it (except forcing horde to https).
>>>> I then installed the passwd module to let the users change their own
>>> passwd,
>>>> which apparently won't work in this combination.
>>>> I use the horde admin user to genereate new users.
>>>>
>>>> The default setting of the groupware edition has the following 
>>>> setting for
>>>> that:
>>>> Configuration -Authentication -  $conf[auth][driver] is set to SQL
>>>> Authentcation and $conf[auth][params][driverconfig] to horde defaults
>>>>
>>>> LDAP and IMAP servers are disabled by default.
>>>>
>>>> So somehow passwd seems not to be able to communicate with the SQL
>>>> driver?
>>>
>>> Ok I think I can't give you any better advice, because I never used SQL
>>> authentication.
>>> There is a lot of options in the web interface for SQL auth, so I 
>>> assume
>>> your SQL auth is working fine apart from passwd?
>> exactly
>>
>>>
>>> https://www.horde.org/apps/passwd/docs/INSTALL/#configuring-passwd
>> there are only some settings, from which only
>> $conf[backend][backend_list] seems fitting. Descriptioin text is:
>> " Should we display a list of backends (defined in config/backends.php)
>> for users to choose from? If 'hidden', then you can use the 'preferred'
>> mechanism in backends.local.php to auto-select based on an HTTP
>> virtualhost or another piece of data. If 'shown', the user will be able
>> to pick from any of the options."
>>>
>>> Sound like you just need a few settings in the web interface to get it
>>> running. Sorry, maybe someone else with SQL auth experience can help 
>>> you.
>>>
>> The above seems to imply, that it is expected that you do the
>> confguration of the backend directly in the config files. I looked into
>> it and found (in .../horde/passwd/config/backends.php), that by default
>> ALL backends are set to "'disabled' => true,"
>> So I think I need to have a backend confg file to edit. Preferable
>> generate a backends.local.php instead of editing backends.php
>>
>> There are 2 sql backends, though:
>> "hordesql"  and "sql"  (and there is also a "hordeauth", which seems the
>> wrong option to me , since the "$conf[auth][driver]" is set to SQL)
>
> Just set
>
> $backends['hordeauth']['disabled'] = false;
>
> in backends.local.php.
>



More information about the horde mailing list