[horde] passwd again

Thu Nov 17 19:09:20 UTC 2016

On 11/17/2016 11:35 AM, Jan Schneider wrote:
> 
> Zitat von Frank Lienhard <frank at mclien.de>:
> 
>> On 11/16/2016 03:23 PM, Hendrik Noack wrote:
>>>> -----Ursprüngliche Nachricht-----
>>>> Von: horde [mailto:horde-bounces at lists.horde.org] Im Auftrag von Frank
>>>> Lienhard
>>>> Gesendet: Mittwoch, 16. November 2016 15:14
>>>> An: horde at lists.horde.org
>>>> Betreff: Re: [horde] passwd again
>>>>
>>>>
>>>>
>>>> On 11/16/2016 03:00 PM, Hendrik Noack wrote:
>>>>>> -----Ursprüngliche Nachricht-----
>>>>>> Von: horde [mailto:horde-bounces at lists.horde.org] Im Auftrag von
>>>>>> Frank Lienhard
>>>>>> Gesendet: Mittwoch, 16. November 2016 14:45
>>>>>> An: horde at lists.horde.org
>>>>>> Betreff: Re: [horde] passwd again
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 11/16/2016 01:32 PM, Arjen de Korte wrote:
>>>>>>> Citeren Frank Lienhard <frank at mclien.de>:
>>>>>>>
>>>>>>>> I installed passwd according to official doku via pear.
>>>>>>>>
>>>>>>>> But I get:
>>>>>>>> No backend configured for this host when trying to change passwords
>>>>>>>> as user.
>>>>>>>>
>>>>>>>> I understand there is some backend to configure, but I lack the
>>>>>>>> knowledge where to define and more important what backend (most
>>>>>> post
>>>>>>>> talk about ldap, which seams wrong in my setup, since I don't use
>>>>>>>> any ldap server. So what is the default way of how horde organizes
>>>>>>>> user/passwd)?
>>>>>>>
>>>>>>> Horde by default uses the IMAP server to authenticate users. If you
>>>>>>> didn't change that, you're the only one who can tell how your IMAP
>>>>>>> server authenticates users. The backend you need to configure,
>>>>>>> depends on the method your IMAP server uses.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> Is that still so, if I use the groupware variante of horde (without
>>>>>> the
>>>>> webmail
>>>>>> part) ?
>>>>>
>>>>> So how do you organize your user accounts? The webinterface offers
>>>>> quite a lot of options for user authentication, even if you don't use
>>>>> an IMAP server. If you have local user accounts only on that server,
>>>>> you could use PAM for authentication, simply because most linux
>>>>> distributions have PAM already set up. If you have a Microsoft
>>>>> environment with Active Directory running, LDAP ist he way to go,
>>>>> since AD is just a little different from normal LDAP. There a lots of
>>> good
>>>> tutorials out there for AD.
>>>>>
>>>>> I personally use the webmail edition. User authentication is done via
>>>>> PAM, but not in Horde directly. I have my SMTP and IMAP server set to
>>>>> authenticate users against PAM. I have my users and groups in an
>>>>> Active Directory which is connected to PAM via winbind (or sssd in
>>>>> newer installations). That way I can ues different services, but
>>>>> always the same authentication mechanism.
>>>>
>>>> What I did is I installed the grouware edition and didn't touch the
>>> default
>>>> values that com with it (except forcing horde to https).
>>>> I then installed the passwd module to let the users change their own
>>> passwd,
>>>> which apparently won't work in this combination.
>>>> I use the horde admin user to genereate new users.
>>>>
>>>> The default setting of the groupware edition has the following
>>>> setting for
>>>> that:
>>>> Configuration -Authentication -  $conf[auth][driver] is set to SQL
>>>> Authentcation and $conf[auth][params][driverconfig] to horde defaults
>>>>
>>>> LDAP and IMAP servers are disabled by default.
>>>>
>>>> So somehow passwd seems not to be able to communicate with the SQL
>>>> driver?
>>>
>>> Ok I think I can't give you any better advice, because I never used SQL
>>> authentication.
>>> There is a lot of options in the web interface for SQL auth, so I assume
>>> your SQL auth is working fine apart from passwd?
>> exactly
>>
>>>
>>> https://www.horde.org/apps/passwd/docs/INSTALL/#configuring-passwd
>> there are only some settings, from which only
>> $conf[backend][backend_list] seems fitting. Descriptioin text is:
>> " Should we display a list of backends (defined in config/backends.php)
>> for users to choose from? If 'hidden', then you can use the 'preferred'
>> mechanism in backends.local.php to auto-select based on an HTTP
>> virtualhost or another piece of data. If 'shown', the user will be able
>> to pick from any of the options."
>>>
>>> Sound like you just need a few settings in the web interface to get it
>>> running. Sorry, maybe someone else with SQL auth experience can help
>>> you.
>>>
>> The above seems to imply, that it is expected that you do the
>> confguration of the backend directly in the config files. I looked into
>> it and found (in .../horde/passwd/config/backends.php), that by default
>> ALL backends are set to "'disabled' => true,"
>> So I think I need to have a backend confg file to edit. Preferable
>> generate a backends.local.php instead of editing backends.php
>>
>> There are 2 sql backends, though:
>> "hordesql"  and "sql"  (and there is also a "hordeauth", which seems the
>> wrong option to me , since the "$conf[auth][driver]" is set to SQL)
> 
> Just set
> 
> $backends['hordeauth']['disabled'] = false;
> 
> in backends.local.php.
> 
Thanks. That worked fine.

Now I have a question according the passwd strength test:
1) sadly in the screen where you change your pwassd there are no hints
shown, like what you need to consider.

2) I can't find a way to tweek the paramaters for the pwasswd strength.
Is there a config for that? I think I remember somthing about that, but
I can't find the according config file