[horde] passwd again

Jan Schneider jan at horde.org
Fri Nov 18 10:16:27 UTC 2016


Zitat von Frank Lienhard <frank at mclien.de>:

> On 11/17/2016 11:35 AM, Jan Schneider wrote:
>>
>> Zitat von Frank Lienhard <frank at mclien.de>:
>>
>>> On 11/16/2016 03:23 PM, Hendrik Noack wrote:
>>>>> -----Ursprüngliche Nachricht-----
>>>>> Von: horde [mailto:horde-bounces at lists.horde.org] Im Auftrag von Frank
>>>>> Lienhard
>>>>> Gesendet: Mittwoch, 16. November 2016 15:14
>>>>> An: horde at lists.horde.org
>>>>> Betreff: Re: [horde] passwd again
>>>>>
>>>>>
>>>>>
>>>>> On 11/16/2016 03:00 PM, Hendrik Noack wrote:
>>>>>>> -----Ursprüngliche Nachricht-----
>>>>>>> Von: horde [mailto:horde-bounces at lists.horde.org] Im Auftrag von
>>>>>>> Frank Lienhard
>>>>>>> Gesendet: Mittwoch, 16. November 2016 14:45
>>>>>>> An: horde at lists.horde.org
>>>>>>> Betreff: Re: [horde] passwd again
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 11/16/2016 01:32 PM, Arjen de Korte wrote:
>>>>>>>> Citeren Frank Lienhard <frank at mclien.de>:
>>>>>>>>
>>>>>>>>> I installed passwd according to official doku via pear.
>>>>>>>>>
>>>>>>>>> But I get:
>>>>>>>>> No backend configured for this host when trying to change passwords
>>>>>>>>> as user.
>>>>>>>>>
>>>>>>>>> I understand there is some backend to configure, but I lack the
>>>>>>>>> knowledge where to define and more important what backend (most
>>>>>>> post
>>>>>>>>> talk about ldap, which seams wrong in my setup, since I don't use
>>>>>>>>> any ldap server. So what is the default way of how horde organizes
>>>>>>>>> user/passwd)?
>>>>>>>>
>>>>>>>> Horde by default uses the IMAP server to authenticate users. If you
>>>>>>>> didn't change that, you're the only one who can tell how your IMAP
>>>>>>>> server authenticates users. The backend you need to configure,
>>>>>>>> depends on the method your IMAP server uses.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> Is that still so, if I use the groupware variante of horde (without
>>>>>>> the
>>>>>> webmail
>>>>>>> part) ?
>>>>>>
>>>>>> So how do you organize your user accounts? The webinterface offers
>>>>>> quite a lot of options for user authentication, even if you don't use
>>>>>> an IMAP server. If you have local user accounts only on that server,
>>>>>> you could use PAM for authentication, simply because most linux
>>>>>> distributions have PAM already set up. If you have a Microsoft
>>>>>> environment with Active Directory running, LDAP ist he way to go,
>>>>>> since AD is just a little different from normal LDAP. There a lots of
>>>> good
>>>>> tutorials out there for AD.
>>>>>>
>>>>>> I personally use the webmail edition. User authentication is done via
>>>>>> PAM, but not in Horde directly. I have my SMTP and IMAP server set to
>>>>>> authenticate users against PAM. I have my users and groups in an
>>>>>> Active Directory which is connected to PAM via winbind (or sssd in
>>>>>> newer installations). That way I can ues different services, but
>>>>>> always the same authentication mechanism.
>>>>>
>>>>> What I did is I installed the grouware edition and didn't touch the
>>>> default
>>>>> values that com with it (except forcing horde to https).
>>>>> I then installed the passwd module to let the users change their own
>>>> passwd,
>>>>> which apparently won't work in this combination.
>>>>> I use the horde admin user to genereate new users.
>>>>>
>>>>> The default setting of the groupware edition has the following
>>>>> setting for
>>>>> that:
>>>>> Configuration -Authentication -  $conf[auth][driver] is set to SQL
>>>>> Authentcation and $conf[auth][params][driverconfig] to horde defaults
>>>>>
>>>>> LDAP and IMAP servers are disabled by default.
>>>>>
>>>>> So somehow passwd seems not to be able to communicate with the SQL
>>>>> driver?
>>>>
>>>> Ok I think I can't give you any better advice, because I never used SQL
>>>> authentication.
>>>> There is a lot of options in the web interface for SQL auth, so I assume
>>>> your SQL auth is working fine apart from passwd?
>>> exactly
>>>
>>>>
>>>> https://www.horde.org/apps/passwd/docs/INSTALL/#configuring-passwd
>>> there are only some settings, from which only
>>> $conf[backend][backend_list] seems fitting. Descriptioin text is:
>>> " Should we display a list of backends (defined in config/backends.php)
>>> for users to choose from? If 'hidden', then you can use the 'preferred'
>>> mechanism in backends.local.php to auto-select based on an HTTP
>>> virtualhost or another piece of data. If 'shown', the user will be able
>>> to pick from any of the options."
>>>>
>>>> Sound like you just need a few settings in the web interface to get it
>>>> running. Sorry, maybe someone else with SQL auth experience can help
>>>> you.
>>>>
>>> The above seems to imply, that it is expected that you do the
>>> confguration of the backend directly in the config files. I looked into
>>> it and found (in .../horde/passwd/config/backends.php), that by default
>>> ALL backends are set to "'disabled' => true,"
>>> So I think I need to have a backend confg file to edit. Preferable
>>> generate a backends.local.php instead of editing backends.php
>>>
>>> There are 2 sql backends, though:
>>> "hordesql"  and "sql"  (and there is also a "hordeauth", which seems the
>>> wrong option to me , since the "$conf[auth][driver]" is set to SQL)
>>
>> Just set
>>
>> $backends['hordeauth']['disabled'] = false;
>>
>> in backends.local.php.
>>
> Thanks. That worked fine.
>
> Now I have a question according the passwd strength test:
> 1) sadly in the screen where you change your pwassd there are no hints
> shown, like what you need to consider.

Correct: https://bugs.horde.org/ticket/2304

> 2) I can't find a way to tweek the paramaters for the pwasswd strength.
> Is there a config for that? I think I remember somthing about that, but
> I can't find the according config file

See config/backends.php.

-- 
Jan Schneider
The Horde Project
http://www.horde.org/



More information about the horde mailing list