[horde] User not authorized for Mail

Maurício José T. Tecles mtecles at biof.ufrj.br
Mon Jul 10 14:49:06 UTC 2017 

Citando James Mohr <horde at jimmo.com>:

> Quoting Michael J Rubinsky <mrubinsk at horde.org>:
>> What authentication backend are you using for Horde? Are you really  
>>  using HTTP authentication?
>
> On the page Authentication Settings in the Horde cconfiguration under
> "$conf[auth][driver]" I have "HTTP (Basic Authentication/.htpasswd)
> authentication".  Is there something else I need to change?
>

Why use .htpasswd if you intend to use an IMAP server?  See below (*).

>>> In the system logs (journalctl) I see:
>>>
>>> [imp] [login] Server does not support TLS connections.
>>>
>>> That seems clear enough so after googling I changed   
>>> backends.local.php so it now looks like this:
>>>
>>> // IMAP server
>>> $servers['imap'] = array(
>>>   'disabled' => false,
>>>   'name' => 'localhost',
>>>   'hostspec' => 'myhost.mydomain.'tld,
>>>   'hordeauth' => false,
>>>   'protocol' => 'imap',
>>>   'secure' => 'false',
>>> );
>>
>> Are you requiring your users to login separately to Email?
>
> Not intentionally. I have looked through the Horde and Imp
> confifuration and I do not find any place to require users to login
> separately to email.
>

Either you did not understand the question or I did not understand  
what you want. If you are not going to to login separately to Email, I  
suggest configuring a Horde application (imp) to authenticate. Go to  
the "Authentication" tab and configure:

$conf[auth][driver]: Let a Horde application handle authentication

$conf[auth][params][app]: imp

$conf[auth][admins]: "your_login"

(*) And that answers the question above. You are going to use Imp to  
authenticate against an IMAP server. As I understand, your users are  
Mail users, not HTTP users (although they are going to use a web  
interface - imp - to the mail service). See below (**).

Be sure that your web server uses encryption (https) and configure  
Horde to do so:

URL Settings * $conf[use_ssl]:

> Does it make a different if true/false are included in single-quotes?
>
>>>   'disabled' => false,
>>>   'secure' => 'false',
>
>>> No change. My biggest question at this point is to what exactly is  
>>>  Horde connecting. IMAP? POP3? My assumption is IMAP because of  
>>> the  complete log entry:
>>
>> Yes, according to the above configuration stanza, you are  
>> connecting  to an IMAP server running on 'myhost.mydomain.tld'. I'm  
>> assuming the  misplaced quotation mark in your stanza is a typo, as  
>> that would  cause a parse error in PHP when loaded.
>
> Yes. That was I typo when I changed the real domain in the email.
>
>>> Jun 24 16:32:37 sonne-new HORDE[3058]: [imp] [login] Server does   
>>> not support TLS connections. [pid 3058 on line 730 of   
>>> "/data/home/user/public_html/horde/imp/lib/Imap.php"]
>>
>> You either need to configure your IMAP server to use TLS or disable  
>>  it in your configuration.
>
> I though that I disabled it in backends.local.php with this line:
>    'secure' => 'false',
>
>> The password for the http authentication, the local user, are all
>>> the same. sasldblistusers2 shows the user. My question here is  
>>> what  format the users should have:
>>> username at localhost
>>> username at hostname
>>> username at hostname.domain.tld
>>> username at domain.tld
>>
>> I am confused as to exactly what authentication backend you are   
>> using in Horde. As far as the general question about thr format of   
>> the users, that depends entirely on what the authentication backend  
>>  is expecting. There is no one right answer.
>
> What would be correct for HTTP authentication?
>

Again, I think you did not understand the question.
(**) You should authenticate via imap that you already tested.
If you are going to use "username" or "username at ..." is up to you.  
Depending on what you want, you might need a different authentication  
backend. Just try imp to handle authentication, as explained above.

>>> The mailbopx was created using cyradm and the permissions look like this:
>>> localhost.localdomain> listacl user.myuser
>>> user.myuser lrswipkxtecda
>>>
>>> I have successully tested the username using telnet to connect to   
>>> ports 110(POP3) and 143 (IMAP), as well as with testsaslauthd.
>>
>> Port 143 is the TLS port for IMAP, so it seems that your server   
>> *does* support this?
>
> Hmmmm.....Why then am I getting the error message "Server does not
> support TLS connections"?
>

Port 143 can be used to login as plain text or with encryption. SASL  
and TLS are not the same thing.

Are the webserver with Horde and the imap server one the same machine?

Mauricio

>> -- 
>> mike
>> The Horde Project
>> http://www.horde.org
>> https://www.facebook.com/hordeproject
>> https://www.twitter.com/hordeproject
>
> Regards,
> James
>
>
> -- 
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org


-- 

Maurício José T. Tecles
Instituto de Biofísica Carlos Chagas Filho/UFRJ
Av. Carlos Chagas Filho, 373
Núcleo de Informática
CCS, Bloco G, sala G1-006
Cidade Universitária - Ilha do Fundão
21941-902, Rio de Janeiro - RJ

mtecles at biof.ufrj.br
Tel.: (21) 3938-6526 ou 3938-6544

More information about the horde mailing list