[horde] User not authorized for Mail
James Mohr
horde at jimmo.com
Thu Jul 13 09:22:14 UTC 2017
Thank you *very* much for your patience.
Quoting "Maur=C3=ADcio Jos=C3=A9 T. Tecles" <mtecles at biof.ufrj.br>:
> Citando James Mohr <horde at jimmo.com>:
>
>> Sorry about the previous message. I am not sure what happened.
>>
>> Quoting "Maur=3DC3=3DADcio Jos=3DC3=3DA9 T. Tecles" <mtecles at biof.ufrj.b=
r>:
>>
>>> Citando James Mohr <horde at jimmo.com>:
>>>
>>>> Quoting Michael J Rubinsky <mrubinsk at horde.org>:
>>>>> What authentication backend are you using for Horde? Are you
>>>>> really using HTTP authentication?
>>>>
>>>> On the page Authentication Settings in the Horde cconfiguration under
>>>> "$conf[auth][driver]" I have "HTTP (Basic Authentication/.htpasswd)
>>>> authentication". Is there something else I need to change?
>>>>
>>>
>>> Why use .htpasswd if you intend to use an IMAP server? See below (*).
>>
>> Sorry for the misunderstanding. I obviously forget an important aspect
>> of this configuration. The entire server is protected using HTTP basic
>> authentication. Each user must first login through the HTTP basic
>> authentication before accessing Horde. Login through apache is
>> successful and I can access all of the other applications. Only access
>> to imp is not working. (User jimmo is not authorized for Mail)
>>
>
> OK, but understand that those users may use Horde applications other
> than IMP. IMP is an application to use mail (POP, IMAP, SMTP) and,
> for that to work, IMP must use the credetials of your mail user,
> wich may differ from your ".htpasswd". Because you configured IMP
> 'protocol' =3D> 'imap', the user must be (login as) an IMAP user. In
> other words, you are requiring our users to login separately to
> Email (IMP).
Understood . The thing is, previously when I logged in, I was able to
user the other applications, just not imp.
I can login successfully using "telnet localhost 143".
. login myusername mypasswd
The response is:
. OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=3Dkxte QUOTA
MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN
MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=3DMODSEQ
SORT=3DDISPLAY THREAD=3DORDEREDSUBJECT THREAD=3DREFERENCES ANNOTATEMORE
LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=3DBINARY
X-NETSCAPE LOGINDISABLED COMPRESS=3DDEFLATE IDLE] User logged in
SESSIONID=3D<sonne-new-25030-1499933333-1>
When I load Horde, I input the same username and password, but I
always get "login failed". The log looks like this:
Jul 13 10:20:15 sonne-new HORDE[16296]: Load config file (conf.php;
app: horde) [pid 16296 on line 110 of
"/usr/share/php5/PEAR/Horde/Registry/Loadconfig.php"]
Jul 13 10:20:15 sonne-new HORDE[16296]: [imp] Load config file
(conf.php; app: imp) [pid 16296 on line 110 of
"/usr/share/php5/PEAR/Horde/Registry/Loadconfig.php"]
Jul 13 10:20:15 sonne-new HORDE[16296]: [imp] Load config file
(backends.php; app: imp) [pid 16296 on line 110 of
"/usr/share/php5/PEAR/Horde/Registry/Loadconfig.php"]
Jul 13 10:20:15 sonne-new imap[25030]: accepted connection
Jul 13 10:20:15 sonne-new HORDE[16296]: [imp] [login] Server does not
support TLS connections. [pid 16296 on line 730 of
"/data/home/XXXXX/public_html/horde/imp/lib/Imap.php"]
Jul 13 10:20:15 sonne-new HORDE[16296]: 1.
Horde_Core_Auth_Application->authenticate()
/data/home/XXXXX/public_html/horde/login.php:155
2.
Horde_Core_Auth_Application->authenticate()
/usr/share/php5/PEAR/Horde/Core/Auth/Application.php:138
3.
Horde_Auth_Base->authenticate()
/usr/share/php5/PEAR/Horde/Core/Auth/Application.php:141
4.
Horde_Core_Auth_Application->_authenticate()
/usr/share/php5/PEAR/Horde/Auth/Base.php:161
5.
Horde_Registry->callAppMethod()
/usr/share/php5/PEAR/Horde/Core/Auth/Application.php:170
6. call_user_func_array()
/usr/share/php5/PEAR/Horde/Registry.php:1197
7.
IMP_Application->authAuthenticate()
8. IMP_Auth::authenticate()
/data/home/XXXXX/public_html/horde/imp/lib/Application.php:371
9. IMP_Imap->login()
/data/home/XXXXX/public_html/horde/imp/lib/Auth.php:86
10. IMP_Imap->__call()
/data/home/XXXXX/public_html/horde/imp/lib/Auth.php:86
11.
Horde_Core_Auth_Application->authenticate()
/data/home/XXXXX/public_html/horde/login.php:155
12.
Horde_Core_Auth_Application->authenticate()
/usr/share/php5/PEAR/Horde/Core/Auth/Application.php:138
13.
Horde_Auth_Base->authenticate()
/usr/share/php5/PEAR/Horde/Core/Auth/Application.php:141
14.
Horde_Core_Auth_Application->_authenticate()
/usr/share/php5/PEAR/Horde/Auth/Base.php:161
15.
Horde_Registry->callAppMethod()
/usr/share/php5/PEAR/Horde/Core/Auth/Application.php:170
16. call_user_func_array()
/usr/share/php5/PEAR/Horde/Registry.php:1197
17.
IMP_Application->authAuthenticate()
18. IMP_Auth::authenticate()
/data/home/XXXXX/public_html/horde/imp/lib/Application.php:371
19. IMP_Imap->login()
/data/home/XXXXX/public_html/horde/imp/lib/Auth.php:86
20. IMP_Imap->__call()
/data/home/XXXXX/public_html/horde/imp/lib/Auth.php:86
21. call_user_func_array()
/data/home/XXXXX/public_html/horde/imp/lib/Imap.php:718
22. Horde_Imap_Client_Base->login(=
)
23.
Horde_Imap_Client_Socket->_login()
/usr/share/php5/PEAR/Horde/Imap/Client/Base.php:831
Jul 13 10:20:15 sonne-new HORDE[16296]: [imp] FAILED LOGIN for jimmo
(X.X.X.X) to {imap://localhost/} [pid 16296 on line 157 of
"/data/home/XXXXX/public_html/horde/imp/lib/Auth.php"]
Jul 13 10:20:15 sonne-new HORDE[16296]: [horde] FAILED LOGIN for jimmo
to horde (X.X.X.X) [pid 16296 on line 199 of
"/data/home/XXXXX/public_html/horde/login.php"]
Jul 13 10:20:15 sonne-new HORDE[16296]: [horde] Load config file
(nls.php; app: horde) [pid 16296 on line 110 of
"/usr/share/php5/PEAR/Horde/Registry/Loadconfig.php"]
Jul 13 10:20:15 sonne-new HORDE[16296]: [horde] Load config file
(motd.php; app: horde) [pid 16296 on line 110 of
"/usr/share/php5/PEAR/Horde/Registry/Loadconfig.php"]
Jul 13 10:20:15 sonne-new HORDE[16296]: [horde] Max memory usage:
8126464 bytes [pid 16296 on line 613 of
"/usr/share/php5/PEAR/Horde/Registry.php"]
backends.local.php currently looks like this:
$servers['imap'] =3D array(
'disabled' =3D> 'false',
'name' =3D> 'myhost.mydomain.tld',
'hostspec' =3D> 'localhost',
'hordeauth' =3D> 'false',
'protocol' =3D> 'imap',
'secure' =3D> 'false',
);
For whatever reason, Horde is trying to use TLS. If you could tell me
how to disable this, I would appreaciate it.
> Your configuration: Horde -> .htpasswd, IMP -> IMAP.
> (1*) See below.
>
> Can user jimmo from ".htpasswd" login with the same credentials to
> your IMAP server?
Yes. See above.
>
>>
>>>>>> In the system logs (journalctl) I see:
>>>>>>
>>>>>> [imp] [login] Server does not support TLS connections.
>>>>>>
>>>>>> That seems clear enough so after googling I changed
>>>>>> backends.local.php so it now looks like this:
>>>>>>
>>>>>> // IMAP server
>>>>>> $servers['imap'] =3D3D array(
>>>>>> 'disabled' =3D3D> false,
>>>>>> 'name' =3D3D> 'localhost',
>>>>>> 'hostspec' =3D3D> 'myhost.mydomain.'tld,
>>>>>> 'hordeauth' =3D3D> false,
>>>>>> 'protocol' =3D3D> 'imap',
>>>>>> 'secure' =3D3D> 'false',
>>>>>> );
>>>>>
>
> (1*) begin
>
>>>>> Are you requiring your users to login separately to Email?
>>>>
>>>> Not intentionally. I have looked through the Horde and Imp
>>>> confifuration and I do not find any place to require users to login
>>>> separately to email.
>>
>> What I meant was *IF* Horde is somehow configured so it is "requiring
>> your users to login separately to Email", it was unintentional on my
>> part. I do not what a separate login. I want users to login with the
>> basic http authentication and not have to login a second time. I have
>> a very old system where this worked and I am trying to get the same
>> configuration on a new system.
>>
>
> (1*) end
>
>>>
>>> Either you did not understand the question or I did not understand
>>> what you want. If you are not going to to login separately to
>>> Email, I suggest configuring a Horde application (imp) to
>>> authenticate. Go to the "Authentication" tab and configure:
>>>
>>> $conf[auth][driver]: Let a Horde application handle authentication
>>>
>>> $conf[auth][params][app]: imp
>>>
>>> $conf[auth][admins]: "your_login"
>>
>> To test the configuration I tried that. I get the login prompt but
>> cannot login.
>>
>> Unfortunately, I cannot do anything at all at the moment, because I
>> cannot login at all. That is,whenj I load the Horder URL, I get the
>> login form but cannot login. I cannot change the authentication method
>> back to HTTP basic. I cannot find a file where this is changed. :-(
>>
>
> Whenever you modify Horde configuration by web it generates
> conf.bak.php. Copy it to conf.php or edit it (driver)
> (~webmail/config/conf.php or ~horde/config/conf.php) to login to
> .htpasswd as before.
I copied the conf.bak.php to conf.php and I still get the login
prompt. Previously I was brought into the default app kronolith. At
this point I am beginning to suspect that I have screwed things up to
much and should start from scratch. :-(
>
>>
>>> (*) And that answers the question above. You are going to use Imp
>>> to authenticate against an IMAP server. As I understand, your
>>> users are Mail users, not HTTP users (although they are going to
>>> use a web interface - imp - to the mail service). See below (**).
As will the (very) old server, my intention is to have a single login.
That is, the users login into server with http basic authentication
and horde handles the rest. This worked on the old system so I was
hoping to get it to work on the new one. I went through (hopefully)
all of the settings on the old system and changed them using the GUI
on the new system.
At this point, all I want to do is get Horde to work, even with
multiple logins. ;-}
>>>
>>> Be sure that your web server uses encryption (https) and configure
>>> Horde to do so:
>>>
>>> URL Settings * $conf[use_ssl]:
>>
>> Is this absolutely necessary in that this configuration will not work
>> without it? I would like to get this running first, before I add any
>> additional configuration.
>>
>
> No, it is not necessary, wait until you are done with basic
> configuration and authentication.
>
>>>> Does it make a different if true/false are included in single-quotes?
>>>>
>>>>>> 'disabled' =3D3D> false,
>>>>>> 'secure' =3D3D> 'false',
>>>>
>>>>>> No change. My biggest question at this point is to what exactly
>>>>>> is Horde connecting. IMAP? POP3? My assumption is IMAP
>>>>>> because of the complete log entry:
>>>>>
>>>>> Yes, according to the above configuration stanza, you are
>>>>> connecting to an IMAP server running on 'myhost.mydomain.tld'.
>>>>> I'm assuming the misplaced quotation mark in your stanza is a
>>>>> typo, as that would cause a parse error in PHP when loaded.
>>>>
>>>> Yes. That was I typo when I changed the real domain in the email.
>>>>
>>>>>> Jun 24 16:32:37 sonne-new HORDE[3058]: [imp] [login] Server
>>>>>> does not support TLS connections. [pid 3058 on line 730 of
>>>>>> "/data/home/user/public_html/horde/imp/lib/Imap.php"]
>>>>>
>>>>> You either need to configure your IMAP server to use TLS or
>>>>> disable it in your configuration.
>>>>
>>>> I though that I disabled it in backends.local.php with this line:
>>>> 'secure' =3D3D> 'false',
>>>>
>>>>> The password for the http authentication, the local user, are all
>>>>>> the same. sasldblistusers2 shows the user. My question here is
>>>>>> what format the users should have:
>>>>>> username at localhost
>>>>>> username at hostname
>>>>>> username at hostname.domain.tld
>>>>>> username at domain.tld
>>>>>
>>>>> I am confused as to exactly what authentication backend you are
>>>>> using in Horde. As far as the general question about thr
>>>>> format of the users, that depends entirely on what the
>>>>> authentication backend is expecting. There is no one right
>>>>> answer.
>>>>
>>>> What would be correct for HTTP authentication?
>>>>
>>>
>>> Again, I think you did not understand the question.
>>> (**) You should authenticate via imap that you already tested.
>>> If you are going to use "username" or "username at ..." is up to you.
>>
>> Obviously I cannot use one form of the login in the sasl DB
>> (saslpasswd2 -c) and then another form when I login. Where/how do make
>> changes if it "is up to you"? Where exactly is Horde getting error
>> message? From the imap server?
>>
>
> Remember your configuration: Horde -> .htpasswd, IMP -> IMAP. So,
> IMP users will login the same way they login to your IMAP server.
> See below (2*).
If I understand correctly, it *should* be the same credentials as when
I do a telnet to port 143, right? This is what I am using with no luck.
>>> Depending on what you want, you might need a different
>>> authentication backend. Just try imp to handle authentication, as
>>> explained above.
>>>
>>>>>> The mailbopx was created using cyradm and the permissions look like =
th=3D
>> is:
>>>>>> localhost.localdomain> listacl user.myuser
>>>>>> user.myuser lrswipkxtecda
>>>>>>
>>>>>> I have successully tested the username using telnet to connect
>>>>>> to ports 110(POP3) and 143 (IMAP), as well as with
>>>>>> testsaslauthd.
>>>>>
>>>>> Port 143 is the TLS port for IMAP, so it seems that your server
>>>>> *does* support this?
>>>>
>>>> Hmmmm.....Why then am I getting the error message "Server does not
>>>> support TLS connections"?
>>>>
>>>
>>> Port 143 can be used to login as plain text or with encryption.
>>> SASL and TLS are not the same thing.
>>
>> Understood. So where exactly is Horde connecting at this point? To the
>> imap server?
>
> (2*) Yes, you configured IMP to login to your IMAP server
> ('protocol' =3D> 'imap'). I can see an error log above stating
> "Server does not support TLS connections". Increase Horde log level
> to debug and maybe your IMAP log too, and try to find out what is
> wrong. Provide us with some logs.
>
>>
>>> Are the webserver with Horde and the imap server one the same machine?
>> Yes. This is a single machine.
>>
>
> If this is a single machine and IMP is configured to login to the
> local IMAP then use localhost.
>
> 'hostspec' =3D> 'localhost';
>
> Mauricio
>
>>>
>>> Mauricio
>>>
>>>>> --
>>>>> mike
>>>>> The Horde Project
>>>>> http://www.horde.org
>>>>> https://www.facebook.com/hordeproject
>>>>> https://www.twitter.com/hordeproject
>>>>
>>>> Regards,
>>>> James
>>>>
>>>>
>>>> --
>>>> Horde mailing list
>>>> Frequently Asked Questions: http://horde.org/faq/
>>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>
>>>
>>> --
>>>
>>> Maur=3DC3=3DADcio Jos=3DC3=3DA9 T. Tecles
>>> Instituto de Biof=3DC3=3DADsica Carlos Chagas Filho/UFRJ
>>> Av. Carlos Chagas Filho, 373
>>> N=3DC3=3DBAcleo de Inform=3DC3=3DA1tica
>>> CCS, Bloco G, sala G1-006
>>> Cidade Universit=3DC3=3DA1ria - Ilha do Fund=3DC3=3DA3o
>>> 21941-902, Rio de Janeiro - RJ
>>>
>>> mtecles at biof.ufrj.br
>>> Tel.: (21) 3938-6526 ou 3938-6544
>>>
>>> --
>>> Horde mailing list
>>> Frequently Asked Questions: http://horde.org/faq/
>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>
>>
>> --
>> Horde mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
>
> --
>
> Maur=C3=ADcio Jos=C3=A9 T. Tecles
> Instituto de Biof=C3=ADsica Carlos Chagas Filho/UFRJ
> Av. Carlos Chagas Filho, 373
> N=C3=BAcleo de Inform=C3=A1tica
> CCS, Bloco G, sala G1-006
> Cidade Universit=C3=A1ria - Ilha do Fund=C3=A3o
> 21941-902, Rio de Janeiro - RJ
>
> mtecles at biof.ufrj.br
> Tel.: (21) 3938-6526 ou 3938-6544
>
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
More information about the horde
mailing list