[imp] Authentication directly via link
Jan Tammen
jan at tammen.net
Sun Apr 18 07:33:28 PDT 2004
Bonjour.
I'm trying to login directly to the IMP-application via a link like this:
http://MYSERVER/horde2/imp/redirect.php?actionID=105&imapuser=MYUSER&pass=CLEAR_PWD&server=MAILSERVER
Everything works fine when I'm providing the cleartext-password. Yes, I _do_ understand why this is so ;-) The problem here is, that I'm using the IMAP-Auth driver to authenticate the mail-users against a database-table (using pam-mysql) and I do _not_ store the passwords in cleartext.
So I cannot grab the password from the database and automatically create that login-link for the user. On the other hand, I also want manual logins to be possible and so I cannot just change the pam-config to use encrypted passwords.
How could I make that distinction between
a) credentials come via GET -> do compare the password directly as it is already encrypted/hashed.
b) credentials come via POST -> do the "normal" password-check.
Could I use two different pam-configurations, one which uses encrypted passwords, one which uses cleartext passwords? Or would I have to switch to the SQL-Auth driver? But could I then use my already-existing user-database for authentication?
Anyone did this before?
So many questions ... merci, Jan ;-)
More information about the imp
mailing list