[imp] hashed password authentication

Jan Schneider jan at horde.org
Wed Mar 7 23:23:36 UTC 2007


Zitat von JRBernedo at smart.com.ph:

> I am building a community site in which I decided to integrate horde
> into. I have my own authentication for my site. My question is, after
> logging into my site, I want the user to be logged automatically in
> his/her horde email without getting his password manually. Of course his
> email username will be stored in the database together with his access
> to my site (username/password) but I don't want to store his horde mail
> password in plain text (in case I want to log the user using
> conventional horde authentication).
>
>
>
> Simply put, is there some way I can authorize a user (let him view his
> mail, etc) automatically using his hashed password? I can get his hashed
> password through LDAP connection at the backend (using his horde
> username as a reference). This has been bugging me for weeks! Any help
> will do. Thanks in advance!

No. Horde doesn't mind, but your IMAP server expects the real  
password, not the hash. All you could do is store the password  
anywhere after a successful login, if possible encrypted, e.g. in the  
user's session or a cookie.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/



More information about the imp mailing list