[imp] shared folder acl editing

Jan Schneider jan at horde.org
Fri Jul 18 15:26:07 UTC 2008


Zitat von Liam Hoekenga <liamr at umich.edu>:

>> Revisting the code, I noticed that my assumption was not correct.  
>> We actually check if 'admin' settings exist in servers.php, because  
>> that's what we also do to check if the 'list' capability is  
>> available when using IMP authentication.
>
> We're using Cyrus.  I just kept the "admin" block from servers.php.dist.
> Looks like it get the field if I set
>
>     $servers['cyrus']['admin'] = false;
>
>>>> Why don't you use the http authentication driver?
>>>
>>> Because it checks PHP_AUTH_USER instead of  
>>> $_SERVER['REMOTE_USER'], and our stuff doesn't set PHP_AUTH_USER.   
>>> We also don't use an .htaccess file for authentication, or do  
>>> anything that pretends to be basic auth.
>>
>> Ah, I thought REMOTE_USER was set by some http basic auth.
>
> I believe that HTTP basic auth should always set REMOTE_USER.  When  
> a browser has authenticated with basic auth, it embeds the username  
> and password in the http headers that get passed to the server with  
> every request.  I'm pretty sure it's the presence of these headers  
> that causes PHP to set the PHP_AUTH_USER and PHP_AUTH_PW environment  
> variables.

Yes, exactly. That's why I suggested using the http driver.

> Our SSO only sets REMOTE_USER.  Would it be reasonable, perhaps, for  
> the http authentication driver to check for either PHP_AUTH_USER or  
> REMOTE_USER?

Not really, because, as I learned from you, you are not using http  
auth, so the http auth driver shouldn't work.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/



More information about the imp mailing list