[sork] Passwd backends

- Fredde - nagash303 at hotmail.com
Fri Jan 28 01:35:33 PST 2005


> > Re: hooks; yup, I'd considered this and even tried it, but having 
>previously
> > searched around for information on this issue (and a related one, more 
>on
> > that in a few days), I'd realised that I wasn't alone in this 
>requirement,
> > and that it's quite a common one.
>
>But the hook should solve the problem, common or not, unless I'm not
>understanding the problem correctly.

How do I use hook to include the @mydomain.com in the "username" field?

> > The thing that led me to suggest this modification, rather than just 
>hacking
> > my own installation and keeping quiet, was that there is a similar 
>setting
> > in imp/config/servers.php - 'hordeauth' - which I have used for my
> > particular installation.
>
>Yeah, and another, called realm.  That doesn't mean every application
>should have those though...

Why? I think it could be a big improvement in the passwd module. As for now, 
I have to enable the username field to be able to use this module, and users 
have to remember to add the "@mydomain.com" othervise its not working (using 
the backend vpopmail).

>I always thought of hordeauth as using the same username/password 
>credentials
>that Horde uses for login/authentication.  Since passwd doesn't do this per
>se - it is to change a password, not to login to something - I never 
>thought
>it was appropriate to use it here.

See abow.

>None-the-less, I'd support the addition of a hordeauth solution if it
>was clean, to login/authenticate against the backend being used to
>change the password.  It would still need to prompt for the old and
>new passwords (and optionally the username) separate from the hordeauth
>though to maintain backwards compatibility (think of the case where a
>user is changing the password for another user, ala a helpdesk).

As I said, an option that include "@mydomain.com" should be great!

> > It seemed strange that this setting existed in imp but not in passwd. 
>After
>
>The setting came along (in gollem and imp, maybe others) not that long ago
>in Horde-years, and I think it was only put into applications to avoid
>a double login situation.  This is not really the situation in passwd,
>as we don't consider it a double login (we consider it a security issue).

Security issue? Cant see what diffrense including domainname or not could be 
an security issue?

> > setting it in imp I went looking for it in passwd and was surprised not 
>to
> > find it. Therefore I thought it might be good to provide a similar 
>setting
> > in passwd.
>
>It might be.  Not sure.  You'd have to convince us of the merit.

convinced?

> > I would suggest that it is not an uncommon requirement; I suspect that
> > Horde/Imp is used as a webmail solution in many virtual hosting 
>environments
> > where the full user & domain name is required for authentication and
> > authorisation.

Agree!

>That's why the hook was put into the sork apps that use usernames (IIRC).
>
> > The ability to change a password in the webmail environment
> > is probably incredibly desirable in many such situations, as typically 
>the
> > user interface for password changes is a separate one provided by the
> > hosting software, and in my experience is absolutely dreadful!
>
>But, that doesn't mean you don't need to ask the user for a 
>username/password
>to use.  That is a separate issue (security).

Mabe, but its useless if you dont have the option to include the domain 
(even if its just included in the $userid for the username field), unvice I 
like to have lots of support issues people complaining about the passord 
cant be changed.

- - -

Peter, Im intrested in the patch you have, ill be happy to see it posted!

- - -

> > Peter.
> >
> > -----Original Message-----
> > From: sork-bounces at lists.horde.org [mailto:sork-bounces at lists.horde.org] 
>On
> > Behalf Of Eric Rostetter
> > Sent: 27 January 2005 22:09
> > To: sork at lists.horde.org
> > Subject: Re: [sork] Passwd backends
> >
> > Quoting "Peter Borg (horde)" <horde at peter-b.org>:
> >
> > > I've recently installed Horde 3 and the various modules that are
> > > immediately available for it.
> > >
> > > In addition, because it's an essential tool for my users, I've picked
> > > up the HEAD release of passwd from CVS to use it - seems to work fine 
>for
> > me!
> >
> > Great!
> >
> > > However, I had to modify it to be able to use it successfully as my
> > > various
> >
> > Are you sure?
> >
> > > authentications require the full username (Auth::getAuth) as opposed
> > > to the domain-stripped username (Auth::getBareAuth).
> >
> > Isn't there a hook in it just for this purpose?
> >
> > > I don't want users to be able
> > > to enter the username for which they want to change the password, nor
> > > to select the back-end.
> >
> > Are not these configuration options?
> >
> > > I was considering submitting a patch for this, but the modification
> > > I've made wouldn't necessarily suit everyone. Reviewing the options, I
> > > was wondering what people's views are on this.
> >
> > I've not looked at the code recently, but I thought all those changes 
>were
> > already there as configuration options.  If not, I'd support changes to
> > allow them as configuration changes.
> >
> > > Clearly, there's a need for a
> > > parameter to control which type of username is presented to the user
> > > or passed to the backend, but should this be global for all backends,
> > > or backend specific.
> >
> > It should be a hook, so it is more flexible.
> >
> > > In which case, it seems fairly trivial to add an extra property to
> > > each back-end definition in backends.php; require_full_username set to
> > > either true or false would seem sensible.
> >
> > This has traditionally been done with hooks, and should stay that way to 
>be
> > consistent with other Horde applications.
> >
> > > Discuss?
> >
> > Sure.
> >
> > > (As an aside, I wasn't sure if anyone was working on passwd at the
> > > moment,
> >
> > Not really.  But it isn't forgotten or anything.
> >
> > > so wasn't sure which version to submit a patch for. Seems foolish to
> > > submit a patch to HEAD if it's being worked on!)
> >
> > Always submit against HEAD.
> >
> > > Peter.
> >
> > --
> > Eric Rostetter
> > The Department of Physics
> > The University of Texas at Austin
> >
> > Why get even? Get odd!
> > --
> > Sork mailing list - Join the hunt: http://horde.org/bounties/#sork
> > Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail:
> > sork-unsubscribe at lists.horde.org
> >
> >
> > --
> > Sork mailing list - Join the hunt: http://horde.org/bounties/#sork
> > Frequently Asked Questions: http://horde.org/faq/
> > To unsubscribe, mail: sork-unsubscribe at lists.horde.org
> >
>
>
>--
>Eric Rostetter
>The Department of Physics
>The University of Texas at Austin
>
>Why get even? Get odd!
>--
>Sork mailing list - Join the hunt: http://horde.org/bounties/#sork
>Frequently Asked Questions: http://horde.org/faq/
>To unsubscribe, mail: sork-unsubscribe at lists.horde.org

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/



More information about the sork mailing list