[sork] Passwd backends

- Fredde - nagash303 at hotmail.com
Mon Jan 31 12:27:55 PST 2005 

> > However, even if stupid A left his computer hacker B need the 
>oldpassword
> > to be able to change the password, ok? Cant see any security issue, ok?
>
>Okay.  If it works for you, great!  More power to you.

Hmmm do you mean diffrent mailservers/auth treat username/username at domain 
diffrent in horde-passwd in security point of veiw? (bareAUTH/ AUTH)

> > This also work great with multiple virtual domains. Now its up to you to
> > deside
> > the best way to code this into next version.
>
>You miss the point.  It is already in the CVS HEAD, which is where
>the next version comes from (unless there is an emergency security
>alert that must be released asap).

Ok, I see. I just have to wait until next release is out then.

> > This way the username is looked, readonly does the job
> > (yes you can still see the username,but cant edit/change it).
>
>Not in the form as served. But you could spoof the form and change it.  But
>probably you are not worried about that.

To be 100% sure I should not use horde-passwd at all, right?

> > Mabe you have some way of using this for develop some config params
> > enable/dissable this.
>
>Again, it is already in CVS HEAD so no patch is needed.  Only back porting
>it, and/or releasing a new version.
>
> > >In 2.2.1 you configure adding the domain via the hook that is provided, 
>as
> > >per my previous e-mail to the list.
> >
> > Yes, you can, but it dosent work if you use multiple domains.
>
>It does if you code the hook to do so.

Yes, I have to hope some kind user does one and post it here.

> > I do, and thats the reason im screaming about this
> > full-username-back-on-track-support! :)
>
>The hook supports what you want.

Yes you right about that...

> > >However, you can not in 2.2.1 disable
> > >the username field (stop the user from editing it).  This is wrong, and
> > >should
> > >be fixed (e.g. release a 2.2.2 release with the change backported from 
>HEAD
> > >to support this).
> >
> > Yes, mabe my diff abow can help. (thx to Fred Ho!)
>
>We already have the proper code actually, but thanks anyway for submitting
>you changes.  It is nice of you to try to help.

Yes I did what I could, to make horde better, with more support. Ok, thanks 
for taking time to answer my posts.

Greets,

Fredde

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

More information about the sork mailing list