[sork] Password update breaks authentication

Brandon Uhlman uhlmanbw at gov.ns.ca
Thu Nov 3 16:48:52 UTC 2011 

Hi, everyone.

It's great that passwd is now supported as part of Horde H4. I need to report two things, one an observation about incorrect documentation in passwd/config/backends.php, and the other a problem I'm experiencing.

First, backends.php provides a list (in the documentation for acceptable values of 'params') of encryption/hashing methods supported by password, specifically this:

params: A params array containing any additional information that the Passwd
 *         driver needs.
 *
 *         The following is a list of supported encryption/hashing methods
 *         supported by Passwd.
 *
 *         1) plain
 *         2) crypt or crypt-des
 *         3) crypt-md5
 *         4) crypt-blowfish
 *         5) md5-hex
 *         6) md5-base64
 *         7) smd5
 *         8) sha
 *         9) ssha

A code review, and testing with my required encryption method (crypt-sha512) makes it look like any encryption method defined in both Horde_Auth::getCryptedPassword() and Horde_Auth::getSalt() should be permissible for use in the params array. crypt-sha512 works for me, anyway. :-)

My other problem is specific to my system. I'm running latest versions of Horde, IMP and passwd, with a Dovecot imap server (2.0.15). Dovecot authenticates against a remote MySQL server, Horde authenticates by directly querying the same MySQL server directly, as opposed to querying it via IMAP. When I configure passwd to use the SQL driver to update the password, the update itself works, but my Horde session times out with [http://pastebin.com/g5UGQ8JD]. It looks like this could be the same issue described in this thread on the Horde list back in July [http://lists.horde.org/archives/horde/Week-of-Mon-20110725/041601.html], and the solution provided was never applied.

Would it be helpful to submit patches for these two problems to the bugtracker? If so, the Exception string should probably be i18n'd. Do committers take care of that in terms of notifying translators?

~B


==================================
Brandon W. Uhlman
Library Computer Systems Specialist
Nova Scotia Provincial Library

Phone: (902) 424-3944
E-mail: uhlmanbw at gov.ns.ca

More information about the sork mailing list