[sork] Password update breaks authentication

Jan Schneider jan at horde.org
Fri Nov 4 14:04:13 UTC 2011


Zitat von Brandon Uhlman <uhlmanbw at gov.ns.ca>:

> Hi, everyone.
>
> It's great that passwd is now supported as part of Horde H4. I need  
> to report two things, one an observation about incorrect  
> documentation in passwd/config/backends.php, and the other a problem  
> I'm experiencing.
>
> First, backends.php provides a list (in the documentation for  
> acceptable values of 'params') of encryption/hashing methods  
> supported by password, specifically this:
>
> params: A params array containing any additional information that the Passwd
>  *         driver needs.
>  *
>  *         The following is a list of supported encryption/hashing methods
>  *         supported by Passwd.
>  *
>  *         1) plain
>  *         2) crypt or crypt-des
>  *         3) crypt-md5
>  *         4) crypt-blowfish
>  *         5) md5-hex
>  *         6) md5-base64
>  *         7) smd5
>  *         8) sha
>  *         9) ssha
>
> A code review, and testing with my required encryption method  
> (crypt-sha512) makes it look like any encryption method defined in  
> both Horde_Auth::getCryptedPassword() and Horde_Auth::getSalt()  
> should be permissible for use in the params array. crypt-sha512  
> works for me, anyway. :-)

I updated the encryption list.

> My other problem is specific to my system. I'm running latest  
> versions of Horde, IMP and passwd, with a Dovecot imap server  
> (2.0.15). Dovecot authenticates against a remote MySQL server, Horde  
> authenticates by directly querying the same MySQL server directly,  
> as opposed to querying it via IMAP. When I configure passwd to use  
> the SQL driver to update the password, the update itself works, but  
> my Horde session times out with [http://pastebin.com/g5UGQ8JD]. It  
> looks like this could be the same issue described in this thread on  
> the Horde list back in July  
> [http://lists.horde.org/archives/horde/Week-of-Mon-20110725/041601.html],  
> and the solution provided was never applied.

There is a (closed) ticket for this in the framework queue. I was  
testing with exactly that setup (only using Cyrus instead of Dovecot)  
and with all modules up-to-date I was no longer able to reproduce it.

> Would it be helpful to submit patches for these two problems to the  
> bugtracker? If so, the Exception string should probably be i18n'd.  
> Do committers take care of that in terms of notifying translators?

You can update the existing ticket to add any *new* information that  
explains why it won't work on your system while it does work somewhere  
else.
The proposed patch is not a solution, just a workaround, so you can  
ignore that.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/



More information about the sork mailing list