Discussion:
[Tickets #11387] Re: horde_alarms tries always to login as first admin user but with an empty password
(too old to reply)
b***@horde.org
2012-08-31 11:50:04 UTC
Permalink
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/11387
------------------------------------------------------------------------------
Ticket | 11387
Updated By | Jan Schneider <***@horde.org>
Summary | horde_alarms tries always to login as first admin user
| but with an empty password
Queue | Horde Base
Version | 4.0.15
Type | Bug
-State | Unconfirmed
+State | Feedback
Priority | 2. Medium
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
Each time horde_alarms runs by cron, it tries to login as the first
admin user, but with an empty, password. So we get tons of failed
logins in the logs, plus this might lead to locking the account by
the backend.
This is the expected behavior if you use transparent authentication.
With transparent authentication, the current credentials will be used
to try to authenticate where necessary. To get administration rights
when running CLI scripts, we need to authenticate, or at least fake
authentication, as a real administrator though.
See
https://github.com/o-/horde/commit/3f916b63e59ee92611883f9e204a2d878c661c2f
for an implementation of this check.
This is not a viable solution, because it may very well be allowed to
have an empty password.
In bug #10076 it was suggested that this is a duplicated of bug
#9733, however as we are on the latest versions, this is clearly
still an issue.
Looks like those were not duplicates then.

I admit that this is a problem, but I don't see a proper and easy
solution to this yet. We could allow empty passwords in the
general-purpose IMAP library and catch those earlier inside
Horde-specific code, but even in Horde it might be allowed to login
with an empty password, at least via the API.
--
bugs mailing list
Frequently Asked Questions: http://wiki.horde.org/FAQ
To unsubscribe, mail: bugs-***@lists.horde.org
n***@bugs.horde.org
2013-02-21 11:20:02 UTC
Permalink
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/11387
------------------------------------------------------------------------------
Ticket | 11387
Updated By | peter.meier+***@immerda.ch
Summary | horde_alarms tries always to login as first admin user
| but with an empty password
Queue | Horde Base
Version | 4.0.15
Type | Bug
State | Feedback
Priority | 2. Medium
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------


peter.meier+***@immerda.ch (2013-02-21 11:20) wrote:

This is still a problem in the latest groupware version (5.0.4)
--
bugs mailing list
Frequently Asked Questions: http://wiki.horde.org/FAQ
To unsubscribe, mail: bugs-***@lists.horde.org
n***@bugs.horde.org
2013-08-28 09:19:55 UTC
Permalink
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/11387
------------------------------------------------------------------------------
Ticket | 11387
Updated By | ***@matthiasschwarz.de <***@matthiasschwarz.de>
Summary | horde_alarms tries always to login as first admin user
| but with an empty password
Queue | Horde Base
Version | 4.0.15
Type | Bug
State | Feedback
Priority | 2. Medium
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------


peter.meier+***@immerda.ch (2013-02-21 11:20) wrote:

This is still a problem in the latest groupware version (5.0.4)
--
bugs mailing list
Frequently Asked Questions: http://wiki.horde.org/FAQ
To unsubscribe, mail: bugs-***@lists.horde.org
n***@bugs.horde.org
2013-10-31 12:27:08 UTC
Permalink
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/11387
------------------------------------------------------------------------------
Ticket | 11387
Updated By | ***@phil.hhu.de <***@phil.hhu.de>
Summary | horde_alarms tries always to login as first admin user
| but with an empty password
Queue | Horde Base
Version | 4.0.15
Type | Bug
State | Feedback
Priority | 2. Medium
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------


peter.meier+***@immerda.ch (2013-02-21 11:20) wrote:

This is still a problem in the latest groupware version (5.0.4)
--
bugs mailing list
Frequently Asked Questions: http://wiki.horde.org/FAQ
To unsubscribe, mail: bugs-***@lists.horde.org
n***@bugs.horde.org
2014-01-08 00:11:46 UTC
Permalink
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/11387
------------------------------------------------------------------------------
Ticket | 11387
Updated By | ***@messinet.com
Summary | horde_alarms tries always to login as first admin user
| but with an empty password
Queue | Horde Base
Version | 4.0.15
Type | Bug
State | Feedback
Priority | 2. Medium
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------


***@messinet.com (2014-01-08 00:11) wrote:

I am using LDAP authentication for a new horde-5.1.5 install (with IMP
using hordeauth). Even so, it appears that horde_alarms tries an IMAP
login:

imap[27113]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256
bits new) no authentication
saslauthd[1758]: do_request : NULL password received
imap[27113]: badlogin: localhost [::1] PLAIN [SASL(-13):
authentication failure: Password verification failed]

Since I am not using IMP for authentication, I am not sure why this is
occurring.
--
bugs mailing list
Frequently Asked Questions: http://wiki.horde.org/FAQ
To unsubscribe, mail: bugs-***@lists.horde.org
Loading...