2.2-rc3 critique: FAILS '"' CONTAINING PASSWORDS!!!!
Alain Spineux
aspineux at gmail.com
Thu Jun 19 11:45:24 CEST 2008
On Thu, Jun 19, 2008 at 8:47 AM, Johannes Graumann
<johannes_graumann at web.de> wrote:
> I was indeed using a password with a double quote - shouldn't there be input
> sanitizing escaping all of this and making all special characters available
> for secure passwording?
This is not secure password anymore, this is extreme password :-)
The problem is your password become different depending the escaping
of the front end you are login in !You are looking for the difficulties.
>
> Thanks for the sasl pointer ... will report back tonight.
>
> Joh
>
> Alain Spineux wrote:
>
>> On Wed, Jun 18, 2008 at 11:17 PM, Johannes Graumann
>> <johannes_graumann at web.de> wrote:
>>> Hi,
>>>
>>> 1) Completely fresh openpkg install/bootstrap
>>> 2) Create a new user
>>> 3) Try to use new user:
>>> a) admin interface works
>>
>> I thing the webadmin use simple_bind not SASL !
>>
>>> b) horde doesn't
>>
>> use IMAP then SASL
>>
>>> c) kontact doesn't
>>
>> use IMAP to
>>
>>> 4) Investigate:
>>> a) manually bind to openldap:
>>> root# /kolab/bin/ldapsearch -b dc=graumanage,dc=net -s base -D
>>> 'cn=Johannes Graumann,dc=graumanage,dc=net' -h 127.0.0.1 -x -w
>>> '<MYPASSWD>'
>>>
>>
>> then simple bind works
>>
>>> Output in the shell:
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <dc=graumanage,dc=net> with scope baseObject
>>> # filter: (objectclass=*)
>>> # requesting: ALL
>>> #
>>>
>>> # graumanage.net
>>> dn: dc=graumanage,dc=net
>>> dc: graumanage
>>> objectClass: top
>>> objectClass: domain
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>>
>>> # numResponses: 2
>>> # numEntries: 1
>>> b) equivalent output when observing slapd debugging (as advised
>>> here:
>>>
> http://wiki.kolab.org/index.php/Kolab2_Server_Troubleshooting_-_LDAP)
>>> c) appropriate slapd debugging output when logging into admin
>>> interface d) NO slapd output when attempting to use horde
>>
>> Look like SASL cannot even communicate with LDAP
>>
>>> e) only trace of horde login:
>>> tail /kolab/var/apache/log/horde/horde.log
>>> Jun 18 22:14:05 HORDE [error] [horde] FAILED LOGIN for
>>> Johannes Graumann
>>> [192.168.0.2] to Horde [pid 25084 on line 157
>>> of "/kolab/var/kolab/www/horde/login.php"]
>>> ==> this looked up somewhere that the email given was linked to my
>>> name,
>>> but still fails ...
>>> f) /kolab/bin/cyradm --user johannes.graumann at graumanage.net
>>> localhost
>>> Password ...
>>> IMAP password ...
>>> FAILS
>>
>> IMAP then SASL again
>>
>>> 5) Partial solution to cyrus based problems:
>>> USE PASSWORD WITHOUT '"' and imap-based stuff just works!!!!?????
>>
>> I dont understand , without what ?
>>
>>> ==> cyradmin login works (also with explicitly escaped '"')
>>
>> Did you use double or simple quote in your password ?
>>
>>> ==> much of kontact functionality therefore works
>>
>>> 6) Remaining problems:
>>> a) No horde login - pointers for better troubleshooting?
>>> b) LDAP lookup from within kontact: still NO TLS or SSL
>>> c) call up contact: still one stalling progress bar for an
>>> unidentifiable connection to the server - what might this be?
>>
>> My first idea (before the " or ' stuff) was to troubleshot SASL
>>
>> http://wiki.kolab.org/index.php/Kolab2_Server_Troubleshooting_-_SASL
>>
>>
>>>
>>> Comments? Joh
>>>
>>> _______________________________________________
>>> Kolab-users mailing list
>>> Kolab-users at kolab.org
>>> https://kolab.org/mailman/listinfo/kolab-users
>>>
>>
>>
>>
>
>
> _______________________________________________
> Kolab-users mailing list
> Kolab-users at kolab.org
> https://kolab.org/mailman/listinfo/kolab-users
>
--
Alain Spineux
aspineux gmail com
May the sources be with you
More information about the users
mailing list