2.2-rc3 critique: FAILS '"' CONTAINING PASSWORDS!!!!
Johannes Graumann
johannes_graumann at web.de
Thu Jun 19 12:24:45 CEST 2008
Alain Spineux wrote:
> On Thu, Jun 19, 2008 at 8:47 AM, Johannes Graumann
> <johannes_graumann at web.de> wrote:
>> I was indeed using a password with a double quote - shouldn't there be
>> input sanitizing escaping all of this and making all special characters
>> available for secure passwording?
>
> This is not secure password anymore, this is extreme password :-)
> The problem is your password become different depending the escaping
> of the front end you are login in !You are looking for the difficulties.
And this is one of the points where the kolab infrastructure of conjoined
proven - but diverse - components shows a weakness ...
Joh
>
>
>>
>> Thanks for the sasl pointer ... will report back tonight.
>>
>> Joh
>>
>> Alain Spineux wrote:
>>
>>> On Wed, Jun 18, 2008 at 11:17 PM, Johannes Graumann
>>> <johannes_graumann at web.de> wrote:
>>>> Hi,
>>>>
>>>> 1) Completely fresh openpkg install/bootstrap
>>>> 2) Create a new user
>>>> 3) Try to use new user:
>>>> a) admin interface works
>>>
>>> I thing the webadmin use simple_bind not SASL !
>>>
>>>> b) horde doesn't
>>>
>>> use IMAP then SASL
>>>
>>>> c) kontact doesn't
>>>
>>> use IMAP to
>>>
>>>> 4) Investigate:
>>>> a) manually bind to openldap:
>>>> root# /kolab/bin/ldapsearch -b dc=graumanage,dc=net -s base -D
>>>> 'cn=Johannes Graumann,dc=graumanage,dc=net' -h 127.0.0.1 -x -w
>>>> '<MYPASSWD>'
>>>>
>>>
>>> then simple bind works
>>>
>>>> Output in the shell:
>>>> # extended LDIF
>>>> #
>>>> # LDAPv3
>>>> # base <dc=graumanage,dc=net> with scope baseObject
>>>> # filter: (objectclass=*)
>>>> # requesting: ALL
>>>> #
>>>>
>>>> # graumanage.net
>>>> dn: dc=graumanage,dc=net
>>>> dc: graumanage
>>>> objectClass: top
>>>> objectClass: domain
>>>>
>>>> # search result
>>>> search: 2
>>>> result: 0 Success
>>>>
>>>> # numResponses: 2
>>>> # numEntries: 1
>>>> b) equivalent output when observing slapd debugging (as advised
>>>> here:
>>>>
>> http://wiki.kolab.org/index.php/Kolab2_Server_Troubleshooting_-_LDAP)
>>>> c) appropriate slapd debugging output when logging into admin
>>>> interface d) NO slapd output when attempting to use horde
>>>
>>> Look like SASL cannot even communicate with LDAP
>>>
>>>> e) only trace of horde login:
>>>> tail /kolab/var/apache/log/horde/horde.log
>>>> Jun 18 22:14:05 HORDE [error] [horde] FAILED LOGIN for
>>>> Johannes Graumann
>>>> [192.168.0.2] to Horde [pid 25084 on line 157
>>>> of "/kolab/var/kolab/www/horde/login.php"]
>>>> ==> this looked up somewhere that the email given was linked to
>>>> my name,
>>>> but still fails ...
>>>> f) /kolab/bin/cyradm --user johannes.graumann at graumanage.net
>>>> localhost
>>>> Password ...
>>>> IMAP password ...
>>>> FAILS
>>>
>>> IMAP then SASL again
>>>
>>>> 5) Partial solution to cyrus based problems:
>>>> USE PASSWORD WITHOUT '"' and imap-based stuff just
>>>> works!!!!?????
>>>
>>> I dont understand , without what ?
>>>
>>>> ==> cyradmin login works (also with explicitly escaped '"')
>>>
>>> Did you use double or simple quote in your password ?
>>>
>>>> ==> much of kontact functionality therefore works
>>>
>>>> 6) Remaining problems:
>>>> a) No horde login - pointers for better troubleshooting?
>>>> b) LDAP lookup from within kontact: still NO TLS or SSL
>>>> c) call up contact: still one stalling progress bar for an
>>>> unidentifiable connection to the server - what might this be?
>>>
>>> My first idea (before the " or ' stuff) was to troubleshot SASL
>>>
>>> http://wiki.kolab.org/index.php/Kolab2_Server_Troubleshooting_-_SASL
>>>
>>>
>>>>
>>>> Comments? Joh
>>>>
>>>> _______________________________________________
>>>> Kolab-users mailing list
>>>> Kolab-users at kolab.org
>>>> https://kolab.org/mailman/listinfo/kolab-users
>>>>
>>>
>>>
>>>
>>
>>
>> _______________________________________________
>> Kolab-users mailing list
>> Kolab-users at kolab.org
>> https://kolab.org/mailman/listinfo/kolab-users
>>
>
>
>
More information about the users
mailing list