Changes have been made in Git (master):

commit 067e1deb555ff3d3d24739ae8a2d8c8a8b585666
Author: Jan Schneider <jan@horde.org>
Date:   Sat Oct 15 13:11:09 2011 +0200

     [jan] Catch exceptions from imap library (Bug #10272).

  framework/Auth/lib/Horde/Auth/Imap.php |    8 ++++++--
  framework/Auth/package.xml             |    4 ++--
  2 files changed, 8 insertions(+), 4 deletions(-)

http://git.horde.org/horde-git/-/commit/067e1deb555ff3d3d24739ae8a2d8c8a8b585666

Changes have been made in Git for this ticket:

[jan] Catch exceptions from imap library (Bug #10272).

  2 files changed, 8 insertions(+), 4 deletions(-)
http://git.horde.org/horde-git/-/commit/b03c00ed39d3b3fb1696309af88f88d4909574c0

Because the client is sending two requests during authentication, one 
without the credentials, which we reply with an authentication 
request. Next time the client request will include the credentials, so 
we need to check them before sending an authentication request again. 
Otherwise the client would never be able to authenticate successfully.

Nevermind.

The code you are trying to patch doesn't even exist in that file, not 
even in a Git master checkout from June.

In file framework/Rpc/lib/Horde/Rpc/Webdav.php function ServeRequest() 
line 952
I don't understand, why you check for a valid authentication even 
before sending the HTTP_Auth header. I would suggest checking for 
empty(null passwords) in _check_auth() before handling it with 
checkAuth or check_auth().

But I am not a horde developer and so dont see the full picture. I 
patched it the following way.

Thanks for further statements.

======================================
diff --git a/framework/Rpc/lib/Horde/Rpc/Webdav.php 
b/framework/Rpc/lib/Horde/Rpc/Webdav.php
index 9071c3e..aea3347 100644
--- a/framework/Rpc/lib/Horde/Rpc/Webdav.php
+++ b/framework/Rpc/lib/Horde/Rpc/Webdav.php
@@ -2420,6 +2420,11 @@ class Horde_Rpc_Webdav extends Horde_Rpc
              ? $this->_SERVER["PHP_AUTH_PW"]
              : null;

+        if (is_null($auth_user) ||
+            is_null($auth_pw)) {
+            return false;
+        }
+
          if (method_exists($this, "checkAuth")) {
              // PEAR style method name
              return $this->checkAuth($auth_type, $auth_user, $auth_pw);
======================================

No Change. Still Crash.

What happens if you replace the @ in the url with %40?

diff --git a/framework/Rpc/lib/Horde/Rpc/Webdav.php 
b/framework/Rpc/lib/Horde/Rpc/Webdav.php
index 9071c3e..11a2365 100644
--- a/framework/Rpc/lib/Horde/Rpc/Webdav.php
+++ b/framework/Rpc/lib/Horde/Rpc/Webdav.php
@@ -2420,6 +2420,10 @@ class Horde_Rpc_Webdav extends Horde_Rpc
              ? $this->_SERVER["PHP_AUTH_PW"]
              : null;

+        if ($auth_user == null || $auth_pw == null) {
+            return false;
+        }
+
          if (method_exists($this, "checkAuth")) {
              // PEAR style method name
              return $this->checkAuth($auth_type, $auth_user, $auth_pw);

I dont see this as a duplicate. I am using git-master (Horde_Auth 
1.0.5) and the bug is not resolved (as in the other ticket).
But I am using a '@' in the usename.

Duplicate of #9893.

Hi dev-team,

I currently use git-master (d3f28851eb029113c37caf3d9da50652358c88ed) 
and can remember when using the latest-stable, that there was a 
HTTP_Auth request, whenever I wanted to download my own calendar ics 
file:
Link is
<https://horde.xeroc.org/rpc.php/kronolith/mail@xeroc.org/3I91aTMRB6ROAzCCtw_ATIA.ics>

But when updating to git-master I noticed, that there is no HTTP_Auth 
anymore, Instead theres the error msg:
    "Horde_Imap_Client requires a username and password."
See URL for traceback.

Did I miss a checkbox I needed for this to work?

Thanks for the great piece of software anyway.