Hey,

I seen the messages too. I repoduced it with setting
     $conf[auth][redirect_on_logout] = true;
an press the logout button. Then I get the message.

And when I login again I get sometime an "404 file not found" error.

Could it be that this is coherent with your views?

While I agree that one wants to be alerted when a brute-force attack 
is ongoing, logging every failed connection with a severity EMERG is 
just not what administrators expect. See RFC 5424:

      Numerical       Severity
         Code
               0       Emergency: system is unusable
               1       Alert: action must be taken immediately
               2       Critical: critical conditions
               3       Error: error conditions
               4       Warning: warning conditions
               5       Notice: normal but significant condition
               6       Informational: informational messages
               7       Debug: debug-level messages

               Table 2. Syslog Message Severities
I'd prefer that over having to explain to administrators that they 
don't have to worry about messages being logged with severity EMERG.

From http://en.wikipedia.org/wiki/Syslog

Emergency - A "panic" condition usually affecting multiple 
apps/servers/sites. At this level it would usually notify all tech 
staff on call.

The problem is that this is not a sufficient priority to be able to 
easily catch brute-force attacks on a system.

So you set it to a lower level and then someone can hammer your box 
1,000,000 times an hour and you won't see anything in your logs.  Bad 
idea.

In that case it might be better to lower the priority with which they 
are logged from EMERG to INFO.

I felt a bit uncomfortable with a log full with messages of severity 
"emergency".

So what?  They are just informative log entries.  They don't indicate 
anything is wrong.

Our log is full with these entries, too.  No idea why and how to reproduce...

I have just checked horde´s log and can confirm this.

This is still happening on rare occasions, so I'm guessing it only 
affects some users

2012-11-05T10:43:05+01:00 EMERG: HORDE User is not authorized for 
horde [pid 70549 on line 259 of "/usr/local/lib/php/Horde/Registry.php"]
2012-11-05T10:43:05+01:00 DEBUG: HORDE 1. Horde_Registry::appInit() 
/var/www/html/webmail/rampage.php:54

The " pear install -f horde/Horde_Core" seemed to have fixed that as well

I can confirm the exact same behaviour.

Message is printed 3 times at each login.

I have upgraded my horde 4 to horde 5 (webmail edition). After the 
upgrade whenever I login or logout horde throws an "EMERG: HORDE User 
is not authorized for horde [pid xxx on line 259 of 
"/usr/share/php/Horde/Registry.php"]"

I use IMP (against my IMAP) Server for authorization...

There is no user "HORDE" in my system