6.0.0-beta1
7/11/25

[#14434] Net_Sieve authentication problem PLAIN
Summary Net_Sieve authentication problem PLAIN
Queue Ingo
Queue Version 3.2.10
Type Bug
State Not A Bug
Priority 2. Medium
Owners
Requester ricardo (at) wenn (dot) com
Created 08/04/2016 (3263 days ago)
Due
Updated 08/05/2016 (3262 days ago)
Assigned
Resolved 08/05/2016 (3262 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch No

History
08/05/2016 10:23:41 AM Jan Schneider Comment #2
State ⇒ Not A Bug
Reply to this comment
First of all, Net_Sieve is not a Horde library, so this is the wrong 
place to report this issue.
Since I happen to be the maintainer of Net_Sieve, I'm going to answer anyway.

If user and euser (resp. authcid and authzid) are intentionally 
different, and PLAIN authentication fails with these credentials, it's 
your server's fault. So either your server is misconfigured, or you 
are not supposed to provide different authcid and authzid values.

This is a support question, not a bug report.

Please use the mailing lists to ask for support.

http://www.horde.org/mail/ contains a list of all available mailing lists.
08/04/2016 11:29:05 AM ricardo (at) wenn (dot) com Comment #1
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Type ⇒ Bug
Summary ⇒ Net_Sieve authentication problem PLAIN
Queue ⇒ Ingo
Milestone ⇒
Patch ⇒ No
Reply to this comment
PLAIN authentication fails when $user & $euser ID are different.

Auth should only be done against $user & $pass, this takes into 
account ingo hooks, euser is not needed.

I would also assume that all other auth methods are affected by the 
same thing.


     function _authPLAIN($user, $pass, $euser)
     {
         return $this->_sendCmd(
             sprintf(
                 'AUTHENTICATE "PLAIN" "%s"',
                 base64_encode($euser . chr(0) . $user . chr(0) . $pass)
             )
         );
     }

Saved Queries