6.0.0-git
2019-03-21

[#14434] Net_Sieve authentication problem PLAIN
Summary Net_Sieve authentication problem PLAIN
Queue Ingo
Queue Version 3.2.10
Type Bug
State Not A Bug
Priority 2. Medium
Owners
Requester ricardo (at) wenn (dot) com
Created 2016-08-04 (959 days ago)
Due
Updated 2016-08-05 (958 days ago)
Assigned
Resolved 2016-08-05 (958 days ago)
Milestone
Patch No

History
2016-08-05 10:23:41 Jan Schneider Comment #2
State ⇒ Not A Bug
Reply to this comment
First of all, Net_Sieve is not a Horde library, so this is the wrong 
place to report this issue.
Since I happen to be the maintainer of Net_Sieve, I'm going to answer anyway.

If user and euser (resp. authcid and authzid) are intentionally 
different, and PLAIN authentication fails with these credentials, it's 
your server's fault. So either your server is misconfigured, or you 
are not supposed to provide different authcid and authzid values.

This is a support question, not a bug report.

Please use the mailing lists to ask for support.

http://www.horde.org/mail/ contains a list of all available mailing lists.
2016-08-04 11:29:05 ricardo (at) wenn (dot) com Comment #1
Type ⇒ Bug
Milestone ⇒
Queue ⇒ Ingo
Summary ⇒ Net_Sieve authentication problem PLAIN
Priority ⇒ 2. Medium
State ⇒ Unconfirmed
Patch ⇒ No
Reply to this comment
PLAIN authentication fails when $user & $euser ID are different.

Auth should only be done against $user & $pass, this takes into 
account ingo hooks, euser is not needed.

I would also assume that all other auth methods are affected by the 
same thing.


     function _authPLAIN($user, $pass, $euser)
     {
         return $this->_sendCmd(
             sprintf(
                 'AUTHENTICATE "PLAIN" "%s"',
                 base64_encode($euser . chr(0) . $user . chr(0) . $pass)
             )
         );
     }

Saved Queries