Tickets :: Comment on [#11387] horde_alarms tries always to login as first admin user but with an empty password

* Your Email Address
* Spam protection	Enter the letters below: . ,.__. . .. . \./ [__] \| \|\ / \| \| \|\__\|\__\| \/
Comment	>> Each time horde_alarms runs by cron, it tries to login as the first >> admin user, but with an empty, password. So we get tons of failed >> logins in the logs, plus this might lead to locking the account by >> the backend. > > This is the expected behavior if you use transparent authentication. > With transparent authentication, the current credentials will be used > to try to authenticate where necessary. To get administration rights > when running CLI scripts, we need to authenticate, or at least fake > authentication, as a real administrator though. > >> See >> https://github.com/o-/horde/commit/3f916b63e59ee92611883f9e204a2d878c661c2f >> for an implementation of this check. > > This is not a viable solution, because it may very well be allowed to > have an empty password. > >> In bug #10076 it was suggested that this is a duplicated of bug >> #9733, however as we are on the latest versions, this is clearly >> still an issue. > > Looks like those were not duplicates then. > > I admit that this is a problem, but I don't see a proper and easy > solution to this yet. We could allow empty passwords in the > general-purpose IMAP library and catch those earlier inside > Horde-specific code, but even in Horde it might be allowed to login > with an empty password, at least via the API.
Attachment
Watch this ticket