RFE: Expose UI for Option to use POP3/IMAP password for SMTP and LDAP

NEW
Unassigned

Status

MailNews Core
LDAP Integration
--
enhancement
14 years ago
a year ago

People

(Reporter: Brent J. Nordquist, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

14 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.8
Build Identifier: 0.7.1 (20040626)

If you configure Thunderbird to do authenticated SMTP or LDAP, you can specify the login or bind DN 
respectively, but you'll be prompted for your password.  In my testing so far (Mac OS X), this password 
dialog seems to come up with every outgoing email or query respectively.  (I've heard second-hand 
from another user (Windows) that said after the first prompt it did cache it for a while, but then asked 
again later.)

At many organizations like mine, the login and password for all services is the same.  Some other 
*cough* email clients provide a checkbox option to allow the POP3/IMAP (incoming) password that the 
user has already typed to be used for other services like SMTP and LDAP.  Having this option in 
Thunderbird would make it a lot more user-friendly.  Users do not want to have to type a password for 
each email they send or address they look up.

Reproducible: Always
Steps to Reproduce:

Comment 1

14 years ago
one of these should work:

402 // if true, we'll use the password from an incoming server with
403 // matching username and domain
404 pref("mail.smtp.useMatchingDomainServer", false);
405 
406 // if true, we'll use the password from an incoming server with
407 // matching username and host name
408 pref("mail.smtp.useMatchingHostNameServer", false);
(Reporter)

Comment 2

14 years ago
Thanks for the quick response.  It looked like just the thing for SMTP.  I found my ~/Library/
Thunderbird/Profiles/default.kxt/prefs.js file and added:

pref("mail.smtp.useMatchingDomainServer", true);
pref("mail.smtp.useMatchingHostNameServer", true);

in lexical order with the other mail.smtp* ones; no go, it still asked me for my password during 
outgoing SMTP.  I then tried:

pref("mail.smtpserver.smtp1.useMatchingDomainServer", true);
pref("mail.smtpserver.smtp1.useMatchingHostNameServer", true);

because I noticed that's where most of the other settings are; that didn't work either.  Is there 
something else I need to do to make this effective?  My IMAP server is e.g. imap.example.net and my 
SMTP server is smtp.example.net (same domain, different 3rd-level).

(Also, my RFE is asking for the same behavior for LDAP.)

Comment 3

14 years ago
> I've heard second-hand from another user (Windows) that said after the first
> prompt it did cache it for a while, but then asked again later.

It's cached for the rest of the session. And if you check "Remember" in the
password dialoge it's saved in the password manager for each session.
That's at least what it should do - if it doesn't in your case, something is wrong.

Comment 4

14 years ago
-> Core:MailNews:LDAP Integration
Assignee: mscott → sspitzer
Component: General → MailNews: LDAP Integration
Product: Thunderbird → Core
QA Contact: grylchan
Version: unspecified → Trunk

Comment 5

13 years ago
I just wanted to comment on this briefly.  Where I work, I am required to use a
SecurID number (changes every minute) appended to my IMAP/SMTP password.  So
"Use Password Manager" to save is not a viable solution, sadly.  Unfortunately,
while I am prompted for my IMAP password only when TB starts, I am prompted for
my SMTP password when I send an email and haven't been authenticated in an hour.
 If TB could have a setting like Entourage (gak!) does which says to use the
same password for SMTP as was used for IMAP, I would be spared this horrible
punishment.  :)  Please please please add this for me?!  I will pay cash
dollars!  Ones, even FIVES, of dollars!!  :)

:)hal mahaffey
hmahaffey@aol.com

Comment 6

13 years ago
Will these options be configurable from the GUI at some point?
This is an automated message, with ID "auto-resolve01".

This bug has had no comments for a long time. Statistically, we have found that
bug reports that have not been confirmed by a second user after three months are
highly unlikely to be the source of a fix to the code.

While your input is very important to us, our resources are limited and so we
are asking for your help in focussing our efforts. If you can still reproduce
this problem in the latest version of the product (see below for how to obtain a
copy) or, for feature requests, if it's not present in the latest version and
you still believe we should implement it, please visit the URL of this bug
(given at the top of this mail) and add a comment to that effect, giving more
reproduction information if you have it.

If it is not a problem any longer, you need take no action. If this bug is not
changed in any way in the next two weeks, it will be automatically resolved.
Thank you for your help in this matter.

The latest beta releases can be obtained from:
Firefox:     http://www.mozilla.org/projects/firefox/
Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html
Seamonkey:   http://www.mozilla.org/projects/seamonkey/

Comment 8

13 years ago
Summarising the status of this bug:

It is possible:
- to use the POP-password as SMTP-password (comment 1)

It is not possible:
- to configure this option via GUI (comment 6)
- to apply this option only to single accounts (so I believe)
- to have this for IMAP (comment 2, if I understand correctly)
- using this option with LDAP (comment 2)

Is this it?

Comment 9

13 years ago
it works for imap in the same way that it works for pop3 - if you've
authenticated against the incoming server with the same host name or domain,
depending on how you set your prefs, we'll try that password for the smtp server.
(Reporter)

Comment 10

13 years ago
David is correct; I have now tested this with Thunderbird 1.0.6 (Mac OS X) and
now adding the two lines mentioned in comment 1 are working for me with IMAP.
Thanks.

So as far as I'm concerned, this bug should be changed from UNCONFIRMED to
something that indicates "RFE". My RFE is that I feel these options need to be
in the GUI or they will not be useful to the average user. Other email clients
have checkboxes in the account settings for this purpose.

My question about the same functionality (using the user-entered login+password)
for LDAP is still outstanding... is there a prefs.js setting for that also?

(And to be clear, my request is outside of the password manager functionality;
we want the user to enter their password once per Thunderbird launch, not have
it cached for another day, for better security.)

Updated

13 years ago
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: RFE: Option to use POP3/IMAP password for SMTP and LDAP → RFE: Expose UI for Option to use POP3/IMAP password for SMTP and LDAP

Comment 11

13 years ago
sorry, there's no option for LDAP. LDAP plays pretty far away from the sandbox
that the rest of mail&news runs in. Dan would know if it would be possible to do
this...

Comment 12

13 years ago
Is the option - as it is impmlemented now - configurable for single accounts?
Or just globally? I believe it should be possible to configure the behaviour
for each account on its own.

Comment 13

13 years ago
it's configurable per smtp server
I think the right way to fix this with LDAP would be to add a .walletRealm
preference to LDAP addressbooks.  Then whenever the LDAP addrbook code was going
to ask wallet to put up an auth prompter, it would first check that pref, and if
it was set, it would use that URI as the realm to ask wallet for the password
for instead of the URI that normally defines the addressbook. 
(In reply to comment #10)
> (And to be clear, my request is outside of the password manager functionality;
> we want the user to enter their password once per Thunderbird launch, not have
> it cached for another day, for better security.)

As far as LDAP is concerned it tries to keep the password sitting unencrypted in
memory for as short a time as possible.  Implementing the caching as you suggest
would defeat that.  Setting a master password on the password manager, however,
should achieve what you want: it'll force the user to type in a password every
time they start Thunderbird, and it will cause the passwords to be kept around
on disk encrypted.
sorry for the spam.  making bugzilla reflect reality as I'm not working on these bugs.  filter on FOOBARCHEESE to remove these in bulk.
Assignee: sspitzer → nobody

Updated

10 years ago
QA Contact: grylchan → ldap-integration
(Assignee)

Updated

10 years ago
Product: Core → MailNews Core

Updated

a year ago
See Also: → bug 543827
You need to log in before you can comment on or make changes to this bug.