Open
Bug 539927
Opened 15 years ago
Updated 9 months ago
It's not possible to have several passwords for one account on the same pop-server
Categories
(Thunderbird :: Account Manager, defect)
Thunderbird
Account Manager
Tracking
(Not tracked)
NEW
People
(Reporter: rasenack, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: dupeme)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1.5) Gecko/20091204 Thunderbird/3.0 I exhange my mails via a proxy server. I have four mail accounts (on four servers in the internet) and at two of them I log on with the same username. I use one proxy server for all 4 mail accounts so the proxy has 8 open ports (4x pop and 4x smtp). As server for all accounts I enterred always my proxy (with different port numbers) and the respective usernames and later on when requesting the mails the passwords which should be stored in the password manager. When looking in the "Settings/Security/Passwords/Stored passwords" there were only three, because of the double user name. It did not store four passwords because I have only one server (my proxy) and three different username (one duoble). But now for one of the servers with this double username the passwords was wrong... Reproducible: Didn't try Steps to Reproduce: 1. Add two mail accounts to the list 2. enter the same username and same server (different ports, in my case proxy server for requesting serveal mail servers) 3. exchange mails and store password when asked 4. look in "Settings/Security/Passwords/Stored passwords" if there are two entrys or one Actual Results: there is only one entry Expected Results: there should be two because they are from different mail accounts I by myself got arround this problem because I could logon with a different username for the same serveraccount on one of the mail accounts and now I have 4 entrys in the password list (for me it's OK now...)
|
||
Updated•15 years ago
|
Whiteboard: dupeme
|
||
Comment 1•15 years ago
|
||
It seems closely a dupe of bug# 41929. rasenack do you agree?
Hmm, I'm not sure if this is really the same basis. I did not encounter any real problems creating the accounts (like same server different username...) so my problem is more to look after in the password manager than in the account manager.
My problem is that the password is stored as if it belongs to "user@server" and not to "account". This would make more sense, to store passwords belonging to accounts because the username also belongs to an account ("mail.server.server1.userName") and the password and username are *always* together.
It is strange TB allowed you to create more account with the same servername and username. It specifically does not allow that. But it should be made possible in bug 238583. The password problem could be a problem in the password manager. Somebody must check thoroughly whether it stores passwords for user@server:port triplet, or only user@server. When I view stored passwords, the user@server keys are without ports.
Depends on: 238583
|
||
Comment 4•12 years ago
|
||
(In reply to rasenack from comment #2) > My problem is that the password is stored as if it belongs to "user@server" > and not to "account". What you saw is merely a key to access password manager's data base. Tb's account definition structure. account.accountN.identities=idX => identity.idX.xxx account.accountN.server=serverZ => server.serverZ.xxx server.serverZ.type server.serverZ.port server.serverZ.hostname <= created upon account creation used by login if no realhostname server.serverZ.realhostname <= created when server name is touched/changed if exists, used by login server.serverZ.userName <= created upon account creation used by login if no realuserName server.serverZ.realuserName <= created when user name is touched/changed if exists, used by login type+hostname+userName is used as internal unique identifier of this account. ("mailbox:// if pop3, imap:// if imap" + userName + "@" + hostname) ( in internal account/folder path represented in URL format. ) (proble of Bug 303542 is loss of uniquness of this identifier.) type+hostname+userName is used as primary/unique key of password manager's DB. ("mailbox:// if pop3, imap:// if imap" + userName + "@" + hostname) (user name saved in DB is actual userID used in login.) Needless to say, if multiple accounts of "same type/hostname/userName with different port" is supported by bug 238583, both of above "internal unique identifier of an account" and "primary/unique key of password manager's DB" needs to be changed, because uniqueness of the identifier/key is lost after bug 238583.
|
|
||
Comment 5•12 years ago
|
||
(In reply to rasenack from comment #0) > Steps to Reproduce: > 1. Add two mail accounts to the list > 2. enter the same username and same server (different ports, in my case > proxy server for requesting serveal mail servers) If same server type, muliple accounts of "same server name and same user name" can't be created in Tb. One is POP3 and other is IMAP? (if this case, it's possible because different type.) > 3. exchange mails and store password when asked > 4. look in "Settings/Security/Passwords/Stored passwords" if there are two entrys or one > Actual Results: > there is only one entry If POP3 and IMAP, different key of key=imap://proxy.server.name and key=mailbox://proxy.server.name is used by password manager. If two POP3 accounts was created using FQDN(proxy.server.name) and IPaddress(this is possible), key=mailbox://proxy.server.name and key=mailbox://IPaddress is used. In both case, there is no problem in saving different password for same userID because server name is different. How did you create two accounts of "same username and same server with different port" in your Tb? Did you create two accounts like next? type hostname realhostname userName realuserName port account1 pop3 S1 U2 U1 port1 account2 pop3 S1 U2 port2 If this was done, Bug 303542 occurs. At account manager, two accounts are shown but second account is not actual account2 which is defined in prefs.js. It's clone account which uses account1's definition. Because type+hostname+userName==pop3+S1+U2 is Tb's internal-key of account, Tb can't access account2 defined in prefs.js normally. Tb can access account1 only. So, change of first account's seting is always applied to second account and vice versa. Because account1's definition only is used, single unique pop3+S1+U2 only is used as key for password manager. Bug 303542 is never password manager issue. If you experienced Bug 303542, problem you saw was not password manager issue, even though your "Tb currently doesn't save different password for same type/hostname/userName with different port" is absolutely correct. And, please note that "same password manager's DB entry" should be used for "same type/hostname/userName with different port" in next case. Gmail IMAP supports both both 993(SSL/TLS) and 143(StartTLS). - Different account shouldn't be created for different port number. - Same password should be used without prompt when port number change. By the way, if SSL related problem doesn't occur when non-FQDN or faked FQDN is used as server name, there are known workarounds. (1) Create an account with FQDN, create another account with IPaddress (2) Create an account with FQDN. for(N=1;N=<number_of_accounts_you_want;N++) { Define dummy FQDN-N for the server's IP address in hosts file, and create account-N with dummy FQDN-N in Tb. }
This seems to be confirmed by analysis of WADA. Who can tell if this is a problem in Thunderbird or in Toolkit/Password manager? Which component decides what is stored in the Password manager?
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows 7 → All
Hardware: x86_64 → All
Version: unspecified → Trunk
|
||
Updated•2 years ago
|
Severity: minor → S4
|
||
Updated•9 months ago
|
Flags: needinfo?(bugzilla2007)
You need to log in
before you can comment on or make changes to this bug.
Description
•