Public bug reported:
Binary package hint: squirrelmail-secure-login
The secure-login-config.php is installed with a default of:
$change_back_to_http_after_login = 1;
even though, as noted in
/usr/share/doc/squirrelmail-secure-login/README.gz,
If you turn on $change_back_to_http_after_login under
SquirrelMail 1.5.2 and above, you will be unable to log in
because by default, SquirrelMail 1.5 will only transmit cookies
securely if the user's session started under https://. If you
really want to revert to an unencrypted connection after user
login, you need to run the SquirrelMail configuration utility
and change the "Only secure cookies if poss." setting (under
"General Options") to "false".
It would be more user-friendly to provide a default configuration that
is compatible with the default configuration of squirrelmail. Also,
change_back_to_http_after_login = 0 seems the more conservative default.
I'm on intrepid, with squirrelmail 2:1.4.15-3ubuntu0.1 and squirrelmail-
secure-login 1.4-1.
** Affects: squirrelmail-secure-login (Ubuntu)
Importance: Undecided
Status: New
--
default configuration of squirrelmail-secure-login doesn't work
https://bugs.launchpad.net/bugs/321304
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
