search

tomsquest / docker-radicale

Docker image for Radicale calendar and contact server :calendar: + security :closed_lock_with_key: + addons :rocket:
GNU General Public License v3.0
591 stars 82 forks source link

Login possible with every letter combination #106

Closed orthl closed 3 years ago

orthl commented 3 years ago

Hello, on my installation, it is possible to access the backend with every letter combination in the username and password. I create a user on the host machine → user1 and a password with the following commands.

I install radicale with the following command: docker run -d --name radicale \ -p 5232:5232 \ -v ~/radicale/data:/data \ tomsquest/docker-radicale

I add a user with the following command: sudo addgroup --gid 2999 radicale sudo adduser --gid 2999 --uid 2999 --shell /bin/false --no-create-home user1

Can you help me to fix this?

Thanks, Lucas

tomsquest commented 3 years ago

Hi @orthl ,

I think you are confusing the user created the share files between the host and the container (adduser --gid 2999 --uid 2999... instructions) and the use management of Radicale.

This repo is about packaging Radicale as a Docker image. It is not about users inside Radicale (the login/pass you used to connect to Radicale, the UI/Backend). There is a section about authorization at Radicale website: https://radicale.org/3.0.html#documentation/authentication-and-rights