Can't SELECT mailbox as admin on frontend (Murder)
etienne.goyer at linuxquebec.com
Thu Dec 18 15:26:22 EST 2003
On Wed, Dec 17, 2003 at 05:43:26PM -0500, Rob Siemborski wrote:
> On Wed, 17 Dec 2003, Etienne Goyer wrote:
> You lose many of the privs of being an 'admin' when you are being proxied.
> (namely, the ones that don't come directly from an ACL).
> This behavior originated from the belief that proxy users shouldn't be
> able to become admins. It becomes less clear that this is actually the
> desired behavior to me all the time (and, indeed, the security benefits
> are marginal at best).
I can confirm that this is the case. With imtest, I logged in as proxy
auth, admin user and can't SELECT user/mailbox. When I log in with the
admin credentials, I can.
What I need to do is merging user's account. For that, I wanted to :
1. login on a frontend as mailadmin;
2. SELECT source mailbox
3. LIST submailbox
4. CREATE submailbox in destination mailbox
5. SEARCH messages
6. COPY messages to destination mailbox
Could you suggest a workaround, or some other way to achieve similar
> But this is likely the source of your problem. If you want to do this,
> you can either patch cyrus to not make the isadmin/isproxyadmin
> distinction, or act like a referrals-capable client and follow the
> referral (e.g. issue an 'RLIST "" ""' before you issue the SELECT).
I am running 2.1.13. in another Murder, and it work there (proxy
authcid, admin authzid, SELECT user/mailbox). So I suppose that this
change somewhere in 2.1.14 or 2.1.15 ?
Thanks for your nsights, I'll be looking at the source.
Etienne Goyer Linux Québec Technologies Inc.
http://www.LinuxQuebec.com etienne.goyer at linuxquebec.com
More information about the Info-cyrus