User creation - automatic subscriptions

[Ken Murchison]

Alain Williams wrote:
> Summary: can safely I put mailbox subscriptions for a new user directly into their .sub file ?
> 
> Hi,
> 
> I am putting together a large cyrus system - 20,000 users - at a UK college.
> 
> Creation of users need to be automatic, I will get a list of new users every
> day from central admin. Logged in as cyrus I can create the users and their
> mail boxes (drafts, etc) using a perl script, easy.
> 
> The user then needs to be subscribed to their mailboxes. This must be done
> logged in as the user - that is hard, I have no way of knowing their password.

You don't need to.  You can proxy as any user as long as you 
authenticate as an admin.  You need to be able to authenticate using a 
SASL mechanism which allows for proxying (PLAIN, DIGEST-MD5, OTP, SRP). 
  Using cyradm, this would look like:

cyradm --user cyrus --authz <userid> --auth digest-md5 localhost

Using imtest, it would look like this:

imtest -a cyrus -u <userid> -m digest-md5 localhost


Both of these will authenticate you as cyrus (using cyrus' password), 
but authorize you (assume the identity) as <userid>.

> I do notice that the user fred's subscription list is stored in:
> 
> 	/var/imap/user/f/fred.sub
> 
> Is there any reason why I should not just create that file ?

You *can* do this if you like, as long as you create it r/w by the cyrus 
user, but all administration *should* be done via the IMAP protocol.

> Come to that, is there any reason why I should not create the user's
> mailbox directly, ie .../users/fred/ and use reconstruct to rebuild
> the cyrus.cache, etc files ?

No, I wouldn't recommend that.  Every mailbox needs to have an entry in 
mailboxes.db, in addition to its directory and cyrus.* files.  As I said 
above, all Cyrus administration *should* be done via IMAP.

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp