cyradm authz
Rob Siemborski
rjs3 at andrew.cmu.edu
Tue Sep 2 14:06:55 EDT 2003
On Tue, 2 Sep 2003, Dave McMurtrie wrote:
> On Tue, 2 Sep 2003, Rob Siemborski wrote:
>
> > Its used exactly as it says.
> >
> > Its for you to authenticate as one user and authorize as another, e.g.
> >
> > cyradm --user rjs3.admin --authz bob
> >
> > gets me connected as bob but authenticated as rjs3.admin (who is an admin
> > in imapd.conf).
>
> Thanks, Rob. This makes sense. I appreciate the info. As I expected,
> now that I know what it's supposed to do, I have more questions.
>
> Is there a bug in perl/imap/IMAP.c, or am I reading the source wrong?
>
> In perl/imap/IMAP.c it appears to correctly parse the options passed to
> it. It uses the char pointer "auth" to store the username and the char
> pointer "user" to store the user to authorize as. When it calls
> imclient_authenticate(), it's passing "user" as the fourth argument where
> I think it should be passing "auth".
>
> As a result, it's trying to authenticate as a user named "" and fails
> everytime unless I specify "--authz" when I invoke cyradm.
"" is a magic authz string that means "use the authentication id". This
is a part of SASL and so its pretty low-level.
Atleast, that is what should be happening (So the use of the empty string
as the authzid by itself isn't a problem).
-Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper
More information about the Info-cyrus
mailing list