Does Proxy User Work?

phr2101 at columbia.edu phr2101 at columbia.edu
Wed Jun 1 22:45:49 EDT 2005


Glad I could help.

The -t "" option will cause imtest to do starttls.

Once the connection is secure the server will allow the PLAIN mech
to be used.

-Patrick

Quoting "John C. Amodeo" <amodeo at admin.rutgers.edu>:

> Patrick,
>
> That worked.  Before, I was never using the -t "" option, so I
> assume we
> are forcing the use of the PLAIN mech and that makes all the
> difference
> in the world?
>
> Thank you soo much for your input.
>
> -John
>
> Patrick Radtke wrote:
>
> > You can proxy as another user automatically with the cyrus user
> >
> > imtest -t "" -a cyrus -u tc2154 host.
> >
> > You give the cyrus password for authentication and then are
> authorized
> > as tc2154.
> >
> > If you want to use an account besides cyrus for authentication
> set
> > these in imapd.conf
> >
> > proxy_authname: proxyname
> > proxy_password: password
> >
> > Now you could do
> >
> > imtest -t "" -a proxyname -u tc2154 host.
> > and give the proxyname's password
> >
> > -Patrick
> >
> >
> > On Jun 1, 2005, at 4:18 PM, Tim Pushor wrote:
> >
> >> How about backing up the ldap directory, resetting the
> passwords to a
> >> known (to you) password, do the transition, and restore the
> directory?
> >>
> >> If thats not possible, how about setting up a new temporary
> directory
> >> with your user accounts and the known password, temporarily
> point
> >> cyrus to it until after the transition, then point it back?
> >>
> >> Thanks,
> >> Tim
> >>
> >> John C. Amodeo wrote:
> >>
> >>> I've been researching a way to proxy as another user for 2
> days
> >>> without luck.  It seems that Cyrus/SASL has the ability to
> take a
> >>> proxy command, but I cannot find any feasible application of
> it.  I
> >>> need help.
> >>>
> >>> Here's the situation:
> >>>
> >>> I need to migrate 4 legacy Cyrus 2.0.17 servers to a new
> Cyrus
> >>> 2.1.15 server.  For multiple reasons, I would rather perform
> the
> >>> migration via imap using a sync utility like imapsync (or the
> >>> equivalent) rather than trying to merge the 4 servers through
> a
> >>> manual upgrade / reconstruct.
> >>>
> >>> I need to be able to "login" as a normal user, say Bob Smith,
> as the
> >>> Cyrus superuser using Cyrus's credentials.  If not, it will
> be a
> >>> nightmare (and a bad practice) to collect my user's id's and
> >>> passwords to run the conversion...  I would love to work in
> batch
> >>> mode where I would only need to supply userid (of the user)
> and then
> >>> the cyrus super account credentials (or equivalent...)
> >>>
> >>> I'm reading all over the place about the difference between
> authcid
> >>> and authzid, proxyservers: cyrus, etc. etc. but can't find
> any true
> >>> application for how this might work in real life.  I've tried
> every
> >>> manageable combination of command line arguments with imtest
> to no
> >>> avail...
> >>>
> >>> Both my 2.0.16 boxes and my 2.1.15 box authenticate against a
> >>> central LDAP directory using sasl_mech_list: PLAIN.
> >>>
> >>> Does anyone have any ideas or suggestions?  I really want to
> avoid
> >>> hacking the SASL code to take a "master" password for any
> user.
> >>>
> >>> Thanks in advance.
> >>>
> >>> -John
> >>>
> >> ---
> >> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> >> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> >> List Archives/Info:
> http://asg.web.cmu.edu/cyrus/mailing-list.html
> >
> >
>
> --
> ______________________________________________________________
> John C. Amodeo :: Associate Director of Information Technology
> Faculty of Arts and Sciences
> Rutgers, The State University of New Jersey
> Voice: 732.932.9455 Fax: 732.932.0013
>
>


---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list