Does Proxy User Work?

John C. Amodeo amodeo at admin.rutgers.edu
Wed Jun 1 17:10:16 EDT 2005


Patrick,

That worked.  Before, I was never using the -t "" option, so I assume we 
are forcing the use of the PLAIN mech and that makes all the difference 
in the world?

Thank you soo much for your input.

-John

Patrick Radtke wrote:

> You can proxy as another user automatically with the cyrus user
>
> imtest -t "" -a cyrus -u tc2154 host.
>
> You give the cyrus password for authentication and then are authorized 
> as tc2154.
>
> If you want to use an account besides cyrus for authentication set 
> these in imapd.conf
>
> proxy_authname: proxyname
> proxy_password: password
>
> Now you could do
>
> imtest -t "" -a proxyname -u tc2154 host.
> and give the proxyname's password
>
> -Patrick
>
>
> On Jun 1, 2005, at 4:18 PM, Tim Pushor wrote:
>
>> How about backing up the ldap directory, resetting the passwords to a 
>> known (to you) password, do the transition, and restore the directory?
>>
>> If thats not possible, how about setting up a new temporary directory 
>> with your user accounts and the known password, temporarily point 
>> cyrus to it until after the transition, then point it back?
>>
>> Thanks,
>> Tim
>>
>> John C. Amodeo wrote:
>>
>>> I've been researching a way to proxy as another user for 2 days 
>>> without luck.  It seems that Cyrus/SASL has the ability to take a 
>>> proxy command, but I cannot find any feasible application of it.  I 
>>> need help.
>>>
>>> Here's the situation:
>>>
>>> I need to migrate 4 legacy Cyrus 2.0.17 servers to a new Cyrus 
>>> 2.1.15 server.  For multiple reasons, I would rather perform the 
>>> migration via imap using a sync utility like imapsync (or the 
>>> equivalent) rather than trying to merge the 4 servers through a 
>>> manual upgrade / reconstruct.
>>>
>>> I need to be able to "login" as a normal user, say Bob Smith, as the 
>>> Cyrus superuser using Cyrus's credentials.  If not, it will be a 
>>> nightmare (and a bad practice) to collect my user's id's and 
>>> passwords to run the conversion...  I would love to work in batch 
>>> mode where I would only need to supply userid (of the user) and then 
>>> the cyrus super account credentials (or equivalent...)
>>>
>>> I'm reading all over the place about the difference between authcid 
>>> and authzid, proxyservers: cyrus, etc. etc. but can't find any true 
>>> application for how this might work in real life.  I've tried every 
>>> manageable combination of command line arguments with imtest to no 
>>> avail...
>>>
>>> Both my 2.0.16 boxes and my 2.1.15 box authenticate against a 
>>> central LDAP directory using sasl_mech_list: PLAIN.
>>>
>>> Does anyone have any ideas or suggestions?  I really want to avoid 
>>> hacking the SASL code to take a "master" password for any user.
>>>
>>> Thanks in advance.
>>>
>>> -John
>>>
>> ---
>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>

-- 
______________________________________________________________
John C. Amodeo :: Associate Director of Information Technology
Faculty of Arts and Sciences
Rutgers, The State University of New Jersey
Voice: 732.932.9455 Fax: 732.932.0013

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list