Does Proxy User Work?

Patrick Radtke phr2101 at columbia.edu
Wed Jun 1 17:00:13 EDT 2005


You can proxy as another user automatically with the cyrus user

imtest -t "" -a cyrus -u tc2154 host.

You give the cyrus password for authentication and then are authorized 
as tc2154.

If you want to use an account besides cyrus for authentication set 
these in imapd.conf

proxy_authname: proxyname
proxy_password: password

Now you could do

imtest -t "" -a proxyname -u tc2154 host.
and give the proxyname's password

-Patrick


On Jun 1, 2005, at 4:18 PM, Tim Pushor wrote:

> How about backing up the ldap directory, resetting the passwords to a 
> known (to you) password, do the transition, and restore the directory?
>
> If thats not possible, how about setting up a new temporary directory 
> with your user accounts and the known password, temporarily point 
> cyrus to it until after the transition, then point it back?
>
> Thanks,
> Tim
>
> John C. Amodeo wrote:
>
>> I've been researching a way to proxy as another user for 2 days 
>> without luck.  It seems that Cyrus/SASL has the ability to take a 
>> proxy command, but I cannot find any feasible application of it.  I 
>> need help.
>>
>> Here's the situation:
>>
>> I need to migrate 4 legacy Cyrus 2.0.17 servers to a new Cyrus 2.1.15 
>> server.  For multiple reasons, I would rather perform the migration 
>> via imap using a sync utility like imapsync (or the equivalent) 
>> rather than trying to merge the 4 servers through a manual upgrade / 
>> reconstruct.
>>
>> I need to be able to "login" as a normal user, say Bob Smith, as the 
>> Cyrus superuser using Cyrus's credentials.  If not, it will be a 
>> nightmare (and a bad practice) to collect my user's id's and 
>> passwords to run the conversion...  I would love to work in batch 
>> mode where I would only need to supply userid (of the user) and then 
>> the cyrus super account credentials (or equivalent...)
>>
>> I'm reading all over the place about the difference between authcid 
>> and authzid, proxyservers: cyrus, etc. etc. but can't find any true 
>> application for how this might work in real life.  I've tried every 
>> manageable combination of command line arguments with imtest to no 
>> avail...
>>
>> Both my 2.0.16 boxes and my 2.1.15 box authenticate against a central 
>> LDAP directory using sasl_mech_list: PLAIN.
>>
>> Does anyone have any ideas or suggestions?  I really want to avoid 
>> hacking the SASL code to take a "master" password for any user.
>>
>> Thanks in advance.
>>
>> -John
>>
> ---
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list