cyrus autorization identifier trick

Andrew Morgan morgan at
Thu Apr 19 16:32:09 EDT 2007

On Thu, 19 Apr 2007, Nestor A. Diaz wrote:

> Hello cyrus people.
> Following your cyrus recomendations for a 15K users mailstore, i have a new 
> requeriment, we will like some administrators to login to any mailbox in 
> order to check the successfull delivery of some emails, without having to 
> login into each account with the associated login and password, i explain:
> i use cyrus virtual domains system,a user log in using this user id and 
> password:
> user at
> userpassword
> but i will like to make some trick for a user to login into a mailbox, using 
> the followin schema:
> user:admin at
> adminpassword
> the idea is that based on username (user:admin), the system notice that the 
> user login is 'admin' and that he wants to see 'user' mailbox.
> is something like this possible ? i have read something related under 
> but i still don't 
> see the way to do this, because auxprop pluing only returns the password 
> asociated with an account, but how can i make cyrus to know that 'user:admin' 
> refers to 'user' mailbox ?

Easy.  When you want to look at another user's mail, just modify the 
permissions on their mailbox.  You can do this with cyradm like so:

   sam adminuser all

We use a perl script that does this recursively for each folder that 
belongs to a specify user, and a second script that recursively removes 
the permission when we are finished.

After granting these permissions, you'll see the user's mailbox in your 
IMAP namespace as "Other".


More information about the Info-cyrus mailing list