cyrus autorization identifier trick
Andrew Morgan
morgan at orst.edu
Thu Apr 19 16:32:09 EDT 2007
On Thu, 19 Apr 2007, Nestor A. Diaz wrote:
> Hello cyrus people.
>
> Following your cyrus recomendations for a 15K users mailstore, i have a new
> requeriment, we will like some administrators to login to any mailbox in
> order to check the successfull delivery of some emails, without having to
> login into each account with the associated login and password, i explain:
>
> i use cyrus virtual domains system,a user log in using this user id and
> password:
>
> user at domain.com
> userpassword
>
> but i will like to make some trick for a user to login into a mailbox, using
> the followin schema:
>
> user:admin at domain.com
> adminpassword
>
> the idea is that based on username (user:admin), the system notice that the
> user login is 'admin' and that he wants to see 'user' mailbox.
>
> is something like this possible ? i have read something related under
> http://www.lichteblau.com/ldapvi/cyrus-sasl/sysadmin.html but i still don't
> see the way to do this, because auxprop pluing only returns the password
> asociated with an account, but how can i make cyrus to know that 'user:admin'
> refers to 'user' mailbox ?
Easy. When you want to look at another user's mail, just modify the
permissions on their mailbox. You can do this with cyradm like so:
sam user.foo adminuser all
We use a perl script that does this recursively for each folder that
belongs to a specify user, and a second script that recursively removes
the permission when we are finished.
After granting these permissions, you'll see the user's mailbox in your
IMAP namespace as "Other Users.foo".
Andy
More information about the Info-cyrus
mailing list