cyrus autorization identifier trick

Nestor A. Diaz nestor at
Thu Apr 19 18:56:54 EDT 2007

Andrew Morgan wrote:
> Easy.  When you want to look at another user's mail, just modify the 
> permissions on their mailbox.  You can do this with cyradm like so:
>   sam adminuser all
> We use a perl script that does this recursively for each folder that 
> belongs to a specify user, and a second script that recursively 
> removes the permission when we are finished.
> After granting these permissions, you'll see the user's mailbox in 
> your IMAP namespace as "Other".
Ok, that's clear for me, but since i am going to have a huge mailstore i 
don't like the idea of the person having to subscribe to each user 
mailbox, or modifying the user mailbox acl each time the person want to 
access data, so as an easy way i was thinking on using sasl as a helper, 
if that's not possible what i am thinking to create at first time, is 
that when the admin (which is really a supervisor with just read 
privilegies) wants to see others users mailbox, it just open a web 
application, that ask for their password, if validation went ok, then 
ask for the mailbox he wants to see and recurisvely change permissions, 
this way the Supervisor can see what others user have into their mailbox 
without using cyradm command line.


Nestor A. Diaz
Ingeniero de Sistemas
Tel. +57 1-600-5490 x 211
Cel. +57 316-227-3593
Tel. SIP: sip:211 at
Email/MSN: nestor at
Bogota, Colombia 

More information about the Info-cyrus mailing list