cyrus autorization identifier trick

Jo Rhett jrhett at netconsonance.com
Mon Apr 23 17:16:30 EDT 2007


Nestor A. Diaz wrote:
> Ok, that's clear for me, but since i am going to have a huge mailstore i 
> don't like the idea of the person having to subscribe to each user 
> mailbox, or modifying the user mailbox acl each time the person want to 
> access data, so as an easy way i was thinking on using sasl as a helper, 
> if that's not possible what i am thinking to create at first time, is 
> that when the admin (which is really a supervisor with just read 
> privilegies) wants to see others users mailbox, it just open a web 
> application, that ask for their password, if validation went ok, then 
> ask for the mailbox he wants to see and recurisvely change permissions, 
> this way the Supervisor can see what others user have into their mailbox 
> without using cyradm command line.

You really are going the long way around. It's a 5-line perl script at 
the most to grant a given user access to all of the other user's 
folders.  Put it on your administration web host and let authorized 
users run it on command.


More information about the Info-cyrus mailing list