admins access from Cyrus 2.4 proxy
David Mayo
D.J.Mayo at bath.ac.uk
Thu Jun 28 13:08:31 EDT 2012
We have started the process of upgrading our Cyrus IMAP service from 2.3
to 2.4. We upgraded the proxy IMAP server earlier this week and
subsequently noticed that quotas can no longer be viewed or set from the
proxy IMAP server.
Cyrus 2.3 front end behaviour:
== cyradm ==
proxy> lq user.test
STORAGE 121/250000 (0.0484%)
proxy>
== Proxy ==
C: 5 GETQUOTA user.test
S: 5 NO [REFERRAL imap://;AUTH=*@backend.bath.ac.uk/user.test] Remote
mailbox.
== Backend ==
C: 5 GETQUOTA user.test
S: * QUOTA user.test (STORAGE 121 250000)
Cyrus 2.4 front end behaviour:
== cyradm ==
proxy> lq user.test
proxy>
== Proxy ==
C: 4 GETQUOTA user.test
S: 4 NO Permission denied
== Backend ==
C: 4 Getquota {11+}
user.test
S: 4 NO Permission denied
Direct to Cyrus 2.3 backend using the same admin user:
== cyradm ==
backend> getacl user.test
STORAGE 121/250000 (0.0484%)
backend>
== Backend ==
C: 1 Getquota {11+}
user.test
S: * QUOTA user.test (STORAGE 121 250000)
1 OK Completed
Server details: 2x Solaris 10 x86 machines, proxy server 2.4.16, backend
server 2.3.13.
proxyd_disable_mailbox_referrals is set to true on imapd.conf on the
proxy server for both versions.
It's good to see that an IMAP referral isn't being generated by the
front end server - we use Kerberos authentication so the login was
happening automatically anyway - but is it expected behaviour that the
admin user be denied admin rights when logging in from a proxy server?
Or should I raise a bug about this?
Thanks,
Dave.
David Mayo
Networks/Systems Administrator
University of Bath Computing Services, UK
More information about the Info-cyrus
mailing list