cyrus-imap authorization confusion
Stephen Ingram
sbingram at gmail.com
Mon Mar 19 01:36:34 EDT 2012
On Sat, Mar 17, 2012 at 8:06 PM, Dan White <dwhite at olp.net> wrote:
> On 03/15/12 12:10 -0700, Stephen Ingram wrote:
>>
>> I see in the documents mention of the four types of authorization
>> supported by Cyrus-IMAP. I also see a --with-auth compile option in
>> older versions that no longer appear in newer versions. I understand
>> that authentication is handled by Cyrus-SASL. Is authorization now
>> also handled also by Cyrus-SASL with userid and authid being equal?
>
>
> I believe the compile time --with-auth option was replaced with the
> 'auth_mech' runtime (/etc/imapd.conf) option. Also see the
> 'unix_group_enable' option.
>
> Cyrus SASL will be used to resolve and canonicalize both the userid and
> authid, but it's left up to Cyrus IMAPD to:
>
> * figure out who belongs to what group (for group:staff type ACLs), via
> the auth_mech configuration
> * apply ACLs to determine what rights a user has to access another's
> mailbox
> * who can act *as* another user, via the 'proxyservers' and 'loginuseacl'
> config options.
Thank you Dan, that's exactly what I was looking for.
More information about the Info-cyrus
mailing list