Possible to authorize as different user?
Steinar Kaarø
steinar.kaaro at ntnu.no
Tue Dec 9 05:07:50 EST 2014
--On Tuesday, December 02, 2014 16:13:30 -0500 Adam Tauno Williams
<awilliam at whitemice.org> wrote:
> Quoting Steinar Kaarø <steinar.kaaro at ntnu.no>:
>> Is it possible to authorize as a different user when logging into
>> Cyrus using an ordinary mail client? From what I understand this is
>> only
>
> "Is it possible to authorize as a different user when logging into
> Cyrus" <--- Yes, that is just SASL. Do this all the time.
>
> "using an ordinary mail client" <--- Almost certainly not.
>
>> possible in Cyrus when using SASL PLAIN, but are there any clients
>> that support the authorization part of the PLAIN mechanism?
>
> None that I am aware of.
>
> Probably Mulberry did, as it supported *everything*; but is very
> moribund if not simply gone [licensing was always bizarre].
>
Thank you for your response. I'm a Mulberry user, so I'm familiar with
the possibilities in that client. My problem is that I'm trying to get
Outlook 2013 to handle public folders. This is not working very well,
and it seems to be a better solution to create non-login Cyrus users
that the ordinary Outlook users can authorize as. In Outlook you then
create one account setup for each authorized user. With this solution
the sent messages and trash messages are stored in the correct folders
on the server without any client tweaking.
Exchange IMAP has solved the authorization problem by letting the LOGIN
mechanism support this username syntax: authid/authzid. This allows all
types of clients to authorize as different users, and something similar
would have been nice i Cyrus.
A related feature in Cyrus does not seem to work as stated in the man
page:
"imapmagicplus: 0
Only list a restricted set of mailboxes via IMAP by using
userid+namespace syntax as the authentication/authorization id.
Using userid+ (with an empty namespace) will list only subscribed
mailboxes."
Providing a namespace after + does not have any effect, and a comment
in the source says that this is not implemented.
--
Steinar Kaarø
More information about the Info-cyrus
mailing list