Possible to authorize as different user?

Steinar Kaarø steinar.kaaro at ntnu.no
Tue Dec 9 05:07:50 EST 2014

--On Tuesday, December 02, 2014 16:13:30 -0500 Adam Tauno Williams 
<awilliam at whitemice.org> wrote:

> Quoting Steinar Kaarø <steinar.kaaro at ntnu.no>:
>> Is it possible to authorize as a different user when logging into
>> Cyrus using an ordinary mail client? From what I understand this is
>> only
> "Is it possible to authorize as a different user when logging into
> Cyrus" <--- Yes, that is just SASL.  Do this all the time.
> "using an ordinary mail client" <--- Almost certainly not.
>> possible in Cyrus when using SASL PLAIN, but are there any clients
>> that support the authorization part of the PLAIN mechanism?
> None that I am aware of.
> Probably Mulberry did, as it supported *everything*; but is very
> moribund if not simply gone [licensing was always bizarre].
Thank you for your response. I'm a Mulberry user, so I'm familiar with 
the possibilities in that client. My problem is that I'm trying to get 
Outlook 2013 to handle public folders. This is not working very well, 
and it seems to be a better solution to create non-login Cyrus users 
that the ordinary Outlook users can authorize as. In Outlook you then 
create one account setup for each authorized user. With this solution 
the sent messages and trash messages are stored in the correct folders 
on the server without any client tweaking.
Exchange IMAP has solved the authorization problem by letting the LOGIN 
mechanism support this username syntax: authid/authzid. This allows all 
types of clients to authorize as different users, and something similar 
would have been nice i Cyrus.

A related feature in Cyrus does not seem to work as stated in the man 
"imapmagicplus: 0
Only list a restricted set of mailboxes via IMAP by using 
userid+namespace  syntax  as  the  authentication/authorization id. 
Using userid+ (with an empty namespace) will list only subscribed 

Providing a namespace after + does not have any effect, and a comment 
in the source says that this is not implemented.

Steinar Kaarø

More information about the Info-cyrus mailing list