SASL login as another user - unexpected behavior on cyrus 2.4.17
Marco
falon at ruparpiemonte.it
Mon Sep 25 04:19:00 EDT 2017
Hello,
I run Cyrus-IMAPD 2.4.17 with many virtual domains:
virtdomains: userid
I configured a domain administrator:
admins: admin at example.com
With this account I can LIST all accounts in example.com domain only, as
expected.
Let suppose the Cyrus-IMAPD server stores also accounts for other
domains, such as example2.com domain.
Well, I see that I can SASL PLAIN login using admin at example.com on
example2.com accounts too, if I know their names. I can't understand why
this could happen. It seems a security issue.
Is there a way to prevent this issue without modifying ACL on all accounts?
Thank you
Marco
More information about the Info-cyrus
mailing list