admins and virtualdomains, where is authorisation enforced?

Mon, 01 Oct 2007 03:44:40 -0700 

Hi list,

I have a cyrus 2.3.9 test server with two virtual domains: aa.it and
bb.it. Having "virtualdomains: yes", I've experimented with "admins"
directive and I've added one account:

"admins: cyrus [EMAIL PROTECTED] "

After a cyrus-imapd restart I've tried using imtest:

 

[EMAIL PROTECTED] ~]# imtest -a [EMAIL PROTECTED] -w password -u [EMAIL 
PROTECTED]
-v localhost

S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN SASL-IR]
olimpo Cyrus IMAP4 v2.3.9-Invoca-RPM-2.3.9-3 server ready

C: C01 CAPABILITY

S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN SASL-IR ACL
RIGHTS=kxte QUOTA NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN
MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT
THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT
LIST-SUBSCRIBED X-NETSCAPE URLAUTH

S: C01 OK Completed

C: A01 AUTHENTICATE PLAIN
dXRlbnRlMDJAYmIuaXQAdXRlbnRlMDFAYWEuaXQAdXRlbnRlMDE=

S: A01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL
RIGHTS=kxte QUOTA NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN
MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT
THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT
LIST-SUBSCRIBED X-NETSCAPE URLAUTH] Success (no protection)

Authenticated.

Security strength factor: 0

 

I expected some authorization-related error message, but instead
[EMAIL PROTECTED] was able not only to authenticate (as expected, since I
used the right credentials) but also to get authorized as [EMAIL PROTECTED],
that is a normal user of a different domain.

I expected that every "admin", in a virtualdomain environment, be able
to manage only its or her accounts based of course on the domain part of
the username.

 

Is there something I missed in my config or maybe in my understanding of
this feature?

 

 

Thanks

Pietro

 

 

configdirectory:        /var/lib/imap

 

partition-default:      /storage/mail

 

admins:                 cyrus [EMAIL PROTECTED] 

 

sievedir:               /var/lib/imap/sieve

 

sendmail:               /usr/sbin/sendmail

 

hashimapspool:          true

 

sasl_pwcheck_method:    saslauthd

sasl_mech_list:         PLAIN

 

virtdomains:            yes

defaultdomain:          localdomain

unixhierarchysep:       yes

________________________________


----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Reply via email to