Re: imap impersonate

2017-01-19 Thread Jason L Tibbitts III via Info-cyrus 
> "PG" == Patrick Goetz via Info-cyrus  
> writes:

PG> Why would you need to do this as opposed to, say, just setting up
PG> multiple personalities on your MUA?

I used impersonation to initially import mailboxes into Cyrus way back
when I switched from uw-imapd.  I guess it might also be useful to be
able to see the same view of a user's mailbox that they have without
having their password.

 - J<

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: imap impersonate

2017-01-19 Thread Patrick Goetz via Info-cyrus 
Why would you need to do this as opposed to, say, just setting up 
multiple personalities on your MUA?


On 01/19/2017 02:17 AM, Gabriele Bulfon via Info-cyrus wrote:

Hi,

is there any mechanism with Cyrus imap to impersonate another user?
I've seen other imap servers scenarios where one may use plain
authentication and sending user as mailboxuser plus a separator plus
adminuser and use only adminpassword, to get access to the mailboxuser
as is (dovecot, exchange).

Anything like this in Cyrus?

Gabriele


*Sonicle S.r.l. *: http://www.sonicle.com 
*Music: *http://www.gabrielebulfon.com 
*Quantum Mechanics : *http://www.cdbaby.com/cd/gabrielebulfon



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: imap impersonate

2017-01-19 Thread Gabriele Bulfon via Info-cyrus 
wow...I just found that in Java is already implemented:
Properties props=System.getProperties();
props.setProperty("mail.imap.sasl.authorizationid","targetmail...@domain.tld" );
Session session=Session.getInstance(props);
Store store=session.getStore("imap");
store.connect("host",143,"adminuser","adminpass");
there you go with the session on the targetmailbox ;)
Thanks a lot!
Gabriele

Sonicle S.r.l.
:
http://www.sonicle.com
Music:
http://www.gabrielebulfon.com
Quantum Mechanics :
http://www.cdbaby.com/cd/gabrielebulfon
--
Da: Michael Menge
A: Gabriele Bulfon
Cc: info-cyrus@lists.andrew.cmu.edu
Data: 19 gennaio 2017 13.14.13 CET
Oggetto: Re: imap impersonate
Quoting Gabriele Bulfon
:
Thanks,
my imapd.conf has already :
admins: sonicle
sasl_mech_list: plain
if I try an imap session with:
A01 AUTHENTICATE PLAIN
+
xxx
where xxx comes from 'echo -en "\0sonicle\0pass" | base64' , I
get authenticated as sonicle.
Now, how do I switch to the desired user?
Once I understand how to do it via imap protocol, I need to
replicate it in java code through:
store.connect(host,143,user,pass);
Thanks in advance!
Gabriele
Quoting from https://tools.ietf.org/html/rfc4616
2.  PLAIN SASL Mechanism
The mechanism consists of a single message, a string of [UTF-8]
encoded [Unicode] characters, from the client to the server.  The
client presents the authorization identity (identity to act as),
followed by a NUL (U+) character, followed by the authentication
identity (identity whose password will be used), followed by a NUL
(U+) character, followed by the clear-text password.  As with
other SASL mechanisms, the client does not provide an authorization
identity when it wishes the server to derive an identity from the
credentials and use that as the authorization identity.
so it is UserID\0AdminID\0AdminPass

M.MengeTel.: (49) 7071/29-70316
Universität Tübingen   Fax.: (49) 7071/29-5912
Zentrum für Datenverarbeitung  mail:
michael.me...@zdv.uni-tuebingen.de
Wächterstraße 76
72074 Tübingen

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: imap impersonate

2017-01-19 Thread Michael Menge via Info-cyrus 

Quoting Gabriele Bulfon :


Thanks,
my imapd.conf has already :
admins: sonicle
sasl_mech_list: plain
if I try an imap session with:
A01 AUTHENTICATE PLAIN
+
xxx
where xxx comes from 'echo -en "\0sonicle\0pass" | base64' , I  
get authenticated as sonicle.

Now, how do I switch to the desired user?
Once I understand how to do it via imap protocol, I need to  
replicate it in java code through:

store.connect(host,143,user,pass);
Thanks in advance!
Gabriele


Quoting from https://tools.ietf.org/html/rfc4616


2.  PLAIN SASL Mechanism

  The mechanism consists of a single message, a string of [UTF-8]
  encoded [Unicode] characters, from the client to the server.  The
  client presents the authorization identity (identity to act as),
  followed by a NUL (U+) character, followed by the authentication
  identity (identity whose password will be used), followed by a NUL
  (U+) character, followed by the clear-text password.  As with
  other SASL mechanisms, the client does not provide an authorization
  identity when it wishes the server to derive an identity from the
  credentials and use that as the authorization identity.


so it is UserID\0AdminID\0AdminPass






M.MengeTel.: (49) 7071/29-70316
Universität Tübingen   Fax.: (49) 7071/29-5912
Zentrum für Datenverarbeitung  mail:  
michael.me...@zdv.uni-tuebingen.de

Wächterstraße 76
72074 Tübingen


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: imap impersonate

2017-01-19 Thread Gabriele Bulfon via Info-cyrus 
Thanks,
my imapd.conf has already :
admins: sonicle
sasl_mech_list: plain
if I try an imap session with:
A01 AUTHENTICATE PLAIN
+
xxx
where xxx comes from 'echo -en "\0sonicle\0pass" | base64' , I get 
authenticated as sonicle.
Now, how do I switch to the desired user?
Once I understand how to do it via imap protocol, I need to replicate it in 
java code through:
store.connect(host,143,user,pass);
Thanks in advance!
Gabriele

Sonicle S.r.l.
:
http://www.sonicle.com
Music:
http://www.gabrielebulfon.com
Quantum Mechanics :
http://www.cdbaby.com/cd/gabrielebulfon
--
Da: Michael Menge via Info-cyrus
A: info-cyrus@lists.andrew.cmu.edu
Data: 19 gennaio 2017 9.53.51 CET
Oggetto: Re: imap impersonate
Quoting Gabriele Bulfon via Info-cyrus
:
Hi,
is there any mechanism with Cyrus imap to impersonate another user?
I've seen other imap servers scenarios where one may use plain
authentication and sending user as mailboxuser plus a separator plus
adminuser and use only adminpassword, to get access to the
mailboxuser as is (dovecot, exchange).
Anything like this in Cyrus?
Gabriele
Cyrus can use the PLAIN mech to allow admin access as the user.
You need to add plain to sasl_mech_list in imapd.conf
And the "admin" account has to be listed in admins or proxyservers
in imapd.conf
Regards,
Michael

M.MengeTel.: (49) 7071/29-70316
Universität Tübingen   Fax.: (49) 7071/29-5912
Zentrum für Datenverarbeitung  mail:
michael.me...@zdv.uni-tuebingen.de
Wächterstraße 76
72074 Tübingen

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: imap impersonate

2017-01-19 Thread Michael Menge via Info-cyrus 


Quoting Gabriele Bulfon via Info-cyrus :


Hi,
is there any mechanism with Cyrus imap to impersonate another user?
I've seen other imap servers scenarios where one may use plain  
authentication and sending user as mailboxuser plus a separator plus  
adminuser and use only adminpassword, to get access to the  
mailboxuser as is (dovecot, exchange).

Anything like this in Cyrus?
Gabriele


Cyrus can use the PLAIN mech to allow admin access as the user.
You need to add plain to sasl_mech_list in imapd.conf
And the "admin" account has to be listed in admins or proxyservers
in imapd.conf

Regards,

   Michael



M.MengeTel.: (49) 7071/29-70316
Universität Tübingen   Fax.: (49) 7071/29-5912
Zentrum für Datenverarbeitung  mail:  
michael.me...@zdv.uni-tuebingen.de

Wächterstraße 76
72074 Tübingen


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: imap impersonate

2017-01-19 Thread Simon Matter via Info-cyrus 
> Hi,
> is there any mechanism with Cyrus imap to impersonate another user?
> I've seen other imap servers scenarios where one may use plain
> authentication and sending user as mailboxuser plus a separator plus
> adminuser and use only adminpassword, to get access to the mailboxuser as
> is (dovecot, exchange).
> Anything like this in Cyrus?
> Gabriele

Hi Gabriele,

Check the "proxyservers" directive in imapd.conf.

Regards,
Simon


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

imap impersonate

2017-01-19 Thread Gabriele Bulfon via Info-cyrus 
Hi,
is there any mechanism with Cyrus imap to impersonate another user?
I've seen other imap servers scenarios where one may use plain authentication 
and sending user as mailboxuser plus a separator plus adminuser and use only 
adminpassword, to get access to the mailboxuser as is (dovecot, exchange).
Anything like this in Cyrus?
Gabriele

Sonicle S.r.l.
:
http://www.sonicle.com
Music:
http://www.gabrielebulfon.com
Quantum Mechanics :
http://www.cdbaby.com/cd/gabrielebulfon

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus