On Thu, 5 Oct 2006, Jesus Roncero wrote:
Michael Loftis wrote:
Authentication of the user happens at the frontend. The frontend then
uses the proxy credentials to authorize as the user on the backend.
The backends don't need a full user database, just the proxy
information.
Yes and no. If an IMAP client support referrals, the frontends will
return a referral to the appropriate backend. So, the client may connect
to the backend as well in some cases.
Oops, I forgot about that detail. We locally patched referrals out of our
IMAP proxies.
Umm, isn't there an option on the configuration to disable referrals? If not,
do you have that patch available?
I've attached the patch to this message. We use it with Cyrus v2.2.12
here. I don't know if it works or applies cleanly to v2.3.x.
Andy
--- cyrus-imapd-2.2.10.dist/imap/proxyd.c 2004-11-23 09:40:15.000000000 -0800
+++ cyrus-imapd-2.2.10/imap/proxyd.c 2005-01-14 12:50:11.965210408 -0800
@@ -1227,7 +1227,7 @@
/* Cleanup Globals */
proxyd_cmdcnt = 0;
- disable_referrals = 0;
+ disable_referrals = config_getswitch(IMAPOPT_PROXYD_DISABLE_MAILBOX_REFERRALS);
supports_referrals = 0;
proxyd_userisadmin = 0;
proxyd_starttls_done = 0;
@@ -2823,6 +2823,10 @@
prot_printf(proxyd_out, "* CAPABILITY ");
prot_printf(proxyd_out, CAPABILITY_STRING);
+ if (config_getswitch(IMAPOPT_PROXYD_DISABLE_MAILBOX_REFERRALS) == 0) {
+ prot_printf(proxyd_out, " MAILBOX-REFERRALS");
+ }
+
if (config_getint(IMAPOPT_IMAPIDLEPOLL) > 0) {
prot_printf(proxyd_out, " IDLE");
}
diff -r -u cyrus-imapd-2.2.10.dist/imap/version.h cyrus-imapd-2.2.10/imap/version.h
--- cyrus-imapd-2.2.10.dist/imap/version.h 2004-11-23 09:52:52.000000000 -0800
+++ cyrus-imapd-2.2.10/imap/version.h 2005-01-14 12:46:38.391024296 -0800
@@ -55,7 +55,7 @@
/* CAPABILITIES are now defined here, not including sasl ones */
#define CAPABILITY_STRING "IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ " \
- "MAILBOX-REFERRALS NAMESPACE UIDPLUS ID " \
+ "NAMESPACE UIDPLUS ID " \
"NO_ATOMIC_RENAME UNSELECT " \
"CHILDREN MULTIAPPEND BINARY " \
"SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES " \
diff -r -u cyrus-imapd-2.2.10.dist/lib/imapoptions cyrus-imapd-2.2.10/lib/imapoptions
--- cyrus-imapd-2.2.10.dist/lib/imapoptions 2004-07-21 12:07:45.000000000 -0700
+++ cyrus-imapd-2.2.10/lib/imapoptions 2005-01-14 12:47:41.125560426 -0800
@@ -630,6 +630,10 @@
connections that these referrals would cause, thus resulting in a higher
authentication load on the respective backend server. */
+{ "proxyd_disable_mailbox_referrals", 0, SWITCH }
+/* Set to true to disable the use of mailbox-referrals on the
+ proxy servers.*/
+
{ "proxyservers", NULL, STRING }
/* A list of users and groups that are allowed to proxy for other
users, seperated by spaces. Any user listed in this will be
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
