admins and virtualdomains, where is authorisation enforced?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi list,

I have a cyrus 2.3.9 test server with two virtual domains: aa.it and bb.it. Having “virtualdomains: yes”, I’ve experimented with “admins” directive and I’ve added one account:

“admins: cyrus user01@xxxxx “

After a cyrus-imapd restart I’ve tried using imtest:

 

[root@olimpo ~]# imtest -a utente01@xxxxx -w password -u utente02@xxxxx -v localhost

S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN SASL-IR] olimpo Cyrus IMAP4 v2.3.9-Invoca-RPM-2.3.9-3 server ready

C: C01 CAPABILITY

S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN SASL-IR ACL RIGHTS=kxte QUOTA NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH

S: C01 OK Completed

C: A01 AUTHENTICATE PLAIN dXRlbnRlMDJAYmIuaXQAdXRlbnRlMDFAYWEuaXQAdXRlbnRlMDE=

S: A01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL RIGHTS=kxte QUOTA NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] Success (no protection)

Authenticated.

Security strength factor: 0

 

I expected some authorization-related error message, but instead user01@xxxxx was able not only to authenticate (as expected, since I used the right credentials) but also to get authorized as user02@xxxxx, that is a normal user of a different domain.

I expected that every “admin”, in a virtualdomain environment, be able to manage only its or her accounts based of course on the domain part of the username.

 

Is there something I missed in my config or maybe in my understanding of this feature?

 

 

Thanks

Pietro

 

 

configdirectory:        /var/lib/imap

 

partition-default:      /storage/mail

 

admins:                 cyrus user01@xxxxx

 

sievedir:               /var/lib/imap/sieve

 

sendmail:               /usr/sbin/sendmail

 

hashimapspool:          true

 

sasl_pwcheck_method:    saslauthd

sasl_mech_list:         PLAIN

 

virtdomains:            yes

defaultdomain:          localdomain

unixhierarchysep:       yes

----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux