Hi I wrote a patch for this https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2998 On Oct 1, 2007 11:29 AM, Toschi Pietro <Pietro.Toschi@xxxxxxxxxx> wrote: > > > > > Hi list, > > I have a cyrus 2.3.9 test server with two virtual domains: aa.it and bb.it. > Having "virtualdomains: yes", I've experimented with "admins" directive and > I've added one account: > > "admins: cyrus user01@xxxxx " > > After a cyrus-imapd restart I've tried using imtest: > > > > [root@olimpo ~]# imtest -a utente01@xxxxx -w password -u utente02@xxxxx -v > localhost > > S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN SASL-IR] olimpo > Cyrus IMAP4 v2.3.9-Invoca-RPM-2.3.9-3 server ready > > C: C01 CAPABILITY > > S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN SASL-IR ACL > RIGHTS=kxte QUOTA NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN > MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES > ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE > URLAUTH > > S: C01 OK Completed > > C: A01 AUTHENTICATE PLAIN > dXRlbnRlMDJAYmIuaXQAdXRlbnRlMDFAYWEuaXQAdXRlbnRlMDE= > > S: A01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL > RIGHTS=kxte QUOTA NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN > MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES > ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE > URLAUTH] Success (no protection) > > Authenticated. > > Security strength factor: 0 > > > > I expected some authorization-related error message, but instead > user01@xxxxx was able not only to authenticate (as expected, since I used > the right credentials) but also to get authorized as user02@xxxxx, that is a > normal user of a different domain. > > I expected that every "admin", in a virtualdomain environment, be able to > manage only its or her accounts based of course on the domain part of the > username. > > > > Is there something I missed in my config or maybe in my understanding of > this feature? > > > > > > Thanks > > Pietro > > > > > > configdirectory: /var/lib/imap > > > > partition-default: /storage/mail > > > > admins: cyrus user01@xxxxx > > > > sievedir: /var/lib/imap/sieve > > > > sendmail: /usr/sbin/sendmail > > > > hashimapspool: true > > > > sasl_pwcheck_method: saslauthd > > sasl_mech_list: PLAIN > > > > virtdomains: yes > > defaultdomain: localdomain > > unixhierarchysep: yes > ________________________________ > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
