On Sat, Mar 17, 2012 at 8:06 PM, Dan White <dwhite@xxxxxxx> wrote: > On 03/15/12 12:10 -0700, Stephen Ingram wrote: >> >> I see in the documents mention of the four types of authorization >> supported by Cyrus-IMAP. I also see a --with-auth compile option in >> older versions that no longer appear in newer versions. I understand >> that authentication is handled by Cyrus-SASL. Is authorization now >> also handled also by Cyrus-SASL with userid and authid being equal? > > > I believe the compile time --with-auth option was replaced with the > 'auth_mech' runtime (/etc/imapd.conf) option. Also see the > 'unix_group_enable' option. > > Cyrus SASL will be used to resolve and canonicalize both the userid and > authid, but it's left up to Cyrus IMAPD to: > > * figure out who belongs to what group (for group:staff type ACLs), via > the auth_mech configuration > * apply ACLs to determine what rights a user has to access another's > mailbox > * who can act *as* another user, via the 'proxyservers' and 'loginuseacl' > config options. Thank you Dan, that's exactly what I was looking for. ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
