Hi Matt
Quoting Matt via Devel <devel@cyrus.topicbox.com>:
The method is easily understood from the slapd source code (case
AF_LOCAL: in slap_listener() in servers/slapd/daemon.c) and it is
compatible with running saslauthd (ldap_servers: ldapi:/// &
ldap_mech: EXTERNAL) for non admin users. Also I had the thought of
adding an admin=0/1 flag for imap to restrict whether an imap
connection would allow admin IMAP commands.
you an already use cyr_deny/user_deny.db to block the admin user on
cyrus services
And lastly, from a motivation point of view it would be good to know
if others would find the extra security useful (only allowing IMAP
admin connections via a unix socket),
I can see some use cases. But replication and murder setup
(mailbox transfer to an other backend server) require admin
permissions on tcp/ip imap connections.
Michael
--------------------------------------------------------------------------------
Michael Menge Tel.: (49) 7071 / 29-70316
Universität Tübingen Fax.: (49) 7071 / 29-5912
Zentrum für Datenverarbeitung mail:
michael.me...@zdv.uni-tuebingen.de
Wächterstraße 76
72074 Tübingen
------------------------------------------
Cyrus: Devel
Permalink:
https://cyrus.topicbox.com/groups/devel/Tdf38f630f7312734-M230c3fe025763b5e01faf1c6
Delivery options: https://cyrus.topicbox.com/groups/devel/subscription
