Cillian Sharkey <[EMAIL PROTECTED]> wrote: > Don Jackson <[EMAIL PROTECTED]> wrote: >> I wrote a perl script that uses the IMAP protocol to do this for myself. >> In order to get this info for a user, my perl script has to log into the >> cyrus server as the user. So my script needs to know the password for >> each user. This is pretty unacceptable from a security perspective, my >> script would have to know the passwords of every user it was providing >> service to. >> >> Is there a way to create a user that has access to the unseen msg count >> for other users, but nothing else? (eg, would not be able to actually >> read any users messsages). That way if the password was compromised, the >> only thing that could be done with it is to find out how many unseen >> msgs other people have. Is it possible to change from one user's >> mailbox to another users's mail via the IMAP protocol?
> The IMAP AUTH command provides a way to do this. You authenticate with an > admin username + password but request authorisation as some other user. Kind > of like using "su". It does require logging in & out for each user however and > if the password is compromised, they have full admin access to the server. > You should be able to test this with imtest, e.g: > imtest -u jblogg -a cyrus imap-host > (enter cyrus admin password, logged in as jblogg) > Note that you need to be logged in as the user in question to check the > new/unread status as it is set on a per-user basis. -- Dimitry
