On Wed, Dec 17, 2003 at 05:43:26PM -0500, Rob Siemborski wrote: > On Wed, 17 Dec 2003, Etienne Goyer wrote: > You lose many of the privs of being an 'admin' when you are being proxied. > (namely, the ones that don't come directly from an ACL). > > This behavior originated from the belief that proxy users shouldn't be > able to become admins. It becomes less clear that this is actually the > desired behavior to me all the time (and, indeed, the security benefits > are marginal at best).
I can confirm that this is the case. With imtest, I logged in as proxy auth, admin user and can't SELECT user/mailbox. When I log in with the admin credentials, I can. What I need to do is merging user's account. For that, I wanted to : 1. login on a frontend as mailadmin; 2. SELECT source mailbox 3. LIST submailbox 4. CREATE submailbox in destination mailbox 5. SEARCH messages 6. COPY messages to destination mailbox Could you suggest a workaround, or some other way to achieve similar result ? > But this is likely the source of your problem. If you want to do this, > you can either patch cyrus to not make the isadmin/isproxyadmin > distinction, or act like a referrals-capable client and follow the > referral (e.g. issue an 'RLIST "" ""' before you issue the SELECT). I am running 2.1.13. in another Murder, and it work there (proxy authcid, admin authzid, SELECT user/mailbox). So I suppose that this change somewhere in 2.1.14 or 2.1.15 ? Thanks for your nsights, I'll be looking at the source. -- Etienne Goyer Linux Québec Technologies Inc. http://www.LinuxQuebec.com [EMAIL PROTECTED]
