You can proxy as another user automatically with the cyrus user
imtest -t "" -a cyrus -u tc2154 host.
You give the cyrus password for authentication and then are authorized
as tc2154.
If you want to use an account besides cyrus for authentication set
these in imapd.conf
proxy_authname: proxyname
proxy_password: password
Now you could do
imtest -t "" -a proxyname -u tc2154 host.
and give the proxyname's password
-Patrick
On Jun 1, 2005, at 4:18 PM, Tim Pushor wrote:
How about backing up the ldap directory, resetting the passwords to a
known (to you) password, do the transition, and restore the directory?
If thats not possible, how about setting up a new temporary directory
with your user accounts and the known password, temporarily point
cyrus to it until after the transition, then point it back?
Thanks,
Tim
John C. Amodeo wrote:
I've been researching a way to proxy as another user for 2 days
without luck. It seems that Cyrus/SASL has the ability to take a
proxy command, but I cannot find any feasible application of it. I
need help.
Here's the situation:
I need to migrate 4 legacy Cyrus 2.0.17 servers to a new Cyrus 2.1.15
server. For multiple reasons, I would rather perform the migration
via imap using a sync utility like imapsync (or the equivalent)
rather than trying to merge the 4 servers through a manual upgrade /
reconstruct.
I need to be able to "login" as a normal user, say Bob Smith, as the
Cyrus superuser using Cyrus's credentials. If not, it will be a
nightmare (and a bad practice) to collect my user's id's and
passwords to run the conversion... I would love to work in batch
mode where I would only need to supply userid (of the user) and then
the cyrus super account credentials (or equivalent...)
I'm reading all over the place about the difference between authcid
and authzid, proxyservers: cyrus, etc. etc. but can't find any true
application for how this might work in real life. I've tried every
manageable combination of command line arguments with imtest to no
avail...
Both my 2.0.16 boxes and my 2.1.15 box authenticate against a central
LDAP directory using sasl_mech_list: PLAIN.
Does anyone have any ideas or suggestions? I really want to avoid
hacking the SASL code to take a "master" password for any user.
Thanks in advance.
-John
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
