SASL login as another user - unexpected behavior on cyrus 2.4.17

Marco Mon, 25 Sep 2017 01:21:08 -0700

Hello,

 I run Cyrus-IMAPD 2.4.17 with many virtual domains:


        virtdomains: userid

I configured a domain administrator:

        admins: ad...@example.com

With this account I can LIST all accounts in example.com domain only, asexpected.

Let suppose the Cyrus-IMAPD server stores also accounts for otherdomains, such as example2.com domain.

Well, I see that I can SASL PLAIN login using ad...@example.com onexample2.com accounts too, if I know their names. I can't understand whythis could happen. It seems a security issue.



Is there a way to prevent this issue without modifying ACL on all accounts?

Thank you
Marco
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

SASL login as another user - unexpected behavior on cyrus 2.4.17

Reply via email to