From: Rob Siemborski (no email)
Date: Tue Sep 02 2003 - 14:06:55 EDT
On Tue, 2 Sep 2003, Dave McMurtrie wrote:
> On Tue, 2 Sep 2003, Rob Siemborski wrote:
>
> > Its used exactly as it says.
> >
> > Its for you to authenticate as one user and authorize as another, e.g.
> >
> > cyradm --user rjs3.admin --authz bob
> >
> > gets me connected as bob but authenticated as rjs3.admin (who is an admin
> > in imapd.conf).
>
> Thanks, Rob. This makes sense. I appreciate the info. As I expected,
> now that I know what it's supposed to do, I have more questions.
>
> Is there a bug in perl/imap/IMAP.c, or am I reading the source wrong?
>
> In perl/imap/IMAP.c it appears to correctly parse the options passed to
> it. It uses the char pointer "auth" to store the username and the char
> pointer "user" to store the user to authorize as. When it calls
> imclient_authenticate(), it's passing "user" as the fourth argument where
> I think it should be passing "auth".
>
> As a result, it's trying to authenticate as a user named "" and fails
> everytime unless I specify "--authz" when I invoke cyradm.
"" is a magic authz string that means "use the authentication id". This
is a part of SASL and so its pretty low-level.
Atleast, that is what should be happening (So the use of the empty string
as the authzid by itself isn't a problem).
-Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper
|
|
|