Heiko Schlittermann
2017-Oct-25 12:27 UTC
authenticate as userA, but get authorization to user userB's account
Hello J?zsef, thanks for your super-fast response. Kadlecsik J?zsef <kadlecsik.jozsef at wigner.mta.hu> (Mi 25 Okt 2017 13:28:22 CEST):> > sales at example.com, using the credentials of the very own account (say > > hans at example.com)? > > We faced the same problem and solved it with a PAM module:?> The users must use the username "groupusername*realusername" and theYes, this follows the maser-user idea. Great. I'm curious if the master user mechanism isn't usable. Maybe it is, I'll check this.> - dovecot POP/IMAP server > - vsfptd FTP server > > Addendum: for dovecot, add "*" to the allowed username chars to > auth_username_chars in /etc/dovecot/conf.d/10-auth.conf.I think, it's there already for the master user mechanism. I'll send a follow-up on how I solved it, if I do not get any further input. Best regards from Dresden/Germany Viele Gr??e aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ - -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: not available URL: <dovecot.org/pipermail/dovecot/attachments/20171025/55d2940b/attachment.sig>
Kadlecsik József
2017-Oct-25 12:42 UTC
authenticate as userA, but get authorization to user userB's account
On Wed, 25 Oct 2017, Heiko Schlittermann wrote:> Kadlecsik J?zsef <kadlecsik.jozsef at wigner.mta.hu> (Mi 25 Okt 2017 13:28:22 CEST): > > > sales at example.com, using the credentials of the very own account (say > > > hans at example.com)? > > > > We faced the same problem and solved it with a PAM module: > ? > > The users must use the username "groupusername*realusername" and the > > Yes, this follows the maser-user idea. Great. I'm curious if the master > user mechanism isn't usable. Maybe it is, I'll check this.The master users are allowed to impersonate anyone and at the same time cannot login as themselves. Those were the issues why we couldn't choose to use master users. Best regards, Jozsef -- E-mail : kadlecsik.jozsef at wigner.mta.hu PGP key: kfki.hu/~kadlec/pgp_public_key.txt Address: Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary
Heiko Schlittermann
2017-Oct-25 13:01 UTC
authenticate as userA, but get authorization to user userB's account
Kadlecsik J?zsef <kadlecsik.jozsef at wigner.mta.hu> (Mi 25 Okt 2017 14:42:11 CEST): ?> The master users are allowed to impersonate anyone and at the same time > cannot login as themselves. Those were the issues why we couldn't choose > to use master users.True. -- Heiko -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: not available URL: <dovecot.org/pipermail/dovecot/attachments/20171025/4bbd99b3/attachment.sig>
Possibly Parallel Threads
- authenticate as userA, but get authorization to user userB's account
- authenticate as userA, but get authorization to user userB's account
- authenticate as userA, but get authorization to user userB's account
- Strange "IMAP connection broken (server response)" errors
- Strange "IMAP connection broken (server response)" errors