You have to "fs sa ~/Maildir system:anyuser l", which is a bit ugly; that means that random users can see the names you give your mailboxes and how many emails you have in them, but (I think) nothing else.
Aside from that it should all be working. The quick solution is to grant "l" to a principal just for courier-imap, and run it k5started with tokens for that principal. This means that when user X logs in, his instance of courier-imapd can see the names given to user Y's mailboxes, but I think courier-imapd is used to running as root, so we can probably trust it not to expose this. The better solution would be to remove courier's assumption that it can stat() ~/Mailbox before authentication. Do we offer outbound SMTP (with SMTP-AUTH, of course) to users? - a -- PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380 _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
