On Tue, Sep 25, 2007 at 04:36:19PM -0500, Tim Mooney wrote: > > [my apologies if you see this twice, I sent a copy earlier from an > a different address that's not subscribed] > > All- > > I've been tasked with coming up with some kind of method to accomplish the > equivalent of a delegate/designate/proxy capability for two people that > get their email via IMAP. We have a Vice President that wants her > administrative assistant to be able to manage the VP's email (read it, > delete messages, etc). The catch is that this needs to happen without > the VP giving out her password. > > I'm planning on experimenting with UNIX groups and/or ACLs to give the > administrative assistant the necessary OS permissions to access the VP's > folders, along with either symlinks or hard links from the admin > assistant's home directory to the folders in the VP's home directory. > > Is there a better way to accomplish what I'm trying to do? Are there > any pitfalls to the approach I'm considering? > > We're currently running imap-2004g with all MBX (not just INBOX, all > folders are MBX). We've been experimenting with the imap-2006 builds, > and so far 2006k DEV looks like a winner. We will eventually be migrating > to MIX. If we need to go to 2006k and MIX to make this work, we would > certainly do that, as we're headed in that direction anyway. > > Any advice appreciated, > > Tim
On the UW server, if a user is in the "mailadm" group, that ID can log in with its own password and then proxy to any other user. This would allow the assistant to read the VP's mail folders using the assistant's password. >From RELNOTES: ------------- Support for SASL authentication identity vs. authorization identity. If the authentication method does not support this concept (e.g. AUTH=CRAM-MD5, AUTH=LOGIN, LOGIN command), the "*" character in the user name may be used to indicate a separate authentication identity; for example, "fred*joe" indicates authorization identity "fred", authentication identity "joe". UNIX-specific Changes: Support for SASL authentication identity vs. authorization identity in the IMAP and POP3 servers. If the user indicated by the authentication identity is in the "mailadm" group, he may specify any authorization identity and get logged in as the authorization identity user. -------------- -- John Mangrich Internet: [EMAIL PROTECTED] Network & Academic Computing Services University of California, Irvine 2130 Engineering Gateway #2225 Irvine, California 92697-2225 _______________________________________________ Imap-uw mailing list [email protected] https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
