View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005081 | SOGo | SOPE | public | 2020-07-13 13:29 | 2021-03-22 07:18 |
| Reporter | falon | Assigned To | |||
| Priority | normal | Severity | feature | Reproducibility | always |
| Status | new | Resolution | open | ||
| Product Version | 4.3.2 | ||||
| Summary | 0005081: Impersonate IMAP user with SASL PLAIN | ||||
| Description | Hello, Cyrus IMAP server provides the ability to login as another user. It support SASL PLAIN authentication as described in RFC 4616 (https://tools.ietf.org/html/rfc4616), you can see Example4. I suppose that other IMAP servers provide this kind of access too. So, if the account "user1" has the IMAP ACL "a" on the mailbox "user2", then "user1" can login in "user2" mailbox with the following PLAIN autentication: user2\000user1\000user1password I wonder if SOGo could provide a support for this authorization and authentication method. Now SOGo supports only user2\000\user2password For instance, multiple IMAP accounts (see at SOGoMailAuxiliaryUserAccountsEnabled) could be configured asking the username only. If the authenticated user has the authorization, then the new mailbox could be opened just knowing its name. | ||||
| Additional Information | |||||
| Tags | authentication, authorization, imap, PLAIN, SASL | ||||
