View Issue Details

IDProjectCategoryView StatusLast Update
0005081SOGoSOPEpublic2020-07-13 09:29
Reporterfalon Assigned To 
PrioritynormalSeverityfeatureReproducibilityalways
Status newResolutionopen 
Product Version4.3.2 
Summary0005081: Impersonate IMAP user with SASL PLAIN
Description

Hello, Cyrus IMAP server provides the ability to login as another user. It support SASL PLAIN authentication as described in RFC 4616 (https://tools.ietf.org/html/rfc4616), you can see Example4. I suppose that other IMAP servers provide this kind of access too.

So, if the account "user1" has the IMAP ACL "a" on the mailbox "user2", then "user1" can login in "user2" mailbox with the following PLAIN autentication:

user2\000user1\000user1password

I wonder if SOGo could provide a support for this authorization and authentication method. Now SOGo supports only

user2\000\user2password

For instance, multiple IMAP accounts (see at SOGoMailAuxiliaryUserAccountsEnabled) could be configured asking the username only. If the authenticated user has the authorization, then the new mailbox could be opened just knowing its name.

Additional Information

https://tools.ietf.org/html/rfc4616

Tagsauthentication, authorization, imap, PLAIN, SASL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2020-07-13 09:29 falon New Issue
2020-07-13 09:29 falon Tag Attached: authentication
2020-07-13 09:29 falon Tag Attached: authorization
2020-07-13 09:29 falon Tag Attached: imap
2020-07-13 09:29 falon Tag Attached: PLAIN
2020-07-13 09:29 falon Tag Attached: SASL