-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Currently some of our organizational roles uses shared secrets (aka the password) to access the mail account of an organizational role, say "sales" for example. For one, I don't like shared secrets, for second, there had been some changes to shared mailboxes, I can only say "user sales has deleted the message at then and then". Therefore I would like to access the mailboxes of organizational roles with the accounts of the humans performing the role currently.
Using sharing and ACLs it is possible to map the mailboxes of "sales" to "users.sales" namespace for specific other users, actually the human ones, say userA and userB for example.
However, userB does not like managing identities in its MUA and refuses to acknowledge the messages in users.sales for various reasons. One reason was that userB wants to visibly separate strictly both mail accounts, the private messages in "userB" and the role's ones in "sales".
Now, I came into thinking that it would be good in such case, if userB could authentificate as, say "sales*userB" - much like a master user - and ends in "sales"'s home, but with access permissions of "userB", well, like a chroot.
Would it be an interesting feature to add to Dovecot's core?
If I simulate "sales*userB" with password of userB and let the userdb return the home of sales, userB would gain "owner" privilegues of sales implicitly. So there seems to exist no workaround.
Kind regards,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUmDx3l3r2wJMiz2NAQLgVwgAw/RgAll9QPEwEPAY4hNHrTcieyZoCMUc iTGBDYcfaELnlLZJupbM4fRPyVYMe4uRmuy2pBKXwDplCriW9FIETQ36Jx6oppZn Ojf1+ZLjBUwr0OBpGMXyDd0XpNWgaEOiEzvvpOykO+pJJCKEJR7uR0usQ5cV6JRt z7qiY3t7n7H0j12Oas7w+IsRrTgMe9FsJ4D37SwxeZCpM12y17E2T2mX10ycvnTM 27/Gai8iyp/4dlO0NqBZ+qU/txqs2h+y5SARngj4Ru9YkmwutC9b8/4kBObTzzdx w1ahO3sYPTH0KmQ0Voc63H6T6U6CkBmYr9kqplkTdEiwtdg9AJSSfQ== =1arj -----END PGP SIGNATURE-----