[Dovecot] Suggested patch: retain user's group privileges after logging into IMAP
Hi,
I'm attaching a suggested patch that lets an authenticated user access shared IMAP folders even if the user doesn't directly own the storage, but is a part of a group that has permissions on the storage.
This allows for the administrator to setup a shared mailbox with permissions given to a group instead of a user, and allow all of the users that belong to the group to access the mail according to the file-system permissions.
What do you think? Is this the right way to do this, or am I missing something security-wise?
I'm also attaching a bug fix for the LDAP passdb, where if the password scheme wasn't PLAIN, the password would be cleared from memory before being used to authenticate the user, and the authentication would fail.
Regards, Lior
participants (1)
-
Lior Okman