68 lines
3.0 KiB
Plaintext
68 lines
3.0 KiB
Plaintext
MBOX-Line: From joel at panacea.null.org Tue Sep 18 21:27:28 2007
|
|
To: imap-protocol@u.washington.edu
|
|
From: Joel Reicher <joel@panacea.null.org>
|
|
Date: Fri Jun 8 12:34:40 2018
|
|
Subject: [Imap-protocol] Shared group mailboxes and IMAP
|
|
In-Reply-To: <46F01DF4.2060804@rde-richw-3.stanford.edu>
|
|
References: <46F01DF4.2060804@rde-richw-3.stanford.edu>
|
|
Message-ID: <11850.1190176048@succubus.panacea.null.org>
|
|
|
|
> My school offers a "group e-mail account" facility to allow groups of
|
|
> two or more people (e.g., office staff, or a professor and his/her AA)
|
|
> to share access to a mailbox on a Cyrus IMAP server.
|
|
|
|
Why do you have a shared account when all you want is a shared mailbox?
|
|
|
|
I'm assuming by "account" you mean authentication details for IMAP. An
|
|
email address is something quite different, and can easily be aliased.
|
|
|
|
> The main snag, in my view, has to do with the authentication scheme for
|
|
> accessing group accounts. Rather than have a separate password for the
|
|
> group account (which would have to be known by all accessors, would need
|
|
> to be changed whenever any accessor left, and is essentially dismissed
|
|
> out of hand as an unacceptable security flaw), each user logs in to the
|
|
> group account IMAP server using his/her own individual ID (user name)
|
|
> and password.
|
|
|
|
IMHO a single set of authentication credentials for a group of people is
|
|
never the right solution. There's always a better way.
|
|
|
|
> A separate, web-based utility exists to allow owners of
|
|
> a group account to manipulate the account's ACL info and control who can
|
|
> access the account.
|
|
|
|
Do you mean access to the mailbox(es) here? Access to the account is
|
|
surely available to anyone who has the password.
|
|
|
|
> The group accounts are set up on the IMAP server under a separate name
|
|
> hierarchy (e.g., an account named "ourgroupaccount" is filed on the IMAP
|
|
> server under group.ourgroupaccount). Since users are authenticating to
|
|
> the server via their own user names (e.g., I would log in as "richw",
|
|
> not as "ourgroupaccount"), it doesn't appear to be possible to make the
|
|
> group accounts live in the regular "user" namespace -- the IMAP server
|
|
> wouldn't understand that I (having authenticated as "richw") want to
|
|
> see user.ourgroupaccount as the account's inbox (and not user.richw).
|
|
|
|
I really think you're getting "account" and "mailbox" very confused.
|
|
|
|
So far as I can tell you don't need a group account at all.
|
|
|
|
> I imagine that if there were some way for a mail client to tell the IMAP
|
|
> server that the account user name was "ourgroupaccount", but that the
|
|
> user would be logging in as a different user (e.g., "richw") and with
|
|
> such-and-so password, it might be possible to put the group mailboxes
|
|
> in the "user" namespace on the server, and things would be much cleaner.
|
|
> But I'm not aware of any non-kludgy way to do such a thing.
|
|
|
|
Exactly how you make a mailbox accessible to a group of users is
|
|
server implementation dependent. What server are you using?
|
|
|
|
For an example (the UW server in this case) you might like to read
|
|
|
|
http://www.washington.edu/imap/IMAP-FAQs/index.html#4.6
|
|
|
|
Cheers,
|
|
|
|
- Joel
|
|
|