Jump To: Support > KB > NetManager > Email > MasterUsers
Master users to allow logging on as another user
It is possible to create special users that will allow you to log into IMAP as though you were another user. This could be useful for multiple reasons, e.g.
- Processing users' spam mailboxes to train spam filters
- Gain access to a user's mailboxes without having to reset their password
- Migrating mail
Master usernames and passwords cannot be used to logon to any other services, nor can they be used to log to IMAP as themselves.
To log in as a master user, use the destination account's username followed by an asterisk, then the master username. For example, to log onto the account of originaluser with the master used called imapmaster you should use a username of originaluser*imapmaster. You can use this in any IMAP client (e.g. Thunderbird, Outlook, etc.).
To create a new master user (or change the password)
The user must be created from the command line. If you want to specify the password on the command line, use the -b flag:
# htpasswd -b -c -B /etc/mail/masterusers imapmaster M5hwff9vMzV6YkvD Adding password for user imapmaster
Alternatively, miss off -b and enter the password twice when prompted:
# htpasswd -c -B /etc/mail/masterusers imapmaster New password: Re-type new password: Adding password for user imapmaster
The very first time you create a master user, you must run the imap build script for it to take effect. After that, changes will be immediate:
# /usr/libexec/build/imap
Testing
You can test using the telnet command. The following shows a master account called imapmaster being used to log into the account of a user called originaluser (very long lines truncated):
# telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN] Dovecot ready. a LOGIN originaluser*imapmaster M5hwff9vMzV6YkvD a OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY] Logged in a LOGOUT * BYE Logging out a OK Logout completed (0.001 + 0.000 secs). Connection closed by foreign host.
This demonstrates that imapmaster cannot log in directly as themslves:
# telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN] Dovecot ready. a LOGIN imapmaster M5hwff9vMzV6YkvD a NO [AUTHENTICATIONFAILED] Authentication failed. a LOGOUT * BYE Logging out a OK Logout completed. Connection closed by foreign host.