[Kolab-devel] setting allowcrossdomainacls yes

Jeroen van Meeuwen (Kolab Systems) vanmeeuwen at kolabsys.com
Fri Aug 27 18:43:10 CEST 2010


Gavin McCullagh wrote:
> Hi Gunnar,
> 
> On Thu, 19 Aug 2010, Gunnar Wrobel wrote:
> 
> > Sorry, yes, I saw the message but new I would have to try this myself  
> > before giving a reliable response. So let me just cc Sascha here. He  
> > knew more about the topic than I did. Sascha, can you help out? Thanks!
> 
> Sorry, I didn't mean to be impatient.  This would be a pretty important
> feature for us.
> 

Hi Gavin,

I'm interested in what your actual use-case is; Let me try and phrase a few 
scenarios that I can think of, this patch would be useful for;

user at country1.company.com versus user at country2.company.com

user at company.country1 versus user at company.country2

But the patch / feature implementation may most definitely not allow the 
following to happen:

ceo at novell.com versus lawyer at sco.com

Of course I'm exaggerating this example a little, but I hope you catch my 
drift.

By having a better understanding of what realm and scenarios cross-domain acls 
would be useful for, I'm hoping to make a patch submitted to upstream just a 
little more to their liking and solve the potential security risk.

-- 
Jeroen van Meeuwen
Senior Engineer, Kolab Systems AG

e: vanmeeuwen at kolabsys.com
t: +316 42 801 403
w: http://www.kolabsys.com

pgp: 9342 BF08




More information about the devel mailing list