Cyrus IMAP server + multiple kerberos realms/virtual domains

[Nikola Milutinovic]

Derrick J Brashear wrote:

> Exchange keys between realms and install only the correct service key on 
> the imap server? I'm not sure why you'd want to use more than one 
> service key for the server. If you did, well, perhaps the right answer 
> is 2 IP addresses, one master running on each, with different config 
> files, but using the same mail backend (or a murder setup with multiple 
> frontends); But all of these are really far more complicated than just 
> doing key exchange between realms and putting all the mailboxes in one 
> realm; more recent cyrus' murder features are actually being used by cmu 
> to have 2 realms (actually 3, but the 3rd is a test realm) with a common 
> mailbox namespace behind it. but, even that may be more complex than you 
> need or want. I'm not sure.

I really don't want to complicate things, I've learned that lesson a 
long time ago.

What would you advise me to do in my future setup?

I will definitely have two ADS domains, packed with users. They will all 
use OE and I can and will setup two VirtualDomains on the IMAP. The part 
that warries me is authentication. Will they be willing to talk to the 
IMAP server from another Kerberos realm?

That is the only reason why I am investigating multiple kerberos realms 
on one IMAP server.

TYIA,
Nix.
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html