case sensitive authentication
Stepan Kadlec
skadlec at centrum.cz
Wed Feb 4 07:26:35 EST 2009
greetings,
I have seen some similar questions on the net but without any satisfying solution.
whenever cyrus passes the credentials to sasl, it is in lowercase (no matter what this options are set to: lmtp_downcase_rcpt, username_tolower, normalizeuid). the huge problem appears in case of using virtual domains and kerberos authentication - the domain part of the email address is used as kerberos realm, which is strictly case sensitive (usually uppercase). since sasl always receives the realm lowercased, the authentication never passes.
e.g.:
username (email): test at domain.tld
krb principal: test at DOMAIN.TLD
imaptest:~ # imtest -a test at DOMAIN.TLD -m login -p imap localhost -v
saslauthd[19448] :do_auth : auth failure: [user=test] [service=imap] [realm=domain.tld] [mech=kerberos5] [reason=saslauthd internal error]
how can this be solved?
btw. there is imho one more problem and it is how the realm is concluded (as the email domain part). some more generic option of mapping email to realms would be nice. is it possible?
thanks for any clue, steve.
More information about the Cyrus-sasl
mailing list