Cannot get loginrealms to work with 2.0.16

Michael Fair michael at daclubhouse.net
Mon Sep 16 16:53:48 EDT 2002 

You didn't provide us enough information as to
which strings exactly you are trying to 
authenticate with and do your domains include
"." in them and if so do you have unixheirsep
turned on so that "." is allowed in names.

A properly configured environment would:
A) Have unixheirsep turned on
B) Each user mailbox would be created with
     cm user/user at domain.dom
C) saslpasswd would have been run as:
     saslpasswd -u domain.dom -c user
D) The user would type their username as:
     user at domain.dom

If you do not have "." in the domain names
then strip ".dom" from the above examples
and the unixheirsep is optional.

It's possible that what might be happening
is your IMAP users are authenticating just
fine, but they have no "INBOX" so it looks
like SASL isn't authenticating.  What do you
see in your logs?

-- Michael --

----- Original Message ----- 
From: "Christian Schulte" <cs at schulte.it>
To: <info-cyrus at lists.andrew.cmu.edu>
Sent: Monday, September 16, 2002 12:24 PM
Subject: Cannot get loginrealms to work with 2.0.16


> Hi,
> 
> if I place a line into imapd.conf which looks like:
> 
> loginrealms:    domain1 domain2 domain3
> 
> and have users created in my sasldb-file like
> 
> user1 at domain1
> user2 at domain2
> user3 at domain3
> 
> where domain1 is the local machines' realm, I can only login with 
> user1 at domain1 but not with user2 and user3 because they are in another 
> realm. What am I making wrong ? Isn't the loginrealms directive the 
> place to make user2 and user3 be able to login also ? The sendmail 
> installation on the same host uses the same sasldb-file and 
> user2 at domain2 and user3 at domain3 can authenticate with sendmail and 
> sendmail works with all realms ! What am I missing here ?
> 
> 
> loginrealms: <none>
>           The list of remote realms whose users may log in  using
>           cross-realm  authentications.  Seperate each realm name
>           by a space.  (A cross-realm identity is considered  any
>           identity returned by SASL with an "@" in it.)
> 
> 
>

More information about the Info-cyrus mailing list