Virtual Domains and authentication
Andrew Koros
akoros at ke.uu.net
Tue Aug 12 07:53:51 EDT 2003
On Tue, 2003-08-12 at 14:18, Simon Matter wrote:
> > On Tue, 2003-08-12 at 11:47, Michael Fair wrote:
> >> I've never used pam for virtual domains but the general idea
> >> is that the user provides the fully qualified user at domain.dom
> >> as their userid. SASL splits that up into a "realm" and a
> >> user so in terms of SASL, creating the user looks something
> >> like this:
> >> saslpasswd -c -U domain.dom userid
> >>
> >> I really can't say how this will map to PAM since PAM really
> >> doesn't support the concept of realms (as I understand it).
> >>
> >> -- Michael --
> >>
> > Hi,
> >
> > With pam you can have IMAP accounts of the type: username.domain.tld so
> > that mail sent to username at domain.tld is delivered to a cyrus account:
> > username.domain.tld
> >
> > This needs the the option "unixhierarchysep: yes" is set in the
> > /etc/imapd.conf.
> >
> > There are howto's showing how to achieve this:
> > http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/index.html
> > and
> > http://home.teleport.ch/simix/RPMS/Cyrus-imapd/contrib/Postfix+cyrus+postgreSQL+web-cyradm.pdf
> >
> > In the new cyrus-2.2.x (now in beta) username at domain.tld will be
> > allowed. Otherwise for now you can use the Perdition IMAP/POP proxy
> > server(http://vergenet.net/linux/perdition/) or get a patch (I think),
> > for the current stable 2.1.x series.
>
>
> My question remains how will the new 2.2 fit in PAM? Does it only work for
> the default domain? (Sorry I didn't study the virtual domain docs yet)
>
> Simon
>
Yeah, the username.domain.tld idea should work with the default domain
since this scheme in actual fact just rewrites mail destined to
username at domain.tld to username.domain.tld at defaultdomain with respect to
the IMAP server.
My understanding is that in the new 2.2.x series setting the option
"virtdomains: no" in the imap.conf essentially causes the 2.2.x to
behave like the 2.1.x with regard to virtual domains. But even with
"virtdomains: yes" username.domain.tld at defaultdomain should still work
since username.domain.tld at defaultdomain is a valid address. The burden
of the rewrite lies with the MTA before it calls the LMTP agent.
However I' am yet to experiment with all this ;-)
~/Andrew Koros.
>
> >
> >>
> >> "James Satterfield" <james at uberduper.com> wrote in message
> >> news:1059956276.eba8c41ce07f8 at boingo.uberduper.com...
> >> > I'm having a lot of difficulty wrapping my mind around authentication
> >> for
> >> a
> >> > virtual domain configuration. I would like to use PAM for auth, but I
> >> don't see
> >> > how to get around the '@' in the usernames. I see nothing in the docs
> >> that
> >> > address how to setup auth for virtual domain support.
> >> > Do any of you have any tips, howtos, advice, config examples?
> >> >
> >> > Thanks,
> >> > James.
> >> >
> >> >
> >>
> > --
> > Andrew Koros
> > Developer, Systems Services
> >
> > UUNET KENYA LTD
> > 2nd Floor Parkside Towers
> > Mombasa Road, Nairobi
> >
> > Tel: +254 2 69088618
> > Fax: +254 2 69088001
> > Email: akoros at ke.uu.net
> >
> > http://www.uunet.co.ke
> >
> > NOTICE: "The contents of this e-mail and any accompanying documentation is
> > confidential and any use thereof, in whatever form, by anyone other than
> > the
> > addressee for whom it is intended, is strictly prohibited."
> >
> >
--
Andrew Koros
Developer, Systems Services
UUNET KENYA LTD
2nd Floor Parkside Towers
Mombasa Road, Nairobi
Tel: +254 2 69088618
Fax: +254 2 69088001
Email: akoros at ke.uu.net
http://www.uunet.co.ke
NOTICE: "The contents of this e-mail and any accompanying documentation is
confidential and any use thereof, in whatever form, by anyone other than the
addressee for whom it is intended, is strictly prohibited."
More information about the Info-cyrus
mailing list