more virtual domain funnyness

[Christian Schulte]

Kendrick Vargas schrieb:
> Hi folks,
> 
> Ok, Igor, Ken, you both must be growing to hate me, but I'm starting to 
> understand the present need for the defaultdomain paramater. I'm sorry :-)
> 
> I have a question. Lets say I have a realm "example.com" and I have the
> defaultdomain paramater set to "example.com", and I also have "domain.com" 
> and "otherdomain.com" on the system. Now, lets say I have "cyrus" users in 
> each of those realms, and lets say I have the "admins" paramater set to 
> "cyrus". Will the "cyrus" user from any of those domains be able to 
> administrate the system, or will it just be the one from the default 
> domain?

It should be only the unqualified cyrus user specified in the admins 
line which can administrate the system. How the login of this 
unqualified userid looks like is determined by defaultdomain setting and 
by reverse-dns or servername. Try it out. All others are normal 
mailboxes cyrus at domain without any admin rights.

> 
> I'm starting to think that maybe there should be two different paramaters, 
> "admins" (analogous to domain admins) and "globaladmins" (global admins) 
> to allow more explicit declaration of who has which rights.

Why ? You can simply specifiy userids in the admins line. Unqualified 
userids are global admins and fully-qualified userids only have admin 
rights in theire domain. I do not know if "cyrus at defaultdomain" also is 
a global admin...logging in as "cyrus at defaultdomain" will lead to 
"defaultdomain" getting stripped, I think, so that "cyrus at defaultdomain" 
in the admins line will not work with defaultdomain beeing set to 
"defaultdomain" but I did not test that.

--
Christian