global admin without defaultdomain?

Christian Schulte cs at schulte.it
Mon Dec 29 05:45:11 EST 2003 

Kendrick Vargas schrieb:
> On Fri, 26 Dec 2003, Christian Schulte wrote:
> 
> 
>>Kendrick Vargas schrieb:
>>
>>>I tried adding "defaultdomain: fakedomain.com" and even setting
>>>"servername: fakedomain.com" without it making a difference. Any other
>>>suggestions?
>>
>>I have
>>
>>servername: imap.somename.com
>>admins: someadmin
>>
>>and no default domain! If I login as "someadmin" mysql auxprop plugin 
>>will query for "someadmin at imap.somename.com" and after authentication 
>>this will be the global admin "someadmin" from the admins line with all 
>>rights.
> 
> 
> This tends to go against the docs (as well as what everyone else is 
> saying). However, I decided to try it, and it just doesn't work for me. I 
> can log in as the user, but I can't create miscellaneous mailboxes. Which 
> server version are you using? I'm on 2.2.2-BETA.
> 			-peace
> 

The imapd with which I do this is bound to localhost 127.0.0.1 and there 
this works. You are right that if I change it to bind to a public 
accessible interface it does not work anymore for some reason. When I 
change it to a public interface login-lookups will be done by the domain 
of the reverse-dns domain from that interface or taken from the 
servername configuration if no lookup succeedes. For me the servername 
directive played a role and I think /etc/hostname also had influence 
here if it is not fully qualified (mainly running hostname did not show 
a domain) ! Say if I bind imapd to 1.2.3.4 and reverse-dns tells 1.2.3.4 
has name imap.somedomain.com the lookup will be done to 
user at somedomain.com for unqualified logins (host gets stripped). If 
1.2.3.4 reverse-dns name would be something unqualified so that the 
host-name stripping mechanism cannot correctly construct the domain, 
behaviour again changes but I do not remember what then happens exactly. 
I really tried a lot to get global admin rights from the outside one 
year ago. I ran the relevant code under gdb many times trying to 
understand what exactly changes if connections do not come from 
localhost anymore and I remember I somehow could prove that nobody ever 
will be able to get global admin rights from the outside for me. At this 
point I somehow liked the possibility to not let a global admin login 
when not connecting to localhost for security reasons that much that I 
did not want to change that behaviour anymore :-)
Since you enabled virtdomains why do you still want unqualified logins 
if not due upgrading reasons from an old installation with unqualified 
logins ? This all only has to do with unqualified logins which I do not 
want/need except for the global admin. If someone plans on changing the 
behaviour with the global admin and defaultdomain I would really like to 
keep the ability to not let a global admin in if not connecting to 
localhost and of course there should be a note about the change so that 
next time updating cyrus I do not open up a security hole I spent hours 
to prove that its greatly closed and safe :-)

--
Christian

More information about the Info-cyrus mailing list