2.2 imap virtual domains and realms questions

Chris Hamilton chris at ambigc.com
Mon May 26 04:30:06 EDT 2003

Hi, we are implementing an email system using kerberos, ldap, cyrus, and 

There appears to be two ways of dealing with multiple realms in cyrus:

Pre 2.2 cyrus (and hopefully 2.2+)
All realms that receive mail are mapped to one namespace.

2.2+ cyrus
Virtual domains can be used to separate realms (I think). But user acls 
cannot cross realms.

Questions for 2.2:
Assuming kerberos realms can equal email domains. What happens when 
kerberos realms != email domains? Is there an aliasing
1 to 1 (ie. a non domainname krb realm - FOOBAR not FOOBAR.COM)
Many to 1 (ie. all these realms -> one email domain)

General dumb question:
How does kerberos cross realm authentication work?
(What does cyrus see as a 'userid' when coming in from
another realm?)

Thanks for your time,
Chris Hamilton

More information about the Info-cyrus mailing list