craig at postnewspapers.com.au
Tue Nov 25 05:29:13 EST 2003
I'm not a Cyrus expert - being fairly new to it myself - but I thought
I'd jump in and explain my understanding of things in case it's useful
> I am trying to configure Cyrus-IMAP (version 2.1.12), and I am a little
> confused. As I understand it one of the main advantages of the Cyrus mail
> server is that the server is a sealed server.
It can run as a sealed server but it doesn't have to. I run Cyrus on a
host that does /many/ other things.
> Do I undestand correctly from
> this that the users do not have to be created on the OS of the Cyrus mail
> server, that the mailboxes just have to be created via the cyradm tool.
You will need some form of user authentication in addition to the
existance of mailboxes. The server needs to be able to validate that
that the person trying to log in as "bob" really is "bob" and should
have access to "bob"'s mailbox.
It's possible to have Cyrus look up a separate user database (sasldb,
private LDAP directory, etc) _or_ share the system's user authentication
(shared LDAP; PAM; unix auth, kerberos, etc). It's very common to use an
LDAP directory to authenticate users, either one private to cyrus or one
that's used by the rest of the system as well. Using PAM to share the
same authentication setup as the rest of the server is also common.
I found Cyrus's authentication quite complex at first, but it does make
sense - it's a bit complex because it's extremely flexible. I recently
did a "map" of the way the various ways cyrus can authenticate users -
it's a draft and not accompanied by any explanation, but in case it's of
any use you can read it here:
Most of these components are fairly well documented, it's just an
overview of how it all fits together that seems to be missing.
> is that you create the users on the OS but just don't provide them with a
That's possible too. You can also potentially have all normal users on
the OS able to access Cyrus, /and/ some extra Cyrus-only users. It all
depends on the authentication scheme you choose, and how you plug
I recently posted a rather badly written example config to the cyrus
wiki, based on my setup here. If it's of any interest, you can find it here:
My setup falls into the non-sealed server category, and every user with
mail access also has system login access - we don't need mail-only users
here at present.
Hope this helps.
More information about the Info-cyrus