E-mail usernames, realms, auxprop and other questions

Diego Rivera lrivera at racsa.co.cr
Wed Oct 15 00:06:38 EDT 2003


NOTE: Please disregard my previous post with same subject but from an
alternate mail address - forgot to change sender address upon
submission.

---------------------------------------------------------------------

Hello all

Obviously my understanding of SASL is limited, so please bear with me
and try to humor my stupid questions with real answers if it's within
your grasp to do so  :)

I have an installation wherein one Cyrus IMAP server will be the central
mail repository for several different groups of users (read: username
clashes are likely).  There will also be a postfix instance which will
authenticate these users in a similar manner.

Thus, I'm pondering the option of using E-Mail styled logins, to
distinguish against which backend I need to authenticate which user.

Thus, some users are authenticated against Active Directory, others
against a MySQL database (2 separate groups on 2 separate databases),
yet others against PAM.

(Don't ask - not my call :) ).

I'm wondering HOW the realm information is correctly gleaned from an
e-mail styled login, and under what circumstances it would NOT be.

I read somewhere that PLAIN auth doesn't support this, as it has no
concept of realms (for some clients I'll have to use this mechanism -
there are still people with Windows95 and just-as-old IMAP clients for
christ's sake!!).

Implementing Kerberos is right out - just the thought of trying to get
it and AD to play well together makes my skin crawl.  Nevermind the guys
in MySQL and PAM....

The way I'm thinking of going about it is writing an auxprop plugin to
handle the "multiplexing" once the realm information has been determined
(or, to extract it and use it as needed IF this is an appropriate step
to take).

So, in summary, my questions are:

1) Under what circumstances does SASL determine automatically which
realm the user belongs to given an e-mail style login?

2) Would it be correct for an auxprop plugin to extract and use this
information regardless (proxy_realms settings notwithstanding ... I
think), and make use of it?


Rather - the one question is: how do I achieve this?!?!  :)

Best wishes

Diego
-- 
===========================================================
* Diego Rivera                                            *
*                                                         *
* "The Disease: Windows, the cure: Linux"                 *
*                                                         *
* E-mail: lrivera<AT>racsa<DOT>co<DOT>cr                  *
* Replace: <AT>='@', <DOT>='.'                            *
*                                                         *
* GPG: BE59 5469 C696 C80D FF5C  5926 0B36 F8FF DA98 62AD *
* GPG Public Key avaliable at: http://pgp.mit.edu         *
===========================================================
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20031014/01521200/attachment.bin


More information about the Info-cyrus mailing list