connecting to localhost or outside-IP makes difference with global admins ?

Ken Murchison ken at oceana.com
Sun Sep 14 09:12:30 EDT 2003 


Christian Schulte wrote:
> I have a question regarding cyrus 2.2 and virtual-domains turned on. It seems 
> that the behaviour of how global admins get authenticated changed somehow.
> 
> Connecting with cyradm to localhost (cyradm localhost)
> =>auxprop mysql will lookup the domain with the fqdn of the server
> Connecting with cyradm to IP (cyradm real-outside-ip)
> =>auxprop mysql will lookup the domain with the host-name stripped off of the 
> fqdn
> 
> Why ?
> 
> I did not set defaultdomain in imapd.conf but even changing anything with it 
> does not change that behaviour. I am pretty shure this got changed a few 
> weeks ago because it worked before no matter to where cyradm connected.

I haven't touched the virtdomain code in weeks/months.  My guess is that 
something in the SASL SQL plugin changed, or something in your DNS changed.


> 
> How can I get the old behaviour back so that I do not have to maintain two 
> different rows in the usertable one with the fqdn and another with the 
> stripped-host-from-fqdn domain ?
> 
> 
> --Christian
> 
> imapd.conf:
> 
> configdirectory: /var/imap
> partition-default: /var/spool/imap
> sievedir: /var/spool/sieve
> servername: host.domain.tld
> admins: admin
> 
> #defaultdomain: host.domain.tld 
> (gets stripped to just domain.tld during authentication if connecting to the 
> outside IP but not if connecting to localhost with cyradm) 
> Its commented out for me. Is that correct ?
> 
> sasl_pwcheck_method: auxprop
> sasl_auxprop_plugin: mysql
> sasl_allowanonymouslogin: no
> 
> sasl_allowplaintext: yes
> (Currently Outlook stops working for me if I set it to 'no'. Other clients I 
> tested supported DIGEST-MD5 and CRAM-MD5 correctly and so I think its an 
> OE-issue...)
> 
> sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
> ---snip---
> sasl_mysql_statement: select password from SASLUser where login='%u' and 
> domain='%r' and IMAP='YES'
> 
> connecting to localhost the query will be like:
> select password from SASLUser where login='admin' and domain='host.domain.tld'
> 
> connecting to the outside IP (even from localhost) the query will be like:
> select password from SASLUser where login='admin' and domain='domain.tld' and 
> IMAP='YES'
> --snip
> 
> idlesocket: /var/imap/socket/idle
> unixhierarchysep: yes
> virtdomains: yes
> altnamespace: on
> unix_group_enable: 0
> imapidresponse: no
> logtimestamps: 1
> lmtp_over_quota_perm_failure: 1
> autocreatequota: -1
> timeout: 15
> notifysocket: /var/imap/socket/notify
> 
> 

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp

More information about the Info-cyrus mailing list