Cyrus IMAP server + multiple kerberos realms/virtual domains
Derrick J Brashear
shadow at dementia.org
Sat Dec 4 15:51:20 EST 2004
On Thu, 2 Dec 2004, Nikola Milutinovic wrote:
>> But all of these are really far more complicated than just doing key
>> exchange between realms and putting all the mailboxes in one realm; more
>> recent cyrus' murder features are actually being used by cmu to have 2
>> realms (actually 3, but the 3rd is a test realm) with a common mailbox
>> namespace behind it. but, even that may be more complex than you need or
>> want. I'm not sure.
>
> I really don't want to complicate things, I've learned that lesson a long
> time ago.
>
> What would you advise me to do in my future setup?
Key exchange definitely makes things simpler. In imapd.conf, say
loginrealms: realm1 realm2 realm3
loginuseacl: t
then set acls to include e.g. user at realm2 and user at realm3 on the mailbox
for user (assuming realm1 is local) when you create a mailbox.
that's the simplest.
> I will definitely have two ADS domains, packed with users. They will all use
> OE and I can and will setup two VirtualDomains on the IMAP. The part that
> warries me is authentication. Will they be willing to talk to the IMAP server
> from another Kerberos realm?
My mail clients do, but I can't comment on OE.
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list