[POLL] Cyrus 2.2 virtdomains behavior (Was: global admin without defaultdomain?)

Christos Soulios soulbros at noc.uoa.gr
Fri Jan 2 12:28:51 EST 2004



Paul Boven wrote:
> Hi Christos, everyone,
> 
> Security is a very important thing. And security to me means encryption, 
> not only of the authentication phase but of the whole session. Now with 
> HTTPS I know you loose the ability to support virtual domains, because 
> the TLS session must be setup before the requested URL is transferred. 
> This means you can only have one hostname per IP-adres as soon as you 
> use SSL. Wouldn't you run into the same problem when enabling virtual 
> domain support on cyrus?
Well, I do not want to have a flame on this matter. Besides, it is 
beyond this thread what security is. To me your proposal is not about 
security, it is about content encryption. Encryption is just one aspect 
of security.


> I've deployed several single domain cyrus servers, but am working on my 
> first multidomain one, with Squirrelmail via SSL on top. So the way 
> things look now is that the machine will have only one hostname, 
> imap.example.com, and that everyone logs in with their complete 
> email-address as the fully qualified username, either with imaps or via 
> https and squirrelmail.
> In short: I think we should keep the ability to allow users to provide 
> fully qualified usernames.
I totally agree with you. The ability to append the domain to the user 
id is already implemented. What I suggest is just another option, which 
suits my needs and I think that there will be others which will find it 
useful in the future.



> 
> Regards, Paul Boven.

-- 
Christos Soulios (soulbros_at_noc.uoa.gr)

Microsoft is not the answer.
Microsoft is the question.
No is the answer.





More information about the Info-cyrus mailing list