[POLL] Cyrus 2.2 virtdomains behavior (Was: global admin without defaultdomain?)

Paul Boven p.boven at chello.nl
Fri Jan 2 11:13:06 EST 2004


Hi Christos, everyone,

Christos Soulios wrote:

> Security is one thing. More than this, my opinion is that in order cyrus 
> to be deployed in a true multi domain environment, and thus actually be 
> used by ISPs, admins must be able to distribute the virtual domains 
> according to the name of the server, users are connecting to. In such a 
> multi domain environment, users have no abillity to choose their domain 
> by appending a @domain to their userid.

Security is a very important thing. And security to me means encryption, 
not only of the authentication phase but of the whole session. Now with 
HTTPS I know you loose the ability to support virtual domains, because 
the TLS session must be setup before the requested URL is transferred. 
This means you can only have one hostname per IP-adres as soon as you 
use SSL. Wouldn't you run into the same problem when enabling virtual 
domain support on cyrus?
I've deployed several single domain cyrus servers, but am working on my 
first multidomain one, with Squirrelmail via SSL on top. So the way 
things look now is that the machine will have only one hostname, 
imap.example.com, and that everyone logs in with their complete 
email-address as the fully qualified username, either with imaps or via 
https and squirrelmail.
In short: I think we should keep the ability to allow users to provide 
fully qualified usernames.

Regards, Paul Boven.




More information about the Info-cyrus mailing list