[POLL] Cyrus 2.2 virtdomains behavior (Was: global admin without defaultdomain?)

Christos Soulios soulbros at noc.uoa.gr
Thu Jan 1 09:31:25 EST 2004


Quoting Ken Murchison <ken at oceana.com>:


> 
> But authentication should fail in this case, unless the user's in two 
> different domains have the same userid and password.
> 
Actually, I think that it is more efficient if cyrus-imap did all the virtual
domains handling, without the assistance of any authentication mechanism.


> Don't know.  Rob and I wondered what would be the reasonable thing to do 
> if byipaddess was configured and a user used a fully qualified userid to 
> log in.
If the domain passed in the fully qualified userid matches the domain selected
from the ipaddress, then cyrus, proceeds to authenticate user using sasl. If it
is different, then authentication fails without even making a query to the
authentication mechanism. 

> Its not a problem to implement it.  I'd like to get some more discussion 
> on how the two methods can/should interact.
These methods are totally different and there is no reason/need for interacting.
One method uses _only_ the userid to find out the user's virtual domain, the
other one uses _only_ the host's ip address. 

Christos






More information about the Info-cyrus mailing list