[POLL] Cyrus 2.2 virtdomains behavior (Was: global admin without
defaultdomain?)
Ken Murchison
ken at oceana.com
Thu Jan 1 10:26:31 EST 2004
Jure Pečar wrote:
> virtdomains=ipaddr (or something)
>
> here we need to teach server the ip->domain mapping. reverse dns? most
> likely.
> server accepts & authenticates usernames without @domain on appropriate
> interfaces (ip adresses) and it searches for username only in the domain the
> ip adress the user is coming from belongs. user at domain usernames should be
> rejected IMHO. global admin should be specified without the @domain and
> authenticated on any ip address. per domain admin users should be specified
> with @domain and should only authenticate when coming to the right ip
> address.
So, you're suggesting that admins always use fully qualified userids?
This would work, but it requires that an unqualified userid be checked
to see if its an admin before appending the domain from the ip address.
This is probably the easiest way to handle the global admin without
enforcing a default domain and also allows something like:
admins: cyrus cyrus at domain1 cyrus at domain2
Is there a problem if *any* user is allowed to use a fully qualified
userid in an ipaddr config?
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the Info-cyrus
mailing list