cascade auth
Steve Kondik
shade at chemlab.org
Fri Feb 4 08:42:11 EST 2005
We're currently using a "cascading" authentication mechanism to preserve
compatibility with legacy users. The system works like this..
username at domain1.com
username at domain2.com
(where both usernames are the same)
The user can log in with either their fully qualified address, or as
just the short username. If the short username is used, the database
looks up the account by matching "username@%" with the password. I
realize that this is a security concern, but we haven't had an issue and
it keeps the customers happy.
I've been looking at Cyrus as a possible migration path from our current
setup, which uses a maildir/NFS backend that has caused me endless
grief. Is there any way to accomplish this kind of lookup in Cyrus?
I think I'd need a way for SASL to tell Cyrus the real mailbox name (the
fully qualified address) after a successful auth, instead of just
telling Cyrus that the auth was successful (sort of how Courier's
authdaemon does it).
Also, has there been any work on storing quotas in an external database?
--
Steve Kondik <shade at chemlab.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20050204/bed85c83/attachment.bin
More information about the Info-cyrus
mailing list