handling unqualified names?

Bill Kearney wkearney99 at hotmail.com
Sun Nov 27 19:00:18 EST 2005

> Have you tried virtdomains: userid ? This will disable the reverse lookup.

Yes, it doesn't reverse but it also tacks on the domain.tld of the server.
Or, more accurately, it tacks on the domain.tld of the interface on which
the connection was made.  So if is 'mail.domain2.tld' then
connections into it would be from 'user at domain2.tld'.  Equally true if there
are other IP addresses configured to respond to mail then their domain.tld
will be used.

> It does work in cyrus and I think it also does work with SASL auxprop
> LDAP. It does not work with auxprop SQL where this auxprop plugin will
> always append the servername as a realm to unqualified userids.

Ah, that explains it.  I'll have to compare the source between the sql.c
plugin and the others.

> you set virtdomains: userid and login with an unqualified userid the
> auxprop plugin will always append the servername.

The 'auxprop' concept itself?  Or the SQL plugin that's called via auxprop?

> I may be wrong here, but the defaultdomain setting is there to
> "unqualify" qualified userids. So if you login with joe at domain3.tld as
> in your example above the defaultdomain is stripped and the userid
> becomes joe. SASL auxprop plugin SQL will then append the servername as
> a realm leading to a lookup of joe at mail.domain4.tld.
> So the answer is that auxprop plugin SQL does not support unqualified
> userids, I think.

Unfortunately you may be correct.  Which may lead me back to using pam_mysql
via saslauthd.  Six steps forward, eight steps back, it seems.  Here I was
thinking it'd be more efficient to call SQL directly, but noooooooo!  Yeesh.
Of course by using PAM I get stuck not being able to use challenge-response,

-Bill Kearney

More information about the Info-cyrus mailing list