cyrus sasl realm problem

Georg Gell georg_1 at have2.com
Sat Oct 1 07:25:11 EDT 2005


Hello,

I have an old server with about 50 mail users, which uses cyrus imapd
with sasl and pam_mysql. The server settings are:
unixhierarchysep: no
virtdomains: no

On the new server, I want users to be able to log in with their email
addresses as username, but I want to let the old users use their old
username/password combinations. So I set
unixhierarchysep: yes
virtdomains: yes
defaultdomain: servername.domainname.com
sasl_pwcheck_method: auxprop
sasl_sql_engine: mysql
sasl_sql_select: SELECT password FROM accountuser WHERE username = '%u@%r'
...

This works well. But I want to migrate the old account to the new
machine. As I understand the docs, this should work, because username
without realm are used with defaultdomain as result. But this doesn't
happen for sasl authentication.

Let's say I have user georg with password georgpass on the old server. I
thought on the new server, I would leave the mailbox on cyrus like
user/georg, and for auth in the mysql database I would just add to each
username the @servername.domainname.com, so that if the default domain
is added to the username we should be able to log in.

But something else happens (trying to use the pop server):
If I log in from a remote computer, reading the debug log, I see that
the user is being tested with domainname.com as realm (username:
georg at domainname.com).
But if I log in from localhost, no realm is added(username: georg).

What I don't understand after spending much time reading the docs is this:
Who adds the realm, imapd or sasl? And why are they different depending
on the location from where I try to log in? And whatever adds the realm,
how is it decided what to use? And finally, how can I change it?

Thanks in advance!

Best regards

Georg





More information about the Info-cyrus mailing list