cyrus sasl realm problem

Georg Gell georg_1 at
Sat Oct 1 07:25:11 EDT 2005


I have an old server with about 50 mail users, which uses cyrus imapd
with sasl and pam_mysql. The server settings are:
unixhierarchysep: no
virtdomains: no

On the new server, I want users to be able to log in with their email
addresses as username, but I want to let the old users use their old
username/password combinations. So I set
unixhierarchysep: yes
virtdomains: yes
sasl_pwcheck_method: auxprop
sasl_sql_engine: mysql
sasl_sql_select: SELECT password FROM accountuser WHERE username = '%u@%r'

This works well. But I want to migrate the old account to the new
machine. As I understand the docs, this should work, because username
without realm are used with defaultdomain as result. But this doesn't
happen for sasl authentication.

Let's say I have user georg with password georgpass on the old server. I
thought on the new server, I would leave the mailbox on cyrus like
user/georg, and for auth in the mysql database I would just add to each
username the, so that if the default domain
is added to the username we should be able to log in.

But something else happens (trying to use the pop server):
If I log in from a remote computer, reading the debug log, I see that
the user is being tested with as realm (username:
georg at
But if I log in from localhost, no realm is added(username: georg).

What I don't understand after spending much time reading the docs is this:
Who adds the realm, imapd or sasl? And why are they different depending
on the location from where I try to log in? And whatever adds the realm,
how is it decided what to use? And finally, how can I change it?

Thanks in advance!

Best regards


More information about the Info-cyrus mailing list