Same mailbox with different logins

Bron Gondwana brong at fastmail.fm
Fri Sep 18 20:19:01 EDT 2009


On Fri, Sep 18, 2009 at 06:06:52PM -0500, Scott Lambert wrote:
> On Fri, Sep 18, 2009 at 11:24:08PM +1000, Bron Gondwana wrote:
> > On Fri, Sep 18, 2009 at 03:43:20PM +0300, Evgeniy Arbatov wrote:
> > > Hello,
> > > 
> > > A question: I want users authenticating with two different usernames
> > > to Cyrus IMAP to be able to access the same mailbox.
> > > 
> > > For example, I wish this to be the case ("login name" -> "mailbox"):
> > > 
> > > username -> user/firstname.lastname at domain
> > > firstname.lastname at domain ->  user/firstname.lastname at domain
> > > 
> > > What would be the way to proceed?
> > 
> > Well - we just put an nginx proxy in front, and have the authentication
> > daemon return the "correct" username to pass to the backend, regardless
> > of the username used.  That's one option.
> > 
> > What's the use case anyway?  You can use aliases for delivery, why does
> > the one user need two different usernames?
> 
> I don't know about the original poster but the ISP I work for has been
> doing e-mail with sendmail and IMAP-UW.
> 
> All usernames are of the form username at maindomain, only they don't use
> @maindomain.
> 
> Customer domain users use mailboxes of the form
> domainSpecificPrefixOf2or3characters_localpart for
> localpart at customerdomain.
> 
> virtusertable:
> localpart at customerdomain.com	cd_localpart
> 
> We would like to get those users out of the maindomain and have them
> switch to using mailboxes of localpart at customerdomain.com and be able
> to login as localpart at customerdomain.com but have compatibility with
> the old way of loging in as cd_localpart as well, at least during the
> transition period. 

That's almost exactly what we did at FastMail - though the other way around.
We still have old mailboxes with the old names, but everyone has to log in
as username at domain now.

Nginx supports sending an arbitrary username to the backend.  The
authentication protocol is basically HTTP (username and password sent as
headers in the request and result as headers in the response) so it's
easy to extend and support new fields, and you can write your authentication
daemon in any language pretty easily, especially if it has a HTTP library.

Bron.




More information about the Info-cyrus mailing list