SASL and default domain

[brian]

On 12-08-20 03:29 PM, Dan White wrote:
> On 08/19/12 19:39 -0400, brian wrote:
>> I'm having some trouble configuring SASL for a new server. Specifically,
>> it seems, with realms. I'm now at the point where imtest works with the
>> virtual domains but not with the default domain.
>>
>> I'm using sasldb through auxprop. In the past I've always done:
>>
>> saslpasswd2 -c username at DOMAIN.TLD
>
> Does imtest authentication work if you leave out the domain?

No. Same result, same log msg.

> Will your postfix users be logging in with a fully qualified username? If
> so, consider forgoing a defaultdomain within imapd.conf.

Yes. And that's why I'd left that blank at first. But then I realised 
that the original server has it set.

> Use 'smtptest' to test your postfix authentication.

Authenticated.

>> /etc/imapd.conf:
>>
>> loginrealms: DEFAULT.TLD VDOMAIN1.TLD VDOMAIN2.tld
>> virtdomains: userid
>> defaultdomain: DEFAULT.TLD # also tried this empty
>
> Note that if you created any mailboxes (in the default domain) while this
> option was empty, they will likely be inaccessible now. You may need to
> recreate them. They should show up in your filesystem without any domain
> reference. And vice versa.

Yes, they are not under the domain directory, but under the first letter 
of the users.

I created a password entry for a non-existent mailbox:

sudo /usr/sbin/saslpasswd2 -c -u VDOMAIN1.TLD foo

And then:

imtest -v -m plain -a foo at VDOMAIN1.TLD localhost

Authenticated. Not what I would expect if Cyrus needs to find the 
mailbox in order to authenticate.

Regardless, I deleted the default domain mailboxes, stopped Cyrus and 
made sure the directories were gone, commented defaultdomain, started 
Cyrus, and then created the mailboxes again.

Authenticated!

Thanks so much for pointing me in the right direction.