`cyradm` login & `lm` behavior with Virtual Domains

Reg Proctor reg at seowebsales.com
Sat Jan 21 05:59:47 EST 2012


Hi,

I just want to confirm that logging into cyradm as I am experiencing it
is normal and that lm is behaving as it should be. It seems a little
unusual to me.


First cyradm logging in,  here is what I am seeing:

To log into cyradm I have to set my defaultdomain to localhost and then
I can login like this:

cyradm -u cyrus localhost
pwd: xxxxxx

However, using MySQL and setting the tracing so I can see the SQL
statements I actually see this:

SELECT AES_DECRYPT(`password`, 'xxxxxxxxxxxxx') AS password 
FROM `accounts` 
WHERE `user`='cyrus' AND `realm`='www.domain.com' AND `virtual` != 0;

where `www.domain.com` is the fully qualified domain name (FQDN) of the
server. This means in the database if the user is stored as [user:
cyrus, realm: localhost], the login will fail. Instead the use has to be
stored as [user: cyrus, realm: www.domain.com ], and once that change is
made I can login.

While this is trivial once you know it I couldn't find where is
mentioned that that would be the behavior in the docs. Also, and perhaps
more importantly, it makes the database non-portable to other servers
which may cause problems with a high availability setup through multiple
servers where someone is replicating a database periodically.

Second, `lm` wildcard behavior:

With `lm`, once I am logged in this is the behavior I am seeing with
wildcards:

Works:
lm
lm *
lm *@fulldomain

Doesn't work:
lm *@*
lm *@partialdomain*

It seems to me that if my domain was abc.com and I wanted to list all
users I should be able to do so with lm *@abc* or lm *@ab* etc. however
anything but the full domain will not work. Neither I guess would
something like fred@* if you wanted to find all the fred's (not that I
can see any reason to do that).

I'm just wondering if this is by design or perhaps could be improved or
maybe my distr. has a bug?

Thanks,
Reg




More information about the Info-cyrus mailing list