Subject: Re: saslpasswd2 and virtdomains
From: Igor Brezac (igor at ipass dot net)
Date: Mon May 19 2003 - 18:10:38 EDT
On Mon, 19 May 2003, Ken Murchison wrote:
> Quoting Igor Brezac <igor at ipass dot net>:
> > On Sat, 17 May 2003, Ken Murchison wrote:
> > > This is an unfortunte side-effect of the dual-mode virtdomains code. In
> > > addition to allowing user@domain login ids, it can also do reverse
> > > lookups of the IP address of the interface that the login comes in on to
> > > determine the domain. This happens by default if the login id is
> > > unqualified, which screws up what you are trying to do. I will take a
> > > look at making the virtdomains-by-IP code configurable (off by default).
> > I suggest that the current behaviour is default (virtdomains-by-IP:
> > on)
> Why is that?
> Since I've received little to no feedback from people using virtdomains with
> multiple IPs, I'm assuming that this will solve more problems than it will create.
> Also, I can't think of anything that will break with fully qualified userids if
> I disable the reverse lookup by default. Do you disagree?
I may be missing something. Only unqualified userids should be run
through the reverse lookup. Now that I am thinking about it,
virtdomains-by-IP may not be needed unless someone wants to enforce fully
qualified username logins.
I think there is a bug in the admin check where the admin account is
always fully qualified with the reverse result even when fully qualified
login is specified. So, if admin account is 'admin'; defaultdomain is
'sub.domain.com'; reverse resolves to 'domain.com'; when I try cyradm
--user admin at sub dot domain dot com; admin at domain dot com will be used for password
check and I assume other admin operations. This looks like the problem
some people on this list have experienced. I am going to look in the