Re: saslpasswd2 and virtdomains


Subject: Re: saslpasswd2 and virtdomains
From: Igor Brezac (igor at ipass dot net)
Date: Mon May 19 2003 - 18:10:38 EDT


On Mon, 19 May 2003, Ken Murchison wrote:

> Quoting Igor Brezac <igor at ipass dot net>:
>
> >
> > On Sat, 17 May 2003, Ken Murchison wrote:
> >
> > > This is an unfortunte side-effect of the dual-mode virtdomains code. In
> > > addition to allowing user@domain login ids, it can also do reverse
> > > lookups of the IP address of the interface that the login comes in on to
> > > determine the domain. This happens by default if the login id is
> > > unqualified, which screws up what you are trying to do. I will take a
> > > look at making the virtdomains-by-IP code configurable (off by default).
> >
> > I suggest that the current behaviour is default (virtdomains-by-IP:
> > on)
>
>
> Why is that?
>
> Since I've received little to no feedback from people using virtdomains with
> multiple IPs, I'm assuming that this will solve more problems than it will create.
>
> Also, I can't think of anything that will break with fully qualified userids if
> I disable the reverse lookup by default. Do you disagree?

I may be missing something. Only unqualified userids should be run
through the reverse lookup. Now that I am thinking about it,
virtdomains-by-IP may not be needed unless someone wants to enforce fully
qualified username logins.

I think there is a bug in the admin check where the admin account is
always fully qualified with the reverse result even when fully qualified
login is specified. So, if admin account is 'admin'; defaultdomain is
'sub.domain.com'; reverse resolves to 'domain.com'; when I try cyradm
--user admin at sub dot domain dot com; admin at domain dot com will be used for password
check and I assume other admin operations. This looks like the problem
some people on this list have experienced. I am going to look in the
code.

-- 
Igor







Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD