From: Gary Mills (mills at cc dot UManitoba dot CA)
Date: Tue Jun 01 2004 - 09:53:53 EDT
I ran into a problem after upgrading SASL from 2.1.14 to 2.1.18,
and the cause seems to be realms. Both sendmail and Cyrus authenticate
with the same SASL libraries, using sasldb2 for secure methods.
After the upgrade, some users could not authenticate with SMTP, even
though they could with IMAP. Cyrus sets the realm in imapd.conf with
the `servername' keyword. Sendmail has no way to do this. It uses
the local hostname, which is different from the Cyrus realm. (I'm
about to fix that by patching sendmail.)
When a client connects to a server, there are two realms. The server
has a realm. The client provides a realm. There is a third realm
associated with the username and password in sasldb2. Do all three
of these have to match for authentication to succeed? What happens
if one or more of the realms are missing? Can they be omitted?
Can there be multiple realms?
-- -Gary Mills- -Unix Support- -U of M Academic Computing and Networking-