- Previous message: Blake Hudson: "Re: Moving Cyrus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Anthony Brock (no email)
Date: Fri Feb 02 2007 - 02:19:05 EST
I'm attempting to upgrade an older Cyrus IMAP server (using virtual domains)
from 2.1 to 2.2. The new server is running Debian Etch with the
cyrus-imapd-2.2 packages (currently version 2.2.13-10). While most of the
upgrade has gone relatively smoothly, I'm having problems with
authentication.
Previously, I was using saslauthd against an sasldb2 database. This worked
well, but I would like to migrate from this to our Kerberos 5 infrastructure
(multiple domains with cross-domain authentication working). Unfortunately,
it appears there isn't any means to force an upper-case realm for logins. In
fact, the only way I can get everything working seems to be with the
following configuration:
lmtp_downcase_rcpt: yes
username_tolower: no
loginrealms: <DOMAIN1.COM> <DOMAIN2.COM> <DOMAIN3.COM> <DOMAIN4.COM>
<DOMAIN5.COM> <DOMAIN6.COM>
virtdomains: userid
sasl_pwcheck_method: saslauthd
In this configuration, I can authenticate IF I provide a username such as
. However, it fails if I try to use .
Even worse, I have some customers using for their login.
Because of this, I would like to enable the 'username_tolower' option, but
this ALSO lowers the case of the realm!
Any suggestions on how to get IMAP working for virtual domains against
multiple Kerberos domains? Ideally, there should be an option such as
'realmname_toupper' that could be combined with 'username_tolower' to
resolve the entire case issue! Does such an option exist?
Is there a recommended solution? Ideas?
Tony
---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|