Christian Schulte wrote:
I have a question regarding cyrus 2.2 and virtual-domains turned on. It seems that the behaviour of how global admins get authenticated changed somehow.
Connecting with cyradm to localhost (cyradm localhost)
=>auxprop mysql will lookup the domain with the fqdn of the server
Connecting with cyradm to IP (cyradm real-outside-ip)
=>auxprop mysql will lookup the domain with the host-name stripped off of the fqdn
Why ?
I did not set defaultdomain in imapd.conf but even changing anything with it does not change that behaviour. I am pretty shure this got changed a few weeks ago because it worked before no matter to where cyradm connected.
I haven't touched the virtdomain code in weeks/months. My guess is that something in the SASL SQL plugin changed, or something in your DNS changed.
How can I get the old behaviour back so that I do not have to maintain two different rows in the usertable one with the fqdn and another with the stripped-host-from-fqdn domain ?
--Christian
imapd.conf:
configdirectory: /var/imap partition-default: /var/spool/imap sievedir: /var/spool/sieve servername: host.domain.tld admins: admin
#defaultdomain: host.domain.tld (gets stripped to just domain.tld during authentication if connecting to the outside IP but not if connecting to localhost with cyradm) Its commented out for me. Is that correct ?
sasl_pwcheck_method: auxprop sasl_auxprop_plugin: mysql sasl_allowanonymouslogin: no
sasl_allowplaintext: yes
(Currently Outlook stops working for me if I set it to 'no'. Other clients I tested supported DIGEST-MD5 and CRAM-MD5 correctly and so I think its an OE-issue...)
sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
---snip---
sasl_mysql_statement: select password from SASLUser where login='%u' and domain='%r' and IMAP='YES'
connecting to localhost the query will be like: select password from SASLUser where login='admin' and domain='host.domain.tld'
connecting to the outside IP (even from localhost) the query will be like:
select password from SASLUser where login='admin' and domain='domain.tld' and IMAP='YES'
--snip
idlesocket: /var/imap/socket/idle unixhierarchysep: yes virtdomains: yes altnamespace: on unix_group_enable: 0 imapidresponse: no logtimestamps: 1 lmtp_over_quota_perm_failure: 1 autocreatequota: -1 timeout: 15 notifysocket: /var/imap/socket/notify
-- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
