On Thu, 16 Oct 2003, Stephan Buys wrote: > Hi all, > > We are using unixhierarchysep and lmtp on our server, with usernames in the > form of [EMAIL PROTECTED], user information and passwords resides in LDAP and > is accessed through SASL. > > The fact that we use unixhierarchysep allows us to easily support > multiple domains, ie. [EMAIL PROTECTED], [EMAIL PROTECTED], etc. > > I was wondering what mechanism was used to associate a Cyrus mailbox > with a Kerberos user principal? Kerberos will obviously not allow for > usernames in the form that we use them, although multiple realm support > is an option.
You can look at auth_krb.c for how usernames are canonicalized. > As I understand it SASL only support the default realm as well? No, this isn't the case. The default/local realm is stripped from the user identifiers, but you can use the loginrealms option to allow logins from other realms (the userids still keep the @ sign + realm though) > Would it be possible to use SASL + Kerberos V at all in this situation? Depending on what exactly you need, "maybe", With Cyrus 2.1 you really don't have a good way of doing virtual domains. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
