On Tue, 30 Dec 2003 13:33:37 -0500 Ken Murchison <[EMAIL PROTECTED]> wrote:
> Its not a problem to implement it. I'd like to get some more discussion > on how the two methods can/should interact. Let me share my point of view: virtdomains=off: server accepts & authenticates usernames without @domain on any interface it is configured to listen on. this is basically the 2.1 behaviour, so let say the handling of [EMAIL PROTECTED] kind of usernames is undefined (because there were some early 3rd party patches to handle them). admin is only one, so no need for global admins. virtomains=userid server server accepts & authenticates usernames without @domain on any interface it is configured to listen on only if the defaultdomain is set. without defaultdomain server accepts & authenticates only usernames in the form [EMAIL PROTECTED], where domain specifies the hirearchy tree the user belongs to. global admin should be specified without the @domain and admin users with @domain should only have rights over their domain tree. virtdomains=ipaddr (or something) here we need to teach server the ip->domain mapping. reverse dns? most likely. server accepts & authenticates usernames without @domain on appropriate interfaces (ip adresses) and it searches for username only in the domain the ip adress the user is coming from belongs. [EMAIL PROTECTED] usernames should be rejected IMHO. global admin should be specified without the @domain and authenticated on any ip address. per domain admin users should be specified with @domain and should only authenticate when coming to the right ip address. virtdomains=on server first looks for [EMAIL PROTECTED], then in case of user the ip address and then the defaultdomain setting. reject if none are available. global admin should be specified without the @domain and admin users with @domain should only have rights over their domain tree. This is how i would lay out things ... dont know if it matches current status accurately. Are here any obvious shortcomings and problems i'm not seeing? -- Jure PeÄar
