On Fri, 2 Jan 2004, Paul Boven wrote:
> Christos Soulios wrote:
>
> > Security is one thing. More than this, my opinion is that in order cyrus
> > to be deployed in a true multi domain environment, and thus actually be
> > used by ISPs, admins must be able to distribute the virtual domains
> > according to the name of the server, users are connecting to. In such a
> > multi domain environment, users have no abillity to choose their domain
> > by appending a @domain to their userid.
>
> Security is a very important thing. And security to me means encryption,
> not only of the authentication phase but of the whole session. Now with
> HTTPS I know you loose the ability to support virtual domains, because
> the TLS session must be setup before the requested URL is transferred.
> This means you can only have one hostname per IP-adres as soon as you
> use SSL. Wouldn't you run into the same problem when enabling virtual
> domain support on cyrus?
I think you are confusing virtual domain support with apache virtual hosts
style support. Virtual domain support (as I understand it) is just
supposed to be the ability to maintain mailboxes seperated for each of a
bunch of domains.
In this case, the SSL negotiations are handled between the client and the
server before any authentication happens. The only time this would matter
to you is if you want your imap server to have different names, which has
absolutely no bearing on the actual functionality of the virtual domain
support. In that case, you could probably (through command line options
specified in the cyrus.conf) specify different instances of imapd on each
interface with different imapd.confs with seperate ssl configs.
The only reason this matters is if you want each client to connect to
imap.theirdomain.com (or some such) for imap/pop access, and additionally
setup SSL for each one individually. Why anyone would do this over just
having one imap access point is beyond me. In my reluctant experience, it
just raises maintenance and support overhead.
-peace
--
Let he who is without clue kiss my ass
