Derrick J Brashear wrote:
Exchange keys between realms and install only the correct service key on the imap server? I'm not sure why you'd want to use more than one service key for the server. If you did, well, perhaps the right answer is 2 IP addresses, one master running on each, with different config files, but using the same mail backend (or a murder setup with multiple frontends); But all of these are really far more complicated than just doing key exchange between realms and putting all the mailboxes in one realm; more recent cyrus' murder features are actually being used by cmu to have 2 realms (actually 3, but the 3rd is a test realm) with a common mailbox namespace behind it. but, even that may be more complex than you need or want. I'm not sure.
I really don't want to complicate things, I've learned that lesson a long time ago.
What would you advise me to do in my future setup?
I will definitely have two ADS domains, packed with users. They will all use OE and I can and will setup two VirtualDomains on the IMAP. The part that warries me is authentication. Will they be willing to talk to the IMAP server from another Kerberos realm?
That is the only reason why I am investigating multiple kerberos realms on one IMAP server.
TYIA, Nix. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
