On Thu, 2 Dec 2004, Nikola Milutinovic wrote:
But all of these are really far more complicated than just doing key exchange between realms and putting all the mailboxes in one realm; more recent cyrus' murder features are actually being used by cmu to have 2 realms (actually 3, but the 3rd is a test realm) with a common mailbox namespace behind it. but, even that may be more complex than you need or want. I'm not sure.
I really don't want to complicate things, I've learned that lesson a long time ago.
What would you advise me to do in my future setup?
Key exchange definitely makes things simpler. In imapd.conf, say
loginrealms: realm1 realm2 realm3 loginuseacl: t
then set acls to include e.g. [EMAIL PROTECTED] and [EMAIL PROTECTED] on the mailbox for user (assuming realm1 is local) when you create a mailbox.
that's the simplest.
I will definitely have two ADS domains, packed with users. They will all use OE and I can and will setup two VirtualDomains on the IMAP. The part that warries me is authentication. Will they be willing to talk to the IMAP server from another Kerberos realm?
My mail clients do, but I can't comment on OE.
--- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
