Re: Solved: Virtual users setup

Tue, 17 May 2005 16:22:51 -0700

I haven't exactly been following this topic, so forgive me if this has already been mentioned, or if I'm missing the issue, but I have 'virtdomains: userid' (versus virtdomains: yes) in my imapd.conf, and it allows multiple domains on one IP. I have 4 or 5 domains (virtual setup) on our server, and it runs just fine.

Jason



[EMAIL PROTECTED] wrote: 
Note:

My solution, described below, is only a solution for "virtual users".
I still haven't found any docs/info about configuring Cyrus for
multiple "virtual domains".

Well, I found this:
http://asg.web.cmu.edu/cyrus/download/imapd/install-virtdomains.html

But that seems to require me to have a machine with multiple IPs/NICs.

Can one configure Cyrus to handle multiple virtual domains on a machine
with just 1 IP?

Thanks,
Otis


--- [EMAIL PROTECTED] wrote:


Here is my solution (plain text password passing only.....hm):

1. /etc/imapd.conf:

  sasl_pwcheck_method: auxprop   # NOT saslauthd
  sasl_mech_list: PLAIN
  allowplaintext: yes

2. service saslauthd stop # saslauthd is not needed 

3. /etc/pam.d/imap:

#%PAM-1.0
auth       required     /lib/security/pam_stack.so
service=system-auth
#account   required     /lib/security/pam_stack.so
service=system-auth
## the account line would require a real system/UNIX account
## the auth line lets me create "virtual users"

4. create users / passwords in sasldb2:

# saslpasswd2 -c feedback
Password:
Again (for verification):

# sasldblistusers2
[EMAIL PROTECTED]: userPassword

5. test username / password:

# /usr/lib/cyrus-imapd/imtest -a feedback -w PASSWORDHERE  localhost
S: * OK localhost.localdomain Cyrus IMAP4
v2.2.6-Invoca-RPM-2.2.6-2.FC3.6 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
STARTTLS LISTEXT LIST-SUBSCRIBED X-NETSCAPES: C01 OK Completed
C: L01 LOGIN feedback {12}
S: + go ahead
C: <omitted>
S: L01 OK User logged in
Authenticated.
Security strength factor: 0
C: Q01 LOGOUT
Connection closed.



So that works without actually having "feedback" system user:

# finger feedback
finger: feedback: no such user.


Now ... this uses plain-text passwords, from what I understand.  I
assume that refers to how they are stored in /etc/sasldb2 - Oh, yes,
"strings /etc/sasldb2" shows them all very clearly! :(((

Hm, how does one go about encrypting that...

Thanks,
Otis



---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Reply via email to