Hi all, I use cyrus-imapd-2.3.x. User authentication happens via saslauthd, which in turn uses PAM. The PAM configuration includes a complicated stack of modules including LDAP, UNIX password files, access control lists etc. In general this setups works fine.
Up to now all user-ids have the form "username". Now there are some new user accounts with user-ids like "usern...@project1". These user accounts are stored in the LDAP backend (which is transparent to the IMAP server). Authenticating these users by using PAM-test-tools works fine. Cyrus IMAP Server uses saslauthd. With the default configuration, saslauthd splits the given user-id into "username" and realm "project1". To disable this, I run saslauthd with "-r", so the username which is sent to PAM is really "usern...@project1", which in turn causes user authentication to work again. But when I try to login to Cyrus IMAP Server using "usern...@project1", I get error messages like "authentication failure: cross-realm login usern...@project1 denied". I think I understand the problem - I should configure "project1" as a valid "loginrealm" in /etc/imapd.conf. But I don't want this, because I don't want to modify the IMAP server configuration for each new "project X". Is there a way to tell Cyrus IMAP Server to completely skip its "realm logic", and to treat usernames containing an "@" just like any other normal username, which includes assuming the "default realm"? Thanks in advance! -stefan- ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
