[prev in list] [next in list] [prev in thread] [next in thread] 

List:       info-cyrus
Subject:    Re: My Take on Virtdomains so far
From:       Michael Fair <michael () daclubhouse ! net>
Date:       2002-08-24 0:38:18
[Download RAW message or body]

> > Actually, using sasldb2, it should be documented that there is, in fact,
> > no such thing as a 'global user', as all users get created with the
local
> > part attached ... this may be different using the MySQL auxprop ...
>
>
> In that case using
> admins: cyrus
>
> Has no effect because there is no user cyrus, because
> cyrus will necessarily have a domain attached to it?

I think documenting what Marc is suggesting will
only confuse people like it has Phil.

admins: cyrus
is absolutely valid in a sasdb2 environment.

What Marc is reffering to is that in a sasldb2
environment the hostname becomes the domain for
users without a specific realm specified (this
makes sense from the stand point of their domain
is limited to "this machine" but I digress).
However, this is a SASL detail and has no effect
in terms of authenticating through Cyrus.  The
system uses automagic to get the desired result.

The end result net effect of asking cyrus to
authenticate an unqualified name is the same.  So I
don't really see the value in documenting it other
than to explain what people will see when they do
a sasldblistusers.  Whether the backend stores it
as user@host or just user is irrevelant as long as
when I ask for "user" to be authenticated without
qualification the right entry is looked up.

Cyrus "does the right thing (tm)" for unqualified
admin users.  The underlying SASL storage mechanism
may require qualification, but that doesn't mean
Cyrus won't understand an unqualified user.

I know I was initially a little perplexed about
the whole "realm" thing, and trying to understand
why my hostname kept showing up in the dblistusers
results was a bit perplexing but it wasn't the
important thing because whenever I tried to login
as a user without a realm it automagically worked.

-- Michael --

[prev in list] [next in list] [prev in thread] [next in thread]