[prev in list] [next in list] [prev in thread] [next in thread] 

List:       info-cyrus
Subject:    Re: Cannot get loginrealms to work with 2.0.16
From:       Michael Fair <michael () daclubhouse ! net>
Date:       2002-09-16 20:53:48
[Download RAW message or body]

You didn't provide us enough information as to
which strings exactly you are trying to 
authenticate with and do your domains include
"." in them and if so do you have unixheirsep
turned on so that "." is allowed in names.

A properly configured environment would:
A) Have unixheirsep turned on
B) Each user mailbox would be created with
     cm user/user@domain.dom
C) saslpasswd would have been run as:
     saslpasswd -u domain.dom -c user
D) The user would type their username as:
     user@domain.dom

If you do not have "." in the domain names
then strip ".dom" from the above examples
and the unixheirsep is optional.

It's possible that what might be happening
is your IMAP users are authenticating just
fine, but they have no "INBOX" so it looks
like SASL isn't authenticating.  What do you
see in your logs?

-- Michael --

----- Original Message ----- 
From: "Christian Schulte" <cs@schulte.it>
To: <info-cyrus@lists.andrew.cmu.edu>
Sent: Monday, September 16, 2002 12:24 PM
Subject: Cannot get loginrealms to work with 2.0.16


> Hi,
> 
> if I place a line into imapd.conf which looks like:
> 
> loginrealms:    domain1 domain2 domain3
> 
> and have users created in my sasldb-file like
> 
> user1@domain1
> user2@domain2
> user3@domain3
> 
> where domain1 is the local machines' realm, I can only login with 
> user1@domain1 but not with user2 and user3 because they are in another 
> realm. What am I making wrong ? Isn't the loginrealms directive the 
> place to make user2 and user3 be able to login also ? The sendmail 
> installation on the same host uses the same sasldb-file and 
> user2@domain2 and user3@domain3 can authenticate with sendmail and 
> sendmail works with all realms ! What am I missing here ?
> 
> 
> loginrealms: <none>
>           The list of remote realms whose users may log in  using
>           cross-realm  authentications.  Seperate each realm name
>           by a space.  (A cross-realm identity is considered  any
>           identity returned by SASL with an "@" in it.)
> 
> 
> 
[prev in list] [next in list] [prev in thread] [next in thread]