Awhile back, I seem to recall someone (Amos Gouaux I believe) commenting about one of the limitations of the LDAP patch to the SASL library was that it didn't support realms. This is now becoming an issue for me, since I am supporting multiple domains and since there is the potential for userid collisions. I am wondering if anyone has found away to work around this. From what I can read in the source of the SASL code, it looks like the realm, if not specified, gets set to the hostname of the machine.
In reading through the archives, it appears there were a number of requests to add a configurable realm option to imapd.conf, which apparently have never amounted to anything (see the thread http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&searchterm=realm&msg=5575). In looking through the Cyrus IMAPd code, it also appears that realm support is largely, if not wholly, dependent on kerberos. I know that the whole concept of realms stems from its usage in a kerberos environment but I think it makes equal sense when dealing with hosting multiple domains and using a different authentication method. So, where would be the proper place to address this? Should the sasl-ldap patch be modified to set the realm based on which address was connected to? Or should imapd.conf be extended so that it supports a sasl_realm option? Or doesn't this make sense at all in a non-kerberos environment? Thanks, Kevin -- Kevin M. Myer Systems Administrator Lancaster-Lebanon Intermediate Unit 13 (717)-560-6140
