Hi folks,
Ok, Igor, Ken, you both must be growing to hate me, but I'm starting to understand the present need for the defaultdomain paramater. I'm sorry :-)
I have a question. Lets say I have a realm "example.com" and I have the
defaultdomain paramater set to "example.com", and I also have "domain.com" and "otherdomain.com" on the system. Now, lets say I have "cyrus" users in each of those realms, and lets say I have the "admins" paramater set to "cyrus". Will the "cyrus" user from any of those domains be able to administrate the system, or will it just be the one from the default domain?
It should be only the unqualified cyrus user specified in the admins line which can administrate the system. How the login of this unqualified userid looks like is determined by defaultdomain setting and by reverse-dns or servername. Try it out. All others are normal mailboxes [EMAIL PROTECTED] without any admin rights.
I'm starting to think that maybe there should be two different paramaters, "admins" (analogous to domain admins) and "globaladmins" (global admins) to allow more explicit declaration of who has which rights.
Why ? You can simply specifiy userids in the admins line. Unqualified userids are global admins and fully-qualified userids only have admin rights in theire domain. I do not know if "[EMAIL PROTECTED]" also is a global admin...logging in as "[EMAIL PROTECTED]" will lead to "defaultdomain" getting stripped, I think, so that "[EMAIL PROTECTED]" in the admins line will not work with defaultdomain beeing set to "defaultdomain" but I did not test that.
-- Christian
