virtdomains=ipaddr (or something)
here we need to teach server the ip->domain mapping. reverse dns? most likely. server accepts & authenticates usernames without @domain on appropriate interfaces (ip adresses) and it searches for username only in the domain the ip adress the user is coming from belongs. [EMAIL PROTECTED] usernames should be rejected IMHO. global admin should be specified without the @domain and authenticated on any ip address. per domain admin users should be specified with @domain and should only authenticate when coming to the right ip address.
So, you're suggesting that admins always use fully qualified userids? This would work, but it requires that an unqualified userid be checked to see if its an admin before appending the domain from the ip address. This is probably the easiest way to handle the global admin without enforcing a default domain and also allows something like:
admins: cyrus [EMAIL PROTECTED] [EMAIL PROTECTED]
Is there a problem if *any* user is allowed to use a fully qualified userid in an ipaddr config?
-- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp