If the domain passed in the fully qualified userid matches the domain selected
from the ipaddress, then cyrus, proceeds to authenticate user using sasl. If it
is different, then authentication fails without even making a query to the
authentication mechanism.
Can you explain why this matters. Are you limited certain domains to a particular interface for security reasons? I assumed that byaddr is just a convenience for the users.
How do you propose to handle admins, especially the global admin? Jure's proposal seems to make the most sense to me at this point (admins use fully qualified userids)
-- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp