Christos Soulios wrote:
Security is one thing. More than this, my opinion is that in order cyrus to be deployed in a true multi domain environment, and thus actually be used by ISPs, admins must be able to distribute the virtual domains according to the name of the server, users are connecting to. In such a multi domain environment, users have no abillity to choose their domain by appending a @domain to their userid.
Security is a very important thing. And security to me means encryption, not only of the authentication phase but of the whole session. Now with HTTPS I know you loose the ability to support virtual domains, because the TLS session must be setup before the requested URL is transferred. This means you can only have one hostname per IP-adres as soon as you use SSL. Wouldn't you run into the same problem when enabling virtual domain support on cyrus?
I've deployed several single domain cyrus servers, but am working on my first multidomain one, with Squirrelmail via SSL on top. So the way things look now is that the machine will have only one hostname, imap.example.com, and that everyone logs in with their complete email-address as the fully qualified username, either with imaps or via https and squirrelmail.
In short: I think we should keep the ability to allow users to provide fully qualified usernames.
Regards, Paul Boven.
