We're currently using a "cascading" authentication mechanism to preserve compatibility with legacy users. The system works like this..
[EMAIL PROTECTED] [EMAIL PROTECTED] (where both usernames are the same) The user can log in with either their fully qualified address, or as just the short username. If the short username is used, the database looks up the account by matching "[EMAIL PROTECTED]" with the password. I realize that this is a security concern, but we haven't had an issue and it keeps the customers happy. I've been looking at Cyrus as a possible migration path from our current setup, which uses a maildir/NFS backend that has caused me endless grief. Is there any way to accomplish this kind of lookup in Cyrus? I think I'd need a way for SASL to tell Cyrus the real mailbox name (the fully qualified address) after a successful auth, instead of just telling Cyrus that the auth was successful (sort of how Courier's authdaemon does it). Also, has there been any work on storing quotas in an external database? -- Steve Kondik <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part
