brad schrieb: > On Sat, 2005-10-01 at 13:25 +0200, Georg Gell wrote: > >>Hello, >> >>I have an old server with about 50 mail users, which uses cyrus imapd >>with sasl and pam_mysql. The server settings are: >>unixhierarchysep: no >>virtdomains: no >> >>On the new server, I want users to be able to log in with their email >>addresses as username, but I want to let the old users use their old >>username/password combinations. So I set >>unixhierarchysep: yes >>virtdomains: yes >>defaultdomain: servername.domainname.com >>sasl_pwcheck_method: auxprop >>sasl_sql_engine: mysql >>sasl_sql_select: SELECT password FROM accountuser WHERE username = '[EMAIL >>PROTECTED]' >>... >> >>This works well. But I want to migrate the old account to the new >>machine. As I understand the docs, this should work, because username >>without realm are used with defaultdomain as result. But this doesn't >>happen for sasl authentication. >> >>Let's say I have user georg with password georgpass on the old server. I >>thought on the new server, I would leave the mailbox on cyrus like >>user/georg, and for auth in the mysql database I would just add to each >>username the @servername.domainname.com, so that if the default domain >>is added to the username we should be able to log in. >> >>But something else happens (trying to use the pop server): >>If I log in from a remote computer, reading the debug log, I see that >>the user is being tested with domainname.com as realm (username: >>[EMAIL PROTECTED]). >>But if I log in from localhost, no realm is added(username: georg). >> >>What I don't understand after spending much time reading the docs is this: >>Who adds the realm, imapd or sasl? And why are they different depending >>on the location from where I try to log in? And whatever adds the realm, >>how is it decided what to use? And finally, how can I change it? >> >>Thanks in advance! >> >>Best regards >> >>Georg > > > With virtdomains turned on then cyrus will use the domain sent with the > username if the user logs in fully qualified. Otherwise cyrus does a > reverse lookup on the IP that the user logged in on uses the domain from > that lookup as the user's domain. The lookup can be either from DNS or > hosts file or any other means. > > Hope that helps, > Thanks for the quick reply. Sadly this is not true on my system. trying imtest: moritz> imtest -a georg localhost (on moritz.have2.com) ebug.log: Oct 3 15:46:21 [imap] sql plugin doing query SELECT password FROM accountuser WHERE username = '[EMAIL PROTECTED]';_ moritz.have2.com is the fqdn of my sever.
moritz> imtest -a georg moritz.have2.com (on moritz.have2.com) Oct 3 15:49:23 [imap] sql plugin doing query SELECT password FROM accountuser WHERE username = '[EMAIL PROTECTED]';_ notebook> imtest -a georg moritz.have2.com (from home dial up) Oct 3 15:49:23 [imap] sql plugin doing query SELECT password FROM accountuser WHERE username = '[EMAIL PROTECTED]';_ Where does the realm part come from? If I connect to localhost, it uses the server's fqdn (which is also the defaultdomain in my imapd.conf), that's what I'd expect. If I connect from the same machine to the external IP, I have have2.com as realm. Why? And even worse from my dial-up ip (reverse lookup looks like dial-up-XXX.highway.telekom.at), I have also have2.com as realm. So the realm cannot be related to the ip of the logged in user, or am I missing something? Regards Georg ---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html