Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 20 May 2005 07:51:39 -0700
From:      "greg@grokking.org" <greg@grokking.org>
To:        freebsd-questions@freebsd.org
Subject:   Re: Cyrus IMAP from Ports in 5.X?
Message-ID:  <428DF97B.2000000@grokking.org>
In-Reply-To: <20050519201246.T23338@zoraida.natserv.net>
References:  <20050517220403.T96779@zoraida.natserv.net> <428AAAA8.6060805@grokking.org><428B48F4.1060308@grokking.org> <428C9D10.7020508@grokking.org> <20050519201246.T23338@zoraida.natserv.net>

next in thread | previous in thread | raw e-mail | index | archive | help

> Do I need to create users from cyardm or from saslpasswd2?


saslpasswd2. Recall that sasl2 is a system-wide authentication framework
-- a one-stop shop for controlling access to cyrus-imapd and your MTA,
or any other daemon designed to use this framework. It is conceivable
that you would want an account in sasl2 but not in cyrus-imapd (for an
MTA-MTA authentication requirement, for instance). Cyradm is just a
mailbox creation/administration tool that looks to sasl2 for security
account information.


> 
> 
>> http://acs-wiki.andrew.cmu.edu/twiki/bin/view/Cyrus/
> 
> 
> Looking at it...
> 
> Also do I need "loginrealms" for using virtdomains?

I believe "loginrealms" is just the term used by the cmu folks but is
pretty much analogous to virtdomains as we're using the term here. By
default, the saslpasswd2 utility will append the server's hostname
UNLESS you specify that you want the namespace separate for a particular
user account either using the command line switch and specifying a
"loginrealm" or just adding @domainname after the userid portion.

As a side note, this default scheme can lead to some surprises should
you ever decide to change the hostname of the system. It will break auth
for non-vhosted users because they will no longer be considered "local".
You'll either have to start using the fully qualified form of the login
(userid@old_hostname_of_system) or delete and re-create those accounts
taking the automatic new hostname, or specify something else explicitly.

Also, while you're adding accounts to sasl2 don't forget to use the
sasldblistusers2 utility so you can verify that the accounts have been
added and what ends up appearing in their "loginrealms" position after
the '@'. It may also be worthwhile to poke around in
/usr/local/cyrus/bin to see these tools and the others (like squatter
for building search indexes) included with the cyrus package.

G



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?428DF97B.2000000>