From owner-freebsd-questions@FreeBSD.ORG Fri May 20 14:51:54 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 45AB816A4CE for ; Fri, 20 May 2005 14:51:54 +0000 (GMT) Received: from herbert.sohotech.ca (herbert.sohotech.ca [206.116.63.239]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0305B43D95 for ; Fri, 20 May 2005 14:51:53 +0000 (GMT) (envelope-from greg@grokking.org) Received: from localhost (unknown [127.0.0.1]) by herbert.sohotech.ca (Postfix) with ESMTP id 2D25617D424 for ; Fri, 20 May 2005 07:51:52 -0700 (PDT) Received: from herbert.sohotech.ca ([127.0.0.1]) by localhost (herbert.sohotech.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08678-06 for ; Fri, 20 May 2005 07:51:39 -0700 (PDT) Received: from [192.168.1.6] (chomsky.sohotech.ca [192.168.1.6]) by herbert.sohotech.ca (Postfix) with ESMTP id A704B17D41D for ; Fri, 20 May 2005 07:51:39 -0700 (PDT) Message-ID: <428DF97B.2000000@grokking.org> Date: Fri, 20 May 2005 07:51:39 -0700 From: "greg@grokking.org" User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050513) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <20050517220403.T96779@zoraida.natserv.net> <428AAAA8.6060805@grokking.org><428B48F4.1060308@grokking.org> <428C9D10.7020508@grokking.org> <20050519201246.T23338@zoraida.natserv.net> In-Reply-To: <20050519201246.T23338@zoraida.natserv.net> X-Enigmail-Version: 0.90.2.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at sohotech.ca Subject: Re: Cyrus IMAP from Ports in 5.X? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 May 2005 14:51:54 -0000 > Do I need to create users from cyardm or from saslpasswd2? saslpasswd2. Recall that sasl2 is a system-wide authentication framework -- a one-stop shop for controlling access to cyrus-imapd and your MTA, or any other daemon designed to use this framework. It is conceivable that you would want an account in sasl2 but not in cyrus-imapd (for an MTA-MTA authentication requirement, for instance). Cyradm is just a mailbox creation/administration tool that looks to sasl2 for security account information. > > >> http://acs-wiki.andrew.cmu.edu/twiki/bin/view/Cyrus/ > > > Looking at it... > > Also do I need "loginrealms" for using virtdomains? I believe "loginrealms" is just the term used by the cmu folks but is pretty much analogous to virtdomains as we're using the term here. By default, the saslpasswd2 utility will append the server's hostname UNLESS you specify that you want the namespace separate for a particular user account either using the command line switch and specifying a "loginrealm" or just adding @domainname after the userid portion. As a side note, this default scheme can lead to some surprises should you ever decide to change the hostname of the system. It will break auth for non-vhosted users because they will no longer be considered "local". You'll either have to start using the fully qualified form of the login (userid@old_hostname_of_system) or delete and re-create those accounts taking the automatic new hostname, or specify something else explicitly. Also, while you're adding accounts to sasl2 don't forget to use the sasldblistusers2 utility so you can verify that the accounts have been added and what ends up appearing in their "loginrealms" position after the '@'. It may also be worthwhile to poke around in /usr/local/cyrus/bin to see these tools and the others (like squatter for building search indexes) included with the cyrus package. G