------------------------------------------------------------------------There is still another way. But it's a feature request. (I don't know if this functionality has been requested before.)
Subject: Re: [courier-users] RE: distinct namespace with userdb ? From: Carlos Paz <[EMAIL PROTECTED]> Date: Fri, 07 Nov 2003 10:37:47 -0500 To: [EMAIL PROTECTED]
Julian Mehnle wrote:
[EMAIL PROTECTED] wrote:There is another way. It would be asigning one ip for each domain, then apply a patch to make the authentication backend aware of the default domain based on the ip the connections are made to.
I'm using courier (excellent!) IMAP in a multiple virtual domain environment. I'm using /etc/userdb for authentication. My problem is I can't have a user [EMAIL PROTECTED] and [EMAIL PROTECTED] with my current understanding of the userdb format. There is only a single namespace across all userdb entries. Whats the best way around this?
I've tried using full [EMAIL PROTECTED] as keys to userdb, and that works,
but means I would need to tell my users to login with usernames of
'[EMAIL PROTECTED]' and '[EMAIL PROTECTED]' instead of just 'paul'.
This is the way to go.
Is this the only solution I am likely to find, apart from have multiple
instances of courier talking to different userdb's ?
Yes, there is no other way. How should Courier know *which* domain (and which userdb entry) a user means when he logs in using just "paul"? Courier can't magically figure out the domain the user means.
This problem is not specific to the userdb authentication backend, but applies to all other auth backends as well.
This way, you can have [EMAIL PROTECTED] and [EMAIL PROTECTED], each one of them login in as john, but then you'll need to tell them to set their mail services to be at mail.domain1.com and mail.domain2.com or something like that.
I had to make this to migrate from another system that provided that feature, but if I could, I would make my users to change their setup to their full email address.
Randy Lewis made a public patch based on this idea, i think you can find it on the archives from january-february of 2002.
The conflict is between the frontend and backend needs:
1. Courier and the auth systems need "[EMAIL PROTECTED]" to properly identify the account.
2. For both usability *and security*, the end user needs to be able to enter a username of "user" and still have the account identified correctly.
The solution is in the middleware:
-The IMAP, POP, and Webmail servers could include functionality such that, if a user submits the username "user" to the server name "domain.com", the username is submitted to the authsystem, and subsequently Courier, as "[EMAIL PROTECTED]".
As an example, SquirrelMail currently has at least one plugin available that will add this functionality, allowing the user to enter a username of "user", but submitting the username into the system as "[EMAIL PROTECTED]" based on the domain through which the user is accessing. (Note that I haven't used this plugin yet, so I can't vouch for how well it works.)
If the IMAP, POP, and SqWebMail servers included this functionality, it would meet the needs of both the frontend and backend, increasing usability *and security*.
So, what do you say Sam? What would it take to add this functionality to the IMAP, POP, and SqWebMail servers?
-Jerome
-- Jerome Bullert [EMAIL PROTECTED] -----------------------------
------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
