The conflict is between the frontend and backend needs:
1. Courier and the auth systems need "[EMAIL PROTECTED]" to properly identify the account.
2. For both usability *and security*, the end user needs to be able to enter a username of "user" and still have the account identified correctly.
Elaborate, please. I don't see how users entering their username sans domain is a security feature.
The solution is in the middleware:
-The IMAP, POP, and Webmail servers could include functionality such that, if a user submits the username "user" to the server name "domain.com", the username is submitted to the authsystem, and subsequently Courier, as "[EMAIL PROTECTED]".
A fine idea, if Courier had any idea what domain those users were connecting to. None of the SMTP, POP, or IMAP protocols include a domain handshake.
As an example, SquirrelMail currently has at least one plugin available that will add this functionality, allowing the user to enter a username of "user", but submitting the username into the system as "[EMAIL PROTECTED]" based on the domain through which the user is accessing.
HTTP has a domain handshake. When you request a page, it usually looks something like:
GET /index.html HTTP/1.1 Host: www.example.com
That domain specification is available to php and CGI programs that run under the web server.
So, what do you say Sam? What would it take to add this functionality to the IMAP, POP, and SqWebMail servers?
SqWebMail could do it, but IMAP and POP would require a protocol re-write. Good luck. :)
------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
