On Tue, 2004-02-03 at 23:12, Brian J. Murrell wrote: > On Tue, 2004-02-03 at 04:11, Andrew Bartlett wrote: > > The problem is, for a plaintext login, the IMAP server is almost > > certainly just copying the username internally, so there is almost > > nothing we can do about it. > > i.e. you mean cyrus imap will just copy and use whatever the user types > in?
I don't know for sure, but that is how I would expect it to work. > That is fine. I don't mind telling all of the users that they _must_ > log in with lowercase letters now, no using caps. They will then have > all lowercase imap mailboxes and cyrus will force delivery into > lowercase mailboxes. > > But the problem then is that when the PDC returns usernames in the > format "Firstname" (first letter capped), and they log in with > "firstname", there is no matching account. There is a matching account, but not a matching IMAP folder. I'm assuming this is what you mean anyway... > If I could instruct > winbind(d?) to simply fold the uppercase letters into lowercase, then > there is an account that matches what the user typed and will work for > authentication because NT is case insensitive. Samba will answer to any username, and will return the user-name *either* per the NT database, or as the user sent it (depending on the backend). I would accept a patch that made samba 'forced' to lower case. (It would lowercase all output, and force all input to be in lower case). > It seems to be that the simplest fix is to ask winbind to force the caps > into lowercase before giving the info to PAM. Samba never gives information to PAM, only 'yes/no' on the password. It does return information to nss_ldap however. > > For NTLMSSP based logins (see my patch to cyrus-sasl back in Janurary) I > > handle this stuff, because we can return the username. > > Interesting. I will take a look. But this problem is more general than > just cyrus imap and having winbind fold the uppercase letters into > lowercase letters seems like a nice general solution, no? In some ways it is, but the main issue is in what users enter in logon boxes... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
