[Web-cyradm] Added EXPERIMENTAL support for

[cheeto at shaolinux.org]

Hi John,
  I wrote the original patch for the username=emailaddress (FQUN) support
in 2004 that xerxes uses.  I haven't looked in svn to see what they are
using but I have been using FQUN for the last 3 years with web-cyradm so
I believe what I'm saying here should be correct.

  First off the cyrus username should not be fully qualified, that just
makes no sense, it is the cyrus administrator not an email address.  In
the accountuser table the cyrus user should have 'cyrus' as the user
name, a password configured and NO REALM.

At the same time, the sql statement for authentication should be as such:

sasl_sql_statement: select password from accountuser where
username='%u@%r' or (username='%u' and domain_name='')

The cyrus user should never have a realm as that will cause it to only be
able to admin that realm.

For more information on FQUN do a search for FQUN on the mailing list
archives for 2004 and 2005.

>>> > I've changed cyrus admin name in DB from name to name at realm:
>>> > UPDATE accountuser SET username='cyrus at mail.dom.prv' WHERE
>>> username='cyrus'
>> I do not think this step is correct.  I think the user needs to remain
>> cyrus in order to have admin rights.
>
> Sorry, no I retract the above, but the below is still correct, I think.
>
>> I think virtdomains needs to be userid, otherwise it is impossible to
>> log in as cyrus (i.e. you end up logining in as cyrus at example.com or
>> cyrus at localdomain, which does not have the authority the cyrus user
>> has).
>
> I will publish a summary of all this to the list if interested.
>
> --
> Sincerely,
> John Thomas
> _______________________________________________
> This mailing list is hosted and supported
> by bit-heads GmbH | http://www.bit-heads.ch
>
> _______________________________________________
> Web-cyradm mailing list
> Web-cyradm at web-cyradm.org
> http://www.web-cyradm.org/mailman/listinfo/web-cyradm
>