I'm attempting to upgrade an older Cyrus IMAP server (using virtual domains) from 2.1 to 2.2. The new server is running Debian Etch with the cyrus-imapd-2.2 packages (currently version 2.2.13-10). While most of the upgrade has gone relatively smoothly, I'm having problems with authentication. Previously, I was using saslauthd against an sasldb2 database. This worked well, but I would like to migrate from this to our Kerberos 5 infrastructure (multiple domains with cross-domain authentication working). Unfortunately, it appears there isn't any means to force an upper-case realm for logins. In fact, the only way I can get everything working seems to be with the following configuration: lmtp_downcase_rcpt: yes username_tolower: no loginrealms: <DOMAIN1.COM> <DOMAIN2.COM> <DOMAIN3.COM> <DOMAIN4.COM> <DOMAIN5.COM> <DOMAIN6.COM> virtdomains: userid sasl_pwcheck_method: saslauthd In this configuration, I can authenticate IF I provide a username such as my.name@xxxxxxxxxxxx However, it fails if I try to use my.name@xxxxxxxxxxxx Even worse, I have some customers using My.Name@xxxxxxxxxxx for their login. Because of this, I would like to enable the 'username_tolower' option, but this ALSO lowers the case of the realm! Any suggestions on how to get IMAP working for virtual domains against multiple Kerberos domains? Ideally, there should be an option such as 'realmname_toupper' that could be combined with 'username_tolower' to resolve the entire case issue! Does such an option exist? Is there a recommended solution? Ideas? Tony ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
