On Fri, Sep 18, 2009 at 06:06:52PM -0500, Scott Lambert wrote:
> On Fri, Sep 18, 2009 at 11:24:08PM +1000, Bron Gondwana wrote:
> > On Fri, Sep 18, 2009 at 03:43:20PM +0300, Evgeniy Arbatov wrote:
> > > Hello,
> > >
> > > A question: I want users authenticating with two different usernames
> > > to Cyrus IMAP to be able to access the same mailbox.
> > >
> > > For example, I wish this to be the case ("login name" -> "mailbox"):
> > >
> > > username -> user/firstname.lastname@domain
> > > firstname.lastname@domain -> user/firstname.lastname@domain
> > >
> > > What would be the way to proceed?
> >
> > Well - we just put an nginx proxy in front, and have the authentication
> > daemon return the "correct" username to pass to the backend, regardless
> > of the username used. That's one option.
> >
> > What's the use case anyway? You can use aliases for delivery, why does
> > the one user need two different usernames?
>
> I don't know about the original poster but the ISP I work for has been
> doing e-mail with sendmail and IMAP-UW.
>
> All usernames are of the form username@maindomain, only they don't use
> @maindomain.
>
> Customer domain users use mailboxes of the form
> domainSpecificPrefixOf2or3characters_localpart for
> localpart@customerdomain.
>
> virtusertable:
> localpart@xxxxxxxxxxxxxxxxxx cd_localpart
>
> We would like to get those users out of the maindomain and have them
> switch to using mailboxes of localpart@xxxxxxxxxxxxxxxxxx and be able
> to login as localpart@xxxxxxxxxxxxxxxxxx but have compatibility with
> the old way of loging in as cd_localpart as well, at least during the
> transition period.
That's almost exactly what we did at FastMail - though the other way around.
We still have old mailboxes with the old names, but everyone has to log in
as username@domain now.
Nginx supports sending an arbitrary username to the backend. The
authentication protocol is basically HTTP (username and password sent as
headers in the request and result as headers in the response) so it's
easy to extend and support new fields, and you can write your authentication
daemon in any language pretty easily, especially if it has a HTTP library.
Bron.
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
