Adi Linden wrote:
>> I have another solution to solve the problem, but not sure right or not.
>> Since only user in default domain can't use domain name as their login
>> name, I changed defaultdomain to "localhost".
>> Now all other domains are treated as non-default domain.
>> Surely all users in non-default domains are able to use fqdn login id
>> (user@???) for authentication.
>>
>
>
> If you comment out defaultdomain alltogether everyone has to use a fqdn
> login. This is what I will be using.
>
>
It is working fine when login cyrus with fqdn with user id, but auth
smtp failed.
When sending email, I entered user@??? in the User name and
Password edit box in the Outgoing Server dialog box. The smtp
authentication was not successful in this case.
If I enter user id only in the Outgoin Server dialog box, the smtp auth
works fine.
Now the login id for cyrus is fqdn, login id only for out-going server
auth smtp.
I have test the login id fqdn authtentication with imtest command (with
LOGIN mech) and it works fine.
The way I create password is:
saslpasswd2 -c user@???
Since login id fqdn is failed with smtp auth, I also need to create one
more password for the user:
saslpasswd2 -c user
I dont know what is going on here.
I have test fully qualified user account login iwth imtest, and it
authenticated successfully. May be this test is same as a mail client
login to imap server.
It seems that smtp authentication doesn't allocate sasldb2 file correctly.
The smtp Exim server has the following configuration for saslauthd
authentication:
#fixed_login:
login:
driver = plaintext
public_name = LOGIN
server_prompts = UserName:: : Password::
server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}
server_set_id = $1
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
server_set_id = $2
The error in mainlog is:
login authenticator failed for ([192.168.4.235]) [192.168.4.235]: 535
Incorrect a
uthentication data (set_id=sam.wun@???)
Note, the smtp authentication only successful if the login id have the
domain part stripped.
If I remote option primary domain and qualified domain in the configure
file (that is to force authentication with fully qualified user id with
domain name), then authentication will failed because login is not using
fully qualified user ID.
Thanks
Sam