[Kolab-devel] more about loginrealms option

Alain Spineux aspineux at gmail.com
Tue Nov 13 16:51:22 CET 2007 

On Nov 13, 2007 3:51 PM, Bernhard Reiter <bernhard at intevation.de> wrote:
> On Thursday 08 November 2007 18:23, Alain Spineux wrote:
> > If you set
> >
> > loginrealms: example.com, example.net
> >
> > then user from example.net will be able to authenticate, but any
> > operation on a mailbox will fail
> > because they don't have one (or access to any one).
>
> My imagination seems to fail me here. What would this be possibly for?

I dont understant your question

> Could this authentication be used for something else (e.g. because
> of the Kerberous ticket)?

Imagine you company having a lot of domains then and a centralized
authentication system.
You want to have your personal mail server for your domain and use the
centralized authentication system.

Someone from other domain could authenticate on your server !
Because authentication is : Are you how you claim to be. Then when we know
how you are we can thing about if you have the right to access this or this.

You can imaging to create a shared folder for all of your users, even
if some of them dont have a personal mailbox.

And loginsrealms looks to be a "large" (not fine grained)  filter to
exclude domain per domain.

Now of course, because of this you cannot deny a user of _your_ domain
to login on your imap server if he is registred on the centralized
one.

Did I help you !

>
> > If you set
> >
> > loginrealms: example.com
> >
> > then the same user will be rejected at authentication !
>
> Looks okay if there is no mailbox for the user.
>
>
> --
> Managing Director - Owner: www.intevation.net       (Free Software Company)
> Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
> Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
> Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
>
> _______________________________________________
> Kolab-devel mailing list
> Kolab-devel at kolab.org
> https://kolab.org/mailman/listinfo/kolab-devel
>



-- 
Alain Spineux
aspineux gmail com
May the sources be with you

More information about the devel mailing list