The authorization realm is the target user authorization ID’s namespace.
When, for example, a user John Doe logs in with username
doe(the “authentication ID”), the original authorization realm (as specified in the original username) is
After user login name canonification – a process to translate an authentication ID in to an authorization ID – the resulting authorization ID may have become
The canonification process is important, because it will also be the authorization ID that is used to compose the mailbox path to the user’s INBOX.
Continuing our example user, the authorization ID having become
firstname.lastname@example.org result in the session using
email@example.com the INBOX.
The authorization realm at this point is one of
example.org. The user will not be able to access any mailboxes outside this authorization realm, meaning the user will be unable to access any mailboxes for which the mailbox path does not end in
The part of a Cyrus configuration which contains the data.
Canonification is the process of translating a login username in to the targeted value to use throughout the rest of the infrastructure.
Suppose, for example, a user
John Doe <firstname.lastname@example.org>has an email address of
email@example.com, and a user ID of
doe. Suppose therefore his mailbox is
firstname.lastname@example.org, and his authorization ID is
When John logs in however, he may also use one of his secondary recipient addresses, such as
This login username needs to be translated to
email@example.com order to obtain the correct INBOX, and allow applications to consistently retrieve profiles with user preferences.
- disk volume¶
- disk volumes¶
A disk volume is an entity that “can contain a filesystem”. This may be a complete disk, a set of disks, a disk partition, a logical volume, a copy-on-write snapshot, a disk image (file), a fiber-channel or iSCSI LUN, or any other such volume.
- domain name space¶
- domain name spaces¶
A domain name space is, among other things, the qualification of a recipient’s local-part. It is the domain name appended to the local part of an email address, the two of them divided by an ‘@’ character (sender specified routing notwithstanding).
Without domain name spaces, user ‘john’ would only ever know about user ‘jane’ if – pardon my French to those in the know – if both ‘john’ and ‘jane’ considered eachother local. In other words, if both ‘john’ and ‘jane’ used the same physical system environment. As you may be aware, the Internet is composed of a quite a few thousands of such system environments.
What qualifies users ‘john’ and ‘jane’ to all other users on the Internet is a name space. The name space must be globally unique (literally “globally” – but technically speaking more like “universally unique”).
The only name spaces available to Internet registrars and therefore service providers and therefore users, are called domains – they are composed of a top-level domain (name space) such as .org and .com, and a name that a service provider would allow you to register with the Internet registrar (a NIC) - each domain is therefore at least one but possible more domain name spaces.
To further illustrate, you require an Internet registrar to obtain your own domain name – unless you are an Internet registrar yourself, of course, though you still need one, but it just so happens you are one.
Once you have registered a domain name (and, contrary to popular belief, you don’t actually own it, ever) nothing prevents you from creating additional domain name spaces within the name space of that domain.
You could, for example, register
example.org, and create a domain name space of
In fact, every fully qualified domain name is a domain name space in and of its own – but it identifies on the individual system level as opposed to the environment level.
- fully qualified domain name¶
A Fully Qualified Domain Name is intended to refer to a single node (or “operating system instance”, if you will) whether it be traditionally physical or virtual, in a manner that is globally (“universally”) unique.
As such, it SHOULD be composed of at least three (3) name space segments divided by a dot (.) character – excluding the implicit top-level dot (.), even if a domain (system environment) is comprised of a single system.
The part of a Cyrus configuration which contains the components which talk to clients.
- Host Bus Adapter¶
A Host Bus Adapter is a device to connect a computer to a storage device.
- mandatory access control¶
Mandatory access control is a type of access control where a set of (static) rules controlled (centrally) by a security policy administrator describe the level of access subjects to objects. As such, no subject controls the level of access of other subjects.
- Mail Submission Agent¶
The Mail Submission Agent (MSA) (…)
- Mail Transfer Agent¶
The Mail Transfer Agent (MTA) (…)
Mean time between Failure – a statistical determination of the time between failures.
- Mail User Agent¶
The Mail User Agent (MUA) (…)
- operating system disks¶
Storage used for the operating system installation.
A partition in Cyrus IMAP (…)
- payload disks¶
Storage used for information.
- storage volume level replication¶
Please see the generic section on Redundancy.