sysadmin/linux/mini-howto-cyrus_imapd_v1-pam-kerberosV.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</title>
<link rev="made" href="mailto:root@localhost" />
</head>

<body style="background-color: white">

<p><a name="__index__"></a></p>
<!-- INDEX BEGIN -->

<ul>

        <ul>

                <li><a href="#cyrus_imapd_v1_+_pam_+_kerberos_v_minihowto">Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</a></li>
                <ul>

                        <li><a href="#description">Description</a></li>
                        <ul>

                                <li><a href="#install_cyrus_imapd">install cyrus imapd</a></li>
                                <li><a href="#create_imapd_wrapper_(needed_for_kerberos_v)">create imapd wrapper (needed for kerberos V)</a></li>
                                <li><a href="#link_pwcheck_to_pwcheck_pam">link pwcheck to pwcheck_pam</a></li>
                                <li><a href="#configure_/etc/pam.d/cyrus">configure /etc/pam.d/cyrus</a></li>
                                <li><a href="#create_kerberos_imap_service_key">create kerberos imap service key</a></li>
                        </ul>

                        <li><a href="#requirements">Requirements</a></li>
                        <li><a href="#resources">Resources</a></li>
                        <li><a href="#todo">ToDo</a></li>
                        <li><a href="#authors">Authors</a></li>
                        <li><a href="#last_changes">last changes</a></li>
                </ul>

        </ul>

</ul>
<!-- INDEX END -->

<hr />
<p>
</p>
<h2><a name="cyrus_imapd_v1_+_pam_+_kerberos_v_minihowto">Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</a></h2>
<p>
</p>
<h3><a name="description">Description</a></h3>
<pre>
  Install and configure Cyrus Imapd v1 with PAM and Kerberos V support
    (debian way...)</pre>
<p>
</p>
<h4><a name="install_cyrus_imapd">install cyrus imapd</a></h4>
<pre>
  Be sure, your deb sources contains kerberosized cyrus packages!
  Turbo Fredriksson has good ones:
    deb <a href="ftp://ftp.bayour.com/pub/debian">ftp://ftp.bayour.com/pub/debian</a> local .
    deb-src <a href="ftp://ftp.bayour.com/pub/debian">ftp://ftp.bayour.com/pub/debian</a> local .</pre>
<pre>
  apt-get install cyrus-common cyrus-imapd cyrus-admin</pre>
<p></p>
<p>
</p>
<h4><a name="create_imapd_wrapper_(needed_for_kerberos_v)">create imapd wrapper (needed for kerberos V)</a></h4>
<pre>
  mv /usr/sbin/imapd /usr/sbin/imapd.real
  
  nano /usr/sbin/imapd:
       #!/bin/sh
      KRB5_KTNAME=/etc/krb5.keytab.cyrus
      export KRB5_KTNAME
      exec /usr/sbin/imapd.real $@
      
  chmod a+x /usr/sbin/imapd</pre>
<p>
</p>
<h4><a name="link_pwcheck_to_pwcheck_pam">link pwcheck to pwcheck_pam</a></h4>
<pre>
  rm /etc/alternatives/pwcheck
  
  ln -s /usr/sbin/pwcheck_pam /etc/alternatives/pwcheck</pre>
<p>
</p>
<h4><a name="configure_/etc/pam.d/cyrus">configure /etc/pam.d/cyrus</a></h4>
<pre>
  nano /etc/pam.d/cyrus
     auth    required        pam_krb5.so
     account required        pam_ldap.so</pre>
<p></p>
<p>
</p>
<h4><a name="create_kerberos_imap_service_key">create kerberos imap service key</a></h4>
<pre>
  kadmin.local -q &quot;addprinc -randkey imap/&lt;FQDN&gt;@&lt;YOUR KERBEROS REALM&gt;&quot;
  kadmin.local -q &quot;addprinc -randkey pop/&lt;FQDN&gt;@&lt;YOUR KERBEROS REALM&gt;&quot; 
  kadmin.local -q &quot;ktadd -k /etc/krb5.keytab.cyrus imap/&lt;FQDN&gt;&quot;
  kadmin.local -q &quot;ktadd -k /etc/krb5.keytab.cyrus pop/&lt;FQDN&gt;&quot;
  chown cyrus /etc/krb5.keytab.cyrus</pre>
<p>
</p>
<h3><a name="requirements">Requirements</a></h3>
<pre>
  - Cyrus Imapd v1
  - libpam-krb5
  - Kerberos V</pre>
<p>
</p>
<h3><a name="resources">Resources</a></h3>
<dl>
<dt><strong><a name="item_cyrus_imap_server">Cyrus IMAP Server</a></strong><br />
</dt>
<dd>
<pre>
  - <a href="http://asg.web.cmu.edu/cyrus/imapd/">http://asg.web.cmu.edu/cyrus/imapd/</a></pre>
</dd>
<dt><strong><a name="item_openldap%2c_openssl%2c_sasl_and_kerberosv_howto">OpenLDAP, OpenSSL, SASL and KerberosV HOWTO</a></strong><br />
</dt>
<dd>
<pre>
  - <a href="http://www.bayour.com/LDAPv3-HOWTO.html">http://www.bayour.com/LDAPv3-HOWTO.html</a></pre>
</dd>
</dl>
<p>
</p>
<h3><a name="todo">ToDo</a></h3>
<pre>
  o MORE docu !!
  o write more about Kerberos V
  o write more about Cyrus SASL
  o docu installation for other distribution than Debian
  o check out Cyrus Imapd v2 and SASL v2 more and write howto</pre>
<p>
</p>
<h3><a name="authors">Authors</a></h3>
<pre>
  Sebastian Utz seut@tunemedia.de</pre>
<p>
</p>
<h3><a name="last_changes">last changes</a></h3>
<pre>
  Jan 25 2003 05:53:00
    + create new</pre>

</body>

</html>
1	jonen	1.1	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
2			<html xmlns="http://www.w3.org/1999/xhtml">
3			<head>
4			<title>Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</title>
5			<link rev="made" href="mailto:root@localhost" />
6			</head>
7
8			<body style="background-color: white">
9
10			<p><a name="__index__"></a></p>
11			<!-- INDEX BEGIN -->
12
13			<ul>
14
15			<ul>
16
17			<li><a href="#cyrus_imapd_v1_+_pam_+_kerberos_v_minihowto">Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</a></li>
18			<ul>
19
20			<li><a href="#description">Description</a></li>
21			<ul>
22
23			<li><a href="#install_cyrus_imapd">install cyrus imapd</a></li>
24			<li><a href="#create_imapd_wrapper_(needed_for_kerberos_v)">create imapd wrapper (needed for kerberos V)</a></li>
25			<li><a href="#link_pwcheck_to_pwcheck_pam">link pwcheck to pwcheck_pam</a></li>
26			<li><a href="#configure_/etc/pam.d/cyrus">configure /etc/pam.d/cyrus</a></li>
27			<li><a href="#create_kerberos_imap_service_key">create kerberos imap service key</a></li>
28			</ul>
29
30			<li><a href="#requirements">Requirements</a></li>
31			<li><a href="#resources">Resources</a></li>
32			<li><a href="#todo">ToDo</a></li>
33			<li><a href="#authors">Authors</a></li>
34			<li><a href="#last_changes">last changes</a></li>
35			</ul>
36
37			</ul>
38
39			</ul>
40			<!-- INDEX END -->
41
42			<hr />
43			<p>
44			</p>
45			<h2><a name="cyrus_imapd_v1_+_pam_+_kerberos_v_minihowto">Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</a></h2>
46			<p>
47			</p>
48			<h3><a name="description">Description</a></h3>
49			<pre>
50			Install and configure Cyrus Imapd v1 with PAM and Kerberos V support
51			(debian way...)</pre>
52			<p>
53			</p>
54			<h4><a name="install_cyrus_imapd">install cyrus imapd</a></h4>
55			<pre>
56			Be sure, your deb sources contains kerberosized cyrus packages!
57			Turbo Fredriksson has good ones:
58			deb <a href="ftp://ftp.bayour.com/pub/debian">ftp://ftp.bayour.com/pub/debian</a> local .
59			deb-src <a href="ftp://ftp.bayour.com/pub/debian">ftp://ftp.bayour.com/pub/debian</a> local .</pre>
60			<pre>
61			apt-get install cyrus-common cyrus-imapd cyrus-admin</pre>
62			<p></p>
63			<p>
64			</p>
65			<h4><a name="create_imapd_wrapper_(needed_for_kerberos_v)">create imapd wrapper (needed for kerberos V)</a></h4>
66			<pre>
67			mv /usr/sbin/imapd /usr/sbin/imapd.real
68
69			nano /usr/sbin/imapd:
70			#!/bin/sh
71			KRB5_KTNAME=/etc/krb5.keytab.cyrus
72			export KRB5_KTNAME
73			exec /usr/sbin/imapd.real $@
74
75			chmod a+x /usr/sbin/imapd</pre>
76			<p>
77			</p>
78			<h4><a name="link_pwcheck_to_pwcheck_pam">link pwcheck to pwcheck_pam</a></h4>
79			<pre>
80			rm /etc/alternatives/pwcheck
81
82			ln -s /usr/sbin/pwcheck_pam /etc/alternatives/pwcheck</pre>
83			<p>
84			</p>
85			<h4><a name="configure_/etc/pam.d/cyrus">configure /etc/pam.d/cyrus</a></h4>
86			<pre>
87			nano /etc/pam.d/cyrus
88			auth required pam_krb5.so
89			account required pam_ldap.so</pre>
90			<p></p>
91			<p>
92			</p>
93			<h4><a name="create_kerberos_imap_service_key">create kerberos imap service key</a></h4>
94			<pre>
95			kadmin.local -q "addprinc -randkey imap/<FQDN>@<YOUR KERBEROS REALM>"
96			kadmin.local -q "addprinc -randkey pop/<FQDN>@<YOUR KERBEROS REALM>"
97			kadmin.local -q "ktadd -k /etc/krb5.keytab.cyrus imap/<FQDN>"
98			kadmin.local -q "ktadd -k /etc/krb5.keytab.cyrus pop/<FQDN>"
99			chown cyrus /etc/krb5.keytab.cyrus</pre>
100			<p>
101			</p>
102			<h3><a name="requirements">Requirements</a></h3>
103			<pre>
104			- Cyrus Imapd v1
105			- libpam-krb5
106			- Kerberos V</pre>
107			<p>
108			</p>
109			<h3><a name="resources">Resources</a></h3>
110			<dl>
111			<dt><strong><a name="item_cyrus_imap_server">Cyrus IMAP Server</a></strong><br />
112			</dt>
113			<dd>
114			<pre>
115			- <a href="http://asg.web.cmu.edu/cyrus/imapd/">http://asg.web.cmu.edu/cyrus/imapd/</a></pre>
116			</dd>
117			<dt><strong><a name="item_openldap%2c_openssl%2c_sasl_and_kerberosv_howto">OpenLDAP, OpenSSL, SASL and KerberosV HOWTO</a></strong><br />
118			</dt>
119			<dd>
120			<pre>
121			- <a href="http://www.bayour.com/LDAPv3-HOWTO.html">http://www.bayour.com/LDAPv3-HOWTO.html</a></pre>
122			</dd>
123			</dl>
124			<p>
125			</p>
126			<h3><a name="todo">ToDo</a></h3>
127			<pre>
128			o MORE docu !!
129			o write more about Kerberos V
130			o write more about Cyrus SASL
131			o docu installation for other distribution than Debian
132			o check out Cyrus Imapd v2 and SASL v2 more and write howto</pre>
133			<p>
134			</p>
135			<h3><a name="authors">Authors</a></h3>
136			<pre>
137			Sebastian Utz seut@tunemedia.de</pre>
138			<p>
139			</p>
140			<h3><a name="last_changes">last changes</a></h3>
141			<pre>
142			Jan 25 2003 05:53:00
143			+ create new</pre>
144
145			</body>
146
147			</html>
MailToCvsAdmin">MailToCvsAdmin	ViewVC Help
Powered by ViewVC 1.1.26