sysadmin/linux/mini-howto-cyrus_imapd_v1-pam-kerberosV.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</title>
<link rel="stylesheet" href="http://netfrag.org/horde/css.php?app=chora" type="text/css" />
<link rev="made" href="mailto:root@localhost" />
</head>

<body>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="block" valign="middle">
<big><strong><span class="block">&nbsp;Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</span></strong></big>
</td></tr>
</table>

<p><a name="__index__"></a></p>
<!-- INDEX BEGIN -->

<ul>

        <ul>

                <li><a href="#cyrus_imapd_v1_+_pam_+_kerberos_v_minihowto">Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</a></li>
                <ul>

                        <li><a href="#description">Description</a></li>
                        <ul>

                                <li><a href="#install_cyrus_imapd">install cyrus imapd</a></li>
                                <li><a href="#create_imapd_wrapper_(needed_for_kerberos_v)">create imapd wrapper (needed for kerberos V)</a></li>
                                <li><a href="#link_pwcheck_to_pwcheck_pam">link pwcheck to pwcheck_pam</a></li>
                                <li><a href="#configure_/etc/pam.d/cyrus">configure /etc/pam.d/cyrus</a></li>
                                <li><a href="#create_kerberos_imap_service_key">create kerberos imap service key</a></li>
                        </ul>

                        <li><a href="#requirements">Requirements</a></li>
                        <li><a href="#resources">Resources</a></li>
                        <li><a href="#todo">ToDo</a></li>
                </ul>

        </ul>

</ul>
<!-- INDEX END -->

<hr />
<p>
</p>
<h2><a name="cyrus_imapd_v1_+_pam_+_kerberos_v_minihowto">Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</a></h2>
<p>Sebastian Utz  <a&nbsp;href="mailto:seut@netfrag.org">seut@netfrag.org</a></p>
<p><strong>last changes</strong></p>
<pre>
    Revision 1.1  2003/01/25 08:44:50  jonen
    + create new</pre>
<p>
</p>
<h3><a name="description">Description</a></h3>
<p>Install and configure Cyrus Imapd v1 with PAM and Kerberos V support
    (debian way...)</p>
<p>
</p>
<h4><a name="install_cyrus_imapd">install cyrus imapd</a></h4>
<p>Be sure, your deb sources contains kerberosized cyrus packages!</p>
<pre>
  Turbo Fredriksson has good ones:</pre>
<pre>
    deb <a href="ftp://ftp.bayour.com/pub/debian">ftp://ftp.bayour.com/pub/debian</a> local .
    deb-src <a href="ftp://ftp.bayour.com/pub/debian">ftp://ftp.bayour.com/pub/debian</a> local .</pre>
<pre>
  apt-get install cyrus-common cyrus-imapd cyrus-admin</pre>
<p></p>
<p>
</p>
<h4><a name="create_imapd_wrapper_(needed_for_kerberos_v)">create imapd wrapper (needed for kerberos V)</a></h4>
<pre>
  mv /usr/sbin/imapd /usr/sbin/imapd.real
  
  nano /usr/sbin/imapd:
       #!/bin/sh
      KRB5_KTNAME=/etc/krb5.keytab.cyrus
      export KRB5_KTNAME
      exec /usr/sbin/imapd.real $@
      
  chmod a+x /usr/sbin/imapd</pre>
<p>
</p>
<h4><a name="link_pwcheck_to_pwcheck_pam">link pwcheck to pwcheck_pam</a></h4>
<pre>
  rm /etc/alternatives/pwcheck
  
  ln -s /usr/sbin/pwcheck_pam /etc/alternatives/pwcheck</pre>
<p>
</p>
<h4><a name="configure_/etc/pam.d/cyrus">configure /etc/pam.d/cyrus</a></h4>
<pre>
  nano /etc/pam.d/cyrus
     auth    required        pam_krb5.so
     account required        pam_ldap.so</pre>
<p></p>
<p>
</p>
<h4><a name="create_kerberos_imap_service_key">create kerberos imap service key</a></h4>
<pre>
  kadmin.local -q &quot;addprinc -randkey imap/&lt;FQDN&gt;@&lt;YOUR KERBEROS REALM&gt;&quot;
  kadmin.local -q &quot;addprinc -randkey pop/&lt;FQDN&gt;@&lt;YOUR KERBEROS REALM&gt;&quot; 
  kadmin.local -q &quot;ktadd -k /etc/krb5.keytab.cyrus imap/&lt;FQDN&gt;&quot;
  kadmin.local -q &quot;ktadd -k /etc/krb5.keytab.cyrus pop/&lt;FQDN&gt;&quot;
  chown cyrus /etc/krb5.keytab.cyrus</pre>
<p>
</p>
<h3><a name="requirements">Requirements</a></h3>
<pre>
  - Cyrus Imapd v1
  - libpam-krb5
  - Kerberos V</pre>
<p>
</p>
<h3><a name="resources">Resources</a></h3>
<dl>
<dt><strong><a name="item_cyrus_imap_server">Cyrus IMAP Server</a></strong><br />
</dt>
<dd>
<pre>
  - <a href="http://asg.web.cmu.edu/cyrus/imapd/">http://asg.web.cmu.edu/cyrus/imapd/</a></pre>
</dd>
<dt><strong><a name="item_openldap%2c_openssl%2c_sasl_and_kerberosv_howto">OpenLDAP, OpenSSL, SASL and KerberosV HOWTO</a></strong><br />
</dt>
<dd>
<pre>
  - <a href="http://www.bayour.com/LDAPv3-HOWTO.html">http://www.bayour.com/LDAPv3-HOWTO.html</a></pre>
</dd>
</dl>
<p>
</p>
<h3><a name="todo">ToDo</a></h3>
<pre>
  o MORE docu !!
  o is pam really needed if imaps is use with above wrapper?
  o write more about Kerberos V
  o docu installation for other distribution than Debian
  o check out Cyrus Imapd v2 and SASL v2 more and write howto
  x write more about Cyrus SASL</pre>
<p><a href="#__index__"><small>back to top</small></a></p>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="block" valign="middle">
<big><strong><span class="block">&nbsp;Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</span></strong></big>
</td></tr>
</table>

</body>

</html>
1	jonen	1.1	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
2			<html xmlns="http://www.w3.org/1999/xhtml">
3			<head>
4			<title>Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</title>
5	jonen	1.2	<link rel="stylesheet" href="http://netfrag.org/horde/css.php?app=chora" type="text/css" />
6	jonen	1.1	<link rev="made" href="mailto:root@localhost" />
7			</head>
8
9	jonen	1.2	<body>
10			<table border="0" width="100%" cellspacing="0" cellpadding="3">
11			<tr><td class="block" valign="middle">
12			<big><strong><span class="block"> Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</span></strong></big>
13			</td></tr>
14			</table>
15	jonen	1.1
16			<p><a name="__index__"></a></p>
17			<!-- INDEX BEGIN -->
18
19			<ul>
20
21			<ul>
22
23			<li><a href="#cyrus_imapd_v1_+_pam_+_kerberos_v_minihowto">Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</a></li>
24			<ul>
25
26			<li><a href="#description">Description</a></li>
27			<ul>
28
29			<li><a href="#install_cyrus_imapd">install cyrus imapd</a></li>
30			<li><a href="#create_imapd_wrapper_(needed_for_kerberos_v)">create imapd wrapper (needed for kerberos V)</a></li>
31			<li><a href="#link_pwcheck_to_pwcheck_pam">link pwcheck to pwcheck_pam</a></li>
32			<li><a href="#configure_/etc/pam.d/cyrus">configure /etc/pam.d/cyrus</a></li>
33			<li><a href="#create_kerberos_imap_service_key">create kerberos imap service key</a></li>
34			</ul>
35
36			<li><a href="#requirements">Requirements</a></li>
37			<li><a href="#resources">Resources</a></li>
38			<li><a href="#todo">ToDo</a></li>
39			</ul>
40
41			</ul>
42
43			</ul>
44			<!-- INDEX END -->
45
46			<hr />
47			<p>
48			</p>
49			<h2><a name="cyrus_imapd_v1_+_pam_+_kerberos_v_minihowto">Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</a></h2>
50	jonen	1.2	<p>Sebastian Utz <a href="mailto:seut@netfrag.org">seut@netfrag.org</a></p>
51			<p><strong>last changes</strong></p>
52			<pre>
53			Revision 1.1 2003/01/25 08:44:50 jonen
54			+ create new</pre>
55	jonen	1.1	<p>
56			</p>
57			<h3><a name="description">Description</a></h3>
58	jonen	1.2	<p>Install and configure Cyrus Imapd v1 with PAM and Kerberos V support
59			(debian way...)</p>
60	jonen	1.1	<p>
61			</p>
62			<h4><a name="install_cyrus_imapd">install cyrus imapd</a></h4>
63	jonen	1.2	<p>Be sure, your deb sources contains kerberosized cyrus packages!</p>
64			<pre>
65			Turbo Fredriksson has good ones:</pre>
66	jonen	1.1	<pre>
67			deb <a href="ftp://ftp.bayour.com/pub/debian">ftp://ftp.bayour.com/pub/debian</a> local .
68			deb-src <a href="ftp://ftp.bayour.com/pub/debian">ftp://ftp.bayour.com/pub/debian</a> local .</pre>
69			<pre>
70			apt-get install cyrus-common cyrus-imapd cyrus-admin</pre>
71			<p></p>
72			<p>
73			</p>
74			<h4><a name="create_imapd_wrapper_(needed_for_kerberos_v)">create imapd wrapper (needed for kerberos V)</a></h4>
75			<pre>
76			mv /usr/sbin/imapd /usr/sbin/imapd.real
77
78			nano /usr/sbin/imapd:
79			#!/bin/sh
80			KRB5_KTNAME=/etc/krb5.keytab.cyrus
81			export KRB5_KTNAME
82			exec /usr/sbin/imapd.real $@
83
84			chmod a+x /usr/sbin/imapd</pre>
85			<p>
86			</p>
87			<h4><a name="link_pwcheck_to_pwcheck_pam">link pwcheck to pwcheck_pam</a></h4>
88			<pre>
89			rm /etc/alternatives/pwcheck
90
91			ln -s /usr/sbin/pwcheck_pam /etc/alternatives/pwcheck</pre>
92			<p>
93			</p>
94			<h4><a name="configure_/etc/pam.d/cyrus">configure /etc/pam.d/cyrus</a></h4>
95			<pre>
96			nano /etc/pam.d/cyrus
97			auth required pam_krb5.so
98			account required pam_ldap.so</pre>
99			<p></p>
100			<p>
101			</p>
102			<h4><a name="create_kerberos_imap_service_key">create kerberos imap service key</a></h4>
103			<pre>
104			kadmin.local -q "addprinc -randkey imap/<FQDN>@<YOUR KERBEROS REALM>"
105			kadmin.local -q "addprinc -randkey pop/<FQDN>@<YOUR KERBEROS REALM>"
106			kadmin.local -q "ktadd -k /etc/krb5.keytab.cyrus imap/<FQDN>"
107			kadmin.local -q "ktadd -k /etc/krb5.keytab.cyrus pop/<FQDN>"
108			chown cyrus /etc/krb5.keytab.cyrus</pre>
109			<p>
110			</p>
111			<h3><a name="requirements">Requirements</a></h3>
112			<pre>
113			- Cyrus Imapd v1
114			- libpam-krb5
115			- Kerberos V</pre>
116			<p>
117			</p>
118			<h3><a name="resources">Resources</a></h3>
119			<dl>
120			<dt><strong><a name="item_cyrus_imap_server">Cyrus IMAP Server</a></strong><br />
121			</dt>
122			<dd>
123			<pre>
124			- <a href="http://asg.web.cmu.edu/cyrus/imapd/">http://asg.web.cmu.edu/cyrus/imapd/</a></pre>
125			</dd>
126			<dt><strong><a name="item_openldap%2c_openssl%2c_sasl_and_kerberosv_howto">OpenLDAP, OpenSSL, SASL and KerberosV HOWTO</a></strong><br />
127			</dt>
128			<dd>
129			<pre>
130			- <a href="http://www.bayour.com/LDAPv3-HOWTO.html">http://www.bayour.com/LDAPv3-HOWTO.html</a></pre>
131			</dd>
132			</dl>
133			<p>
134			</p>
135			<h3><a name="todo">ToDo</a></h3>
136			<pre>
137			o MORE docu !!
138	jonen	1.2	o is pam really needed if imaps is use with above wrapper?
139	jonen	1.1	o write more about Kerberos V
140			o docu installation for other distribution than Debian
141	jonen	1.2	o check out Cyrus Imapd v2 and SASL v2 more and write howto
142			x write more about Cyrus SASL</pre>
143			<p><a href="#__index__"><small>back to top</small></a></p>
144			<table border="0" width="100%" cellspacing="0" cellpadding="3">
145			<tr><td class="block" valign="middle">
146			<big><strong><span class="block"> Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</span></strong></big>
147			</td></tr>
148			</table>
149	jonen	1.1
150			</body>
151
152			</html>
MailToCvsAdmin">MailToCvsAdmin	ViewVC Help
Powered by ViewVC 1.1.26