sysadmin/linux/mini-howto-cyrus_imapd_v1-pam-kerberosV.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</title>
<link rev="made" href="mailto:root@localhost" />
</head>

<body style="background-color: white">

<p><a name="__index__"></a></p>
<!-- INDEX BEGIN -->

<ul>

        <ul>

                <li><a href="#cyrus_imapd_v1_+_pam_+_kerberos_v_minihowto">Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</a></li>
                <ul>

                        <li><a href="#description">Description</a></li>
                        <ul>

                                <li><a href="#install_cyrus_imapd">install cyrus imapd</a></li>
                                <li><a href="#create_imapd_wrapper_(needed_for_kerberos_v)">create imapd wrapper (needed for kerberos V)</a></li>
                                <li><a href="#link_pwcheck_to_pwcheck_pam">link pwcheck to pwcheck_pam</a></li>
                                <li><a href="#configure_/etc/pam.d/cyrus">configure /etc/pam.d/cyrus</a></li>
                                <li><a href="#create_kerberos_imap_service_key">create kerberos imap service key</a></li>
                        </ul>

                        <li><a href="#requirements">Requirements</a></li>
                        <li><a href="#resources">Resources</a></li>
                        <li><a href="#todo">ToDo</a></li>
                        <li><a href="#authors">Authors</a></li>
                        <li><a href="#last_changes">last changes</a></li>
                </ul>

        </ul>

</ul>
<!-- INDEX END -->

<hr />
<p>
</p>
<h2><a name="cyrus_imapd_v1_+_pam_+_kerberos_v_minihowto">Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</a></h2>
<p>
</p>
<h3><a name="description">Description</a></h3>
<pre>
  Install and configure Cyrus Imapd v1 with PAM and Kerberos V support
    (debian way...)</pre>
<p>
</p>
<h4><a name="install_cyrus_imapd">install cyrus imapd</a></h4>
<pre>
  Be sure, your deb sources contains kerberosized cyrus packages!
  Turbo Fredriksson has good ones:
    deb <a href="ftp://ftp.bayour.com/pub/debian">ftp://ftp.bayour.com/pub/debian</a> local .
    deb-src <a href="ftp://ftp.bayour.com/pub/debian">ftp://ftp.bayour.com/pub/debian</a> local .</pre>
<pre>
  apt-get install cyrus-common cyrus-imapd cyrus-admin</pre>
<p></p>
<p>
</p>
<h4><a name="create_imapd_wrapper_(needed_for_kerberos_v)">create imapd wrapper (needed for kerberos V)</a></h4>
<pre>
  mv /usr/sbin/imapd /usr/sbin/imapd.real
  
  nano /usr/sbin/imapd:
       #!/bin/sh
      KRB5_KTNAME=/etc/krb5.keytab.cyrus
      export KRB5_KTNAME
      exec /usr/sbin/imapd.real $@
      
  chmod a+x /usr/sbin/imapd</pre>
<p>
</p>
<h4><a name="link_pwcheck_to_pwcheck_pam">link pwcheck to pwcheck_pam</a></h4>
<pre>
  rm /etc/alternatives/pwcheck
  
  ln -s /usr/sbin/pwcheck_pam /etc/alternatives/pwcheck</pre>
<p>
</p>
<h4><a name="configure_/etc/pam.d/cyrus">configure /etc/pam.d/cyrus</a></h4>
<pre>
  nano /etc/pam.d/cyrus
     auth    required        pam_krb5.so
     account required        pam_ldap.so</pre>
<p></p>
<p>
</p>
<h4><a name="create_kerberos_imap_service_key">create kerberos imap service key</a></h4>
<pre>
  kadmin.local -q &quot;addprinc -randkey imap/&lt;FQDN&gt;@&lt;YOUR KERBEROS REALM&gt;&quot;
  kadmin.local -q &quot;addprinc -randkey pop/&lt;FQDN&gt;@&lt;YOUR KERBEROS REALM&gt;&quot; 
  kadmin.local -q &quot;ktadd -k /etc/krb5.keytab.cyrus imap/&lt;FQDN&gt;&quot;
  kadmin.local -q &quot;ktadd -k /etc/krb5.keytab.cyrus pop/&lt;FQDN&gt;&quot;
  chown cyrus /etc/krb5.keytab.cyrus</pre>
<p>
</p>
<h3><a name="requirements">Requirements</a></h3>
<pre>
  - Cyrus Imapd v1
  - libpam-krb5
  - Kerberos V</pre>
<p>
</p>
<h3><a name="resources">Resources</a></h3>
<dl>
<dt><strong><a name="item_cyrus_imap_server">Cyrus IMAP Server</a></strong><br />
</dt>
<dd>
<pre>
  - <a href="http://asg.web.cmu.edu/cyrus/imapd/">http://asg.web.cmu.edu/cyrus/imapd/</a></pre>
</dd>
<dt><strong><a name="item_openldap%2c_openssl%2c_sasl_and_kerberosv_howto">OpenLDAP, OpenSSL, SASL and KerberosV HOWTO</a></strong><br />
</dt>
<dd>
<pre>
  - <a href="http://www.bayour.com/LDAPv3-HOWTO.html">http://www.bayour.com/LDAPv3-HOWTO.html</a></pre>
</dd>
</dl>
<p>
</p>
<h3><a name="todo">ToDo</a></h3>
<pre>
  o MORE docu !!
  o write more about Kerberos V
  o write more about Cyrus SASL
  o docu installation for other distribution than Debian
  o check out Cyrus Imapd v2 and SASL v2 more and write howto</pre>
<p>
</p>
<h3><a name="authors">Authors</a></h3>
<pre>
  Sebastian Utz seut@tunemedia.de</pre>
<p>
</p>
<h3><a name="last_changes">last changes</a></h3>
<pre>
  Jan 25 2003 05:53:00
    + create new</pre>

</body>

</html>
1	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
2	<html xmlns="http://www.w3.org/1999/xhtml">
3	<head>
4	<title>Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</title>
5	<link rev="made" href="mailto:root@localhost" />
6	</head>
7
8	<body style="background-color: white">
9
10	<p><a name="__index__"></a></p>
11	<!-- INDEX BEGIN -->
12
13	<ul>
14
15	<ul>
16
17	<li><a href="#cyrus_imapd_v1_+_pam_+_kerberos_v_minihowto">Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</a></li>
18	<ul>
19
20	<li><a href="#description">Description</a></li>
21	<ul>
22
23	<li><a href="#install_cyrus_imapd">install cyrus imapd</a></li>
24	<li><a href="#create_imapd_wrapper_(needed_for_kerberos_v)">create imapd wrapper (needed for kerberos V)</a></li>
25	<li><a href="#link_pwcheck_to_pwcheck_pam">link pwcheck to pwcheck_pam</a></li>
26	<li><a href="#configure_/etc/pam.d/cyrus">configure /etc/pam.d/cyrus</a></li>
27	<li><a href="#create_kerberos_imap_service_key">create kerberos imap service key</a></li>
28	</ul>
29
30	<li><a href="#requirements">Requirements</a></li>
31	<li><a href="#resources">Resources</a></li>
32	<li><a href="#todo">ToDo</a></li>
33	<li><a href="#authors">Authors</a></li>
34	<li><a href="#last_changes">last changes</a></li>
35	</ul>
36
37	</ul>
38
39	</ul>
40	<!-- INDEX END -->
41
42	<hr />
43	<p>
44	</p>
45	<h2><a name="cyrus_imapd_v1_+_pam_+_kerberos_v_minihowto">Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</a></h2>
46	<p>
47	</p>
48	<h3><a name="description">Description</a></h3>
49	<pre>
50	Install and configure Cyrus Imapd v1 with PAM and Kerberos V support
51	(debian way...)</pre>
52	<p>
53	</p>
54	<h4><a name="install_cyrus_imapd">install cyrus imapd</a></h4>
55	<pre>
56	Be sure, your deb sources contains kerberosized cyrus packages!
57	Turbo Fredriksson has good ones:
58	deb <a href="ftp://ftp.bayour.com/pub/debian">ftp://ftp.bayour.com/pub/debian</a> local .
59	deb-src <a href="ftp://ftp.bayour.com/pub/debian">ftp://ftp.bayour.com/pub/debian</a> local .</pre>
60	<pre>
61	apt-get install cyrus-common cyrus-imapd cyrus-admin</pre>
62	<p></p>
63	<p>
64	</p>
65	<h4><a name="create_imapd_wrapper_(needed_for_kerberos_v)">create imapd wrapper (needed for kerberos V)</a></h4>
66	<pre>
67	mv /usr/sbin/imapd /usr/sbin/imapd.real
68
69	nano /usr/sbin/imapd:
70	#!/bin/sh
71	KRB5_KTNAME=/etc/krb5.keytab.cyrus
72	export KRB5_KTNAME
73	exec /usr/sbin/imapd.real $@
74
75	chmod a+x /usr/sbin/imapd</pre>
76	<p>
77	</p>
78	<h4><a name="link_pwcheck_to_pwcheck_pam">link pwcheck to pwcheck_pam</a></h4>
79	<pre>
80	rm /etc/alternatives/pwcheck
81
82	ln -s /usr/sbin/pwcheck_pam /etc/alternatives/pwcheck</pre>
83	<p>
84	</p>
85	<h4><a name="configure_/etc/pam.d/cyrus">configure /etc/pam.d/cyrus</a></h4>
86	<pre>
87	nano /etc/pam.d/cyrus
88	auth required pam_krb5.so
89	account required pam_ldap.so</pre>
90	<p></p>
91	<p>
92	</p>
93	<h4><a name="create_kerberos_imap_service_key">create kerberos imap service key</a></h4>
94	<pre>
95	kadmin.local -q "addprinc -randkey imap/<FQDN>@<YOUR KERBEROS REALM>"
96	kadmin.local -q "addprinc -randkey pop/<FQDN>@<YOUR KERBEROS REALM>"
97	kadmin.local -q "ktadd -k /etc/krb5.keytab.cyrus imap/<FQDN>"
98	kadmin.local -q "ktadd -k /etc/krb5.keytab.cyrus pop/<FQDN>"
99	chown cyrus /etc/krb5.keytab.cyrus</pre>
100	<p>
101	</p>
102	<h3><a name="requirements">Requirements</a></h3>
103	<pre>
104	- Cyrus Imapd v1
105	- libpam-krb5
106	- Kerberos V</pre>
107	<p>
108	</p>
109	<h3><a name="resources">Resources</a></h3>
110	<dl>
111	<dt><strong><a name="item_cyrus_imap_server">Cyrus IMAP Server</a></strong><br />
112	</dt>
113	<dd>
114	<pre>
115	- <a href="http://asg.web.cmu.edu/cyrus/imapd/">http://asg.web.cmu.edu/cyrus/imapd/</a></pre>
116	</dd>
117	<dt><strong><a name="item_openldap%2c_openssl%2c_sasl_and_kerberosv_howto">OpenLDAP, OpenSSL, SASL and KerberosV HOWTO</a></strong><br />
118	</dt>
119	<dd>
120	<pre>
121	- <a href="http://www.bayour.com/LDAPv3-HOWTO.html">http://www.bayour.com/LDAPv3-HOWTO.html</a></pre>
122	</dd>
123	</dl>
124	<p>
125	</p>
126	<h3><a name="todo">ToDo</a></h3>
127	<pre>
128	o MORE docu !!
129	o write more about Kerberos V
130	o write more about Cyrus SASL
131	o docu installation for other distribution than Debian
132	o check out Cyrus Imapd v2 and SASL v2 more and write howto</pre>
133	<p>
134	</p>
135	<h3><a name="authors">Authors</a></h3>
136	<pre>
137	Sebastian Utz seut@tunemedia.de</pre>
138	<p>
139	</p>
140	<h3><a name="last_changes">last changes</a></h3>
141	<pre>
142	Jan 25 2003 05:53:00
143	+ create new</pre>
144
145	</body>
146
147	</html>
MailToCvsAdmin">MailToCvsAdmin	ViewVC Help
Powered by ViewVC 1.1.26