| 1 |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> |
| 2 |
<html xmlns="http://www.w3.org/1999/xhtml"> |
| 3 |
<head> |
| 4 |
<title>Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</title> |
| 5 |
<link rel="stylesheet" href="http://netfrag.org/horde/css.php?app=chora" type="text/css" /> |
| 6 |
<link rev="made" href="mailto:root@localhost" /> |
| 7 |
</head> |
| 8 |
|
| 9 |
<body> |
| 10 |
<table border="0" width="100%" cellspacing="0" cellpadding="3"> |
| 11 |
<tr><td class="block" valign="middle"> |
| 12 |
<big><strong><span class="block"> Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</span></strong></big> |
| 13 |
</td></tr> |
| 14 |
</table> |
| 15 |
|
| 16 |
<p><a name="__index__"></a></p> |
| 17 |
<!-- INDEX BEGIN --> |
| 18 |
|
| 19 |
<ul> |
| 20 |
|
| 21 |
<ul> |
| 22 |
|
| 23 |
<li><a href="#cyrus_imapd_v1_+_pam_+_kerberos_v_minihowto">Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</a></li> |
| 24 |
<ul> |
| 25 |
|
| 26 |
<li><a href="#description">Description</a></li> |
| 27 |
<ul> |
| 28 |
|
| 29 |
<li><a href="#install_cyrus_imapd">install cyrus imapd</a></li> |
| 30 |
<li><a href="#create_imapd_wrapper_(needed_for_kerberos_v)">create imapd wrapper (needed for kerberos V)</a></li> |
| 31 |
<li><a href="#link_pwcheck_to_pwcheck_pam">link pwcheck to pwcheck_pam</a></li> |
| 32 |
<li><a href="#configure_/etc/pam.d/cyrus">configure /etc/pam.d/cyrus</a></li> |
| 33 |
<li><a href="#create_kerberos_imap_service_key">create kerberos imap service key</a></li> |
| 34 |
</ul> |
| 35 |
|
| 36 |
<li><a href="#requirements">Requirements</a></li> |
| 37 |
<li><a href="#resources">Resources</a></li> |
| 38 |
<li><a href="#todo">ToDo</a></li> |
| 39 |
</ul> |
| 40 |
|
| 41 |
</ul> |
| 42 |
|
| 43 |
</ul> |
| 44 |
<!-- INDEX END --> |
| 45 |
|
| 46 |
<hr /> |
| 47 |
<p> |
| 48 |
</p> |
| 49 |
<h2><a name="cyrus_imapd_v1_+_pam_+_kerberos_v_minihowto">Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</a></h2> |
| 50 |
<p>Sebastian Utz <a href="mailto:seut@netfrag.org">seut@netfrag.org</a></p> |
| 51 |
<p><strong>last changes</strong></p> |
| 52 |
<pre> |
| 53 |
Revision 1.1 2003/01/25 08:44:50 jonen |
| 54 |
+ create new</pre> |
| 55 |
<p> |
| 56 |
</p> |
| 57 |
<h3><a name="description">Description</a></h3> |
| 58 |
<p>Install and configure Cyrus Imapd v1 with PAM and Kerberos V support |
| 59 |
(debian way...)</p> |
| 60 |
<p> |
| 61 |
</p> |
| 62 |
<h4><a name="install_cyrus_imapd">install cyrus imapd</a></h4> |
| 63 |
<p>Be sure, your deb sources contains kerberosized cyrus packages!</p> |
| 64 |
<pre> |
| 65 |
Turbo Fredriksson has good ones:</pre> |
| 66 |
<pre> |
| 67 |
deb <a href="ftp://ftp.bayour.com/pub/debian">ftp://ftp.bayour.com/pub/debian</a> local . |
| 68 |
deb-src <a href="ftp://ftp.bayour.com/pub/debian">ftp://ftp.bayour.com/pub/debian</a> local .</pre> |
| 69 |
<pre> |
| 70 |
apt-get install cyrus-common cyrus-imapd cyrus-admin</pre> |
| 71 |
<p></p> |
| 72 |
<p> |
| 73 |
</p> |
| 74 |
<h4><a name="create_imapd_wrapper_(needed_for_kerberos_v)">create imapd wrapper (needed for kerberos V)</a></h4> |
| 75 |
<pre> |
| 76 |
mv /usr/sbin/imapd /usr/sbin/imapd.real |
| 77 |
|
| 78 |
nano /usr/sbin/imapd: |
| 79 |
#!/bin/sh |
| 80 |
KRB5_KTNAME=/etc/krb5.keytab.cyrus |
| 81 |
export KRB5_KTNAME |
| 82 |
exec /usr/sbin/imapd.real $@ |
| 83 |
|
| 84 |
chmod a+x /usr/sbin/imapd</pre> |
| 85 |
<p> |
| 86 |
</p> |
| 87 |
<h4><a name="link_pwcheck_to_pwcheck_pam">link pwcheck to pwcheck_pam</a></h4> |
| 88 |
<pre> |
| 89 |
rm /etc/alternatives/pwcheck |
| 90 |
|
| 91 |
ln -s /usr/sbin/pwcheck_pam /etc/alternatives/pwcheck</pre> |
| 92 |
<p> |
| 93 |
</p> |
| 94 |
<h4><a name="configure_/etc/pam.d/cyrus">configure /etc/pam.d/cyrus</a></h4> |
| 95 |
<pre> |
| 96 |
nano /etc/pam.d/cyrus |
| 97 |
auth required pam_krb5.so |
| 98 |
account required pam_ldap.so</pre> |
| 99 |
<p></p> |
| 100 |
<p> |
| 101 |
</p> |
| 102 |
<h4><a name="create_kerberos_imap_service_key">create kerberos imap service key</a></h4> |
| 103 |
<pre> |
| 104 |
kadmin.local -q "addprinc -randkey imap/<FQDN>@<YOUR KERBEROS REALM>" |
| 105 |
kadmin.local -q "addprinc -randkey pop/<FQDN>@<YOUR KERBEROS REALM>" |
| 106 |
kadmin.local -q "ktadd -k /etc/krb5.keytab.cyrus imap/<FQDN>" |
| 107 |
kadmin.local -q "ktadd -k /etc/krb5.keytab.cyrus pop/<FQDN>" |
| 108 |
chown cyrus /etc/krb5.keytab.cyrus</pre> |
| 109 |
<p> |
| 110 |
</p> |
| 111 |
<h3><a name="requirements">Requirements</a></h3> |
| 112 |
<pre> |
| 113 |
- Cyrus Imapd v1 |
| 114 |
- libpam-krb5 |
| 115 |
- Kerberos V</pre> |
| 116 |
<p> |
| 117 |
</p> |
| 118 |
<h3><a name="resources">Resources</a></h3> |
| 119 |
<dl> |
| 120 |
<dt><strong><a name="item_cyrus_imap_server">Cyrus IMAP Server</a></strong><br /> |
| 121 |
</dt> |
| 122 |
<dd> |
| 123 |
<pre> |
| 124 |
- <a href="http://asg.web.cmu.edu/cyrus/imapd/">http://asg.web.cmu.edu/cyrus/imapd/</a></pre> |
| 125 |
</dd> |
| 126 |
<dt><strong><a name="item_openldap%2c_openssl%2c_sasl_and_kerberosv_howto">OpenLDAP, OpenSSL, SASL and KerberosV HOWTO</a></strong><br /> |
| 127 |
</dt> |
| 128 |
<dd> |
| 129 |
<pre> |
| 130 |
- <a href="http://www.bayour.com/LDAPv3-HOWTO.html">http://www.bayour.com/LDAPv3-HOWTO.html</a></pre> |
| 131 |
</dd> |
| 132 |
</dl> |
| 133 |
<p> |
| 134 |
</p> |
| 135 |
<h3><a name="todo">ToDo</a></h3> |
| 136 |
<pre> |
| 137 |
o MORE docu !! |
| 138 |
o is pam really needed if imaps is use with above wrapper? |
| 139 |
o write more about Kerberos V |
| 140 |
o docu installation for other distribution than Debian |
| 141 |
o check out Cyrus Imapd v2 and SASL v2 more and write howto |
| 142 |
x write more about Cyrus SASL</pre> |
| 143 |
<p><a href="#__index__"><small>back to top</small></a></p> |
| 144 |
<table border="0" width="100%" cellspacing="0" cellpadding="3"> |
| 145 |
<tr><td class="block" valign="middle"> |
| 146 |
<big><strong><span class="block"> Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo</span></strong></big> |
| 147 |
</td></tr> |
| 148 |
</table> |
| 149 |
|
| 150 |
</body> |
| 151 |
|
| 152 |
</html> |
Parent Directory
| 
Revision Log
