sysadmin/linux/mini-howto-cyrus_imapd_v1-pam-kerberosV.pod

######################################
#
#  $Id: mini-howto-cyrus_imapd_v1-pam-kerberosV.pod,v 1.1 2003/01/25 08:44:50 jonen Exp $
#
######################################
#
#  $Log: mini-howto-cyrus_imapd_v1-pam-kerberosV.pod,v $
#  Revision 1.1  2003/01/25 08:44:50  jonen
#  + create new
#
#
#
######################################


=pod


=head2  Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo

Sebastian Utz  S<seut@netfrag.org>


B<last changes>

    Revision 1.1  2003/01/25 08:44:50  jonen
    + create new


=head3  Description

Install and configure Cyrus Imapd v1 with PAM and Kerberos V support
    (debian way...)


=head4  install cyrus imapd

Be sure, your deb sources contains kerberosized cyrus packages!

  Turbo Fredriksson has good ones:

    deb ftp://ftp.bayour.com/pub/debian local .
    deb-src ftp://ftp.bayour.com/pub/debian local .

  apt-get install cyrus-common cyrus-imapd cyrus-admin

  
=head4  create imapd wrapper (needed for kerberos V)

  mv /usr/sbin/imapd /usr/sbin/imapd.real
  
  nano /usr/sbin/imapd:
       #!/bin/sh
      KRB5_KTNAME=/etc/krb5.keytab.cyrus
      export KRB5_KTNAME
      exec /usr/sbin/imapd.real $@
      
  chmod a+x /usr/sbin/imapd


=head4  link pwcheck to pwcheck_pam

  rm /etc/alternatives/pwcheck
  
  ln -s /usr/sbin/pwcheck_pam /etc/alternatives/pwcheck
   

=head4  configure /etc/pam.d/cyrus

  nano /etc/pam.d/cyrus
     auth    required        pam_krb5.so
     account required        pam_ldap.so

    
=head4  create kerberos imap service key

  kadmin.local -q "addprinc -randkey imap/<FQDN>@<YOUR KERBEROS REALM>"
  kadmin.local -q "addprinc -randkey pop/<FQDN>@<YOUR KERBEROS REALM>" 
  kadmin.local -q "ktadd -k /etc/krb5.keytab.cyrus imap/<FQDN>"
  kadmin.local -q "ktadd -k /etc/krb5.keytab.cyrus pop/<FQDN>"
  chown cyrus /etc/krb5.keytab.cyrus


=head3 Requirements

  - Cyrus Imapd v1
  - libpam-krb5
  - Kerberos V


=head3 Resources
 

=over

=item  Cyrus IMAP Server 

  - http://asg.web.cmu.edu/cyrus/imapd/

=item  OpenLDAP, OpenSSL, SASL and KerberosV HOWTO

  - http://www.bayour.com/LDAPv3-HOWTO.html

=back


=head3 ToDo

  o MORE docu !!
  o is pam really needed if imaps is use with above wrapper?
  o write more about Kerberos V
  o docu installation for other distribution than Debian
  o check out Cyrus Imapd v2 and SASL v2 more and write howto
  x write more about Cyrus SASL
  

=cut


1	jonen	1.1	######################################
2			#
3	jonen	1.2	# $Id: mini-howto-cyrus_imapd_v1-pam-kerberosV.pod,v 1.1 2003/01/25 08:44:50 jonen Exp $
4	jonen	1.1	#
5			######################################
6			#
7	jonen	1.2	# $Log: mini-howto-cyrus_imapd_v1-pam-kerberosV.pod,v $
8			# Revision 1.1 2003/01/25 08:44:50 jonen
9			# + create new
10			#
11	jonen	1.1	#
12			#
13			######################################
14
15
16			=pod
17
18
19
20			=head2 Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo
21
22	jonen	1.2	Sebastian Utz S<seut@netfrag.org>
23
24
25			B<last changes>
26
27			Revision 1.1 2003/01/25 08:44:50 jonen
28			+ create new
29
30	jonen	1.1
31
32			=head3 Description
33
34	jonen	1.2	Install and configure Cyrus Imapd v1 with PAM and Kerberos V support
35	jonen	1.1	(debian way...)
36
37
38
39
40			=head4 install cyrus imapd
41
42	jonen	1.2	Be sure, your deb sources contains kerberosized cyrus packages!
43
44	jonen	1.1	Turbo Fredriksson has good ones:
45	jonen	1.2
46	jonen	1.1	deb ftp://ftp.bayour.com/pub/debian local .
47			deb-src ftp://ftp.bayour.com/pub/debian local .
48
49			apt-get install cyrus-common cyrus-imapd cyrus-admin
50
51
52
53
54			=head4 create imapd wrapper (needed for kerberos V)
55
56			mv /usr/sbin/imapd /usr/sbin/imapd.real
57
58			nano /usr/sbin/imapd:
59			#!/bin/sh
60			KRB5_KTNAME=/etc/krb5.keytab.cyrus
61			export KRB5_KTNAME
62			exec /usr/sbin/imapd.real $@
63
64			chmod a+x /usr/sbin/imapd
65
66
67
68
69			=head4 link pwcheck to pwcheck_pam
70
71			rm /etc/alternatives/pwcheck
72
73			ln -s /usr/sbin/pwcheck_pam /etc/alternatives/pwcheck
74
75
76
77
78			=head4 configure /etc/pam.d/cyrus
79
80			nano /etc/pam.d/cyrus
81			auth required pam_krb5.so
82			account required pam_ldap.so
83
84
85
86
87			=head4 create kerberos imap service key
88
89			kadmin.local -q "addprinc -randkey imap/<FQDN>@<YOUR KERBEROS REALM>"
90			kadmin.local -q "addprinc -randkey pop/<FQDN>@<YOUR KERBEROS REALM>"
91			kadmin.local -q "ktadd -k /etc/krb5.keytab.cyrus imap/<FQDN>"
92			kadmin.local -q "ktadd -k /etc/krb5.keytab.cyrus pop/<FQDN>"
93			chown cyrus /etc/krb5.keytab.cyrus
94
95
96
97
98			=head3 Requirements
99
100			- Cyrus Imapd v1
101			- libpam-krb5
102			- Kerberos V
103
104
105
106
107			=head3 Resources
108
109
110			=over
111
112			=item Cyrus IMAP Server
113
114			- http://asg.web.cmu.edu/cyrus/imapd/
115
116			=item OpenLDAP, OpenSSL, SASL and KerberosV HOWTO
117
118			- http://www.bayour.com/LDAPv3-HOWTO.html
119
120			=back
121
122
123			=head3 ToDo
124
125			o MORE docu !!
126	jonen	1.2	o is pam really needed if imaps is use with above wrapper?
127	jonen	1.1	o write more about Kerberos V
128			o docu installation for other distribution than Debian
129			o check out Cyrus Imapd v2 and SASL v2 more and write howto
130	jonen	1.2	x write more about Cyrus SASL
131	jonen	1.1
132
133
134
135			=cut
136
137
MailToCvsAdmin">MailToCvsAdmin	ViewVC Help
Powered by ViewVC 1.1.26