sysadmin/linux/mini-howto-cyrus_imapd_v1-pam-kerberosV.pod

######################################
#
#  $Id: mini-howto-cyrus_imapd_v1-pam-kerberosV.pod,v 1.1 2003/01/25 08:44:50 jonen Exp $
#
######################################
#
#  $Log: mini-howto-cyrus_imapd_v1-pam-kerberosV.pod,v $
#  Revision 1.1  2003/01/25 08:44:50  jonen
#  + create new
#
#
#
######################################


=pod


=head2  Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo

Sebastian Utz  S<seut@netfrag.org>


B<last changes>

    Revision 1.1  2003/01/25 08:44:50  jonen
    + create new


=head3  Description

Install and configure Cyrus Imapd v1 with PAM and Kerberos V support
    (debian way...)


=head4  install cyrus imapd

Be sure, your deb sources contains kerberosized cyrus packages!

  Turbo Fredriksson has good ones:

    deb ftp://ftp.bayour.com/pub/debian local .
    deb-src ftp://ftp.bayour.com/pub/debian local .

  apt-get install cyrus-common cyrus-imapd cyrus-admin

  
=head4  create imapd wrapper (needed for kerberos V)

  mv /usr/sbin/imapd /usr/sbin/imapd.real
  
  nano /usr/sbin/imapd:
       #!/bin/sh
      KRB5_KTNAME=/etc/krb5.keytab.cyrus
      export KRB5_KTNAME
      exec /usr/sbin/imapd.real $@
      
  chmod a+x /usr/sbin/imapd


=head4  link pwcheck to pwcheck_pam

  rm /etc/alternatives/pwcheck
  
  ln -s /usr/sbin/pwcheck_pam /etc/alternatives/pwcheck
   

=head4  configure /etc/pam.d/cyrus

  nano /etc/pam.d/cyrus
     auth    required        pam_krb5.so
     account required        pam_ldap.so

    
=head4  create kerberos imap service key

  kadmin.local -q "addprinc -randkey imap/<FQDN>@<YOUR KERBEROS REALM>"
  kadmin.local -q "addprinc -randkey pop/<FQDN>@<YOUR KERBEROS REALM>" 
  kadmin.local -q "ktadd -k /etc/krb5.keytab.cyrus imap/<FQDN>"
  kadmin.local -q "ktadd -k /etc/krb5.keytab.cyrus pop/<FQDN>"
  chown cyrus /etc/krb5.keytab.cyrus


=head3 Requirements

  - Cyrus Imapd v1
  - libpam-krb5
  - Kerberos V


=head3 Resources
 

=over

=item  Cyrus IMAP Server 

  - http://asg.web.cmu.edu/cyrus/imapd/

=item  OpenLDAP, OpenSSL, SASL and KerberosV HOWTO

  - http://www.bayour.com/LDAPv3-HOWTO.html

=back


=head3 ToDo

  o MORE docu !!
  o is pam really needed if imaps is use with above wrapper?
  o write more about Kerberos V
  o docu installation for other distribution than Debian
  o check out Cyrus Imapd v2 and SASL v2 more and write howto
  x write more about Cyrus SASL
  

=cut


1	######################################
2	#
3	# $Id: mini-howto-cyrus_imapd_v1-pam-kerberosV.pod,v 1.1 2003/01/25 08:44:50 jonen Exp $
4	#
5	######################################
6	#
7	# $Log: mini-howto-cyrus_imapd_v1-pam-kerberosV.pod,v $
8	# Revision 1.1 2003/01/25 08:44:50 jonen
9	# + create new
10	#
11	#
12	#
13	######################################
14
15
16	=pod
17
18
19
20	=head2 Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo
21
22	Sebastian Utz S<seut@netfrag.org>
23
24
25	B<last changes>
26
27	Revision 1.1 2003/01/25 08:44:50 jonen
28	+ create new
29
30
31
32	=head3 Description
33
34	Install and configure Cyrus Imapd v1 with PAM and Kerberos V support
35	(debian way...)
36
37
38
39
40	=head4 install cyrus imapd
41
42	Be sure, your deb sources contains kerberosized cyrus packages!
43
44	Turbo Fredriksson has good ones:
45
46	deb ftp://ftp.bayour.com/pub/debian local .
47	deb-src ftp://ftp.bayour.com/pub/debian local .
48
49	apt-get install cyrus-common cyrus-imapd cyrus-admin
50
51
52
53
54	=head4 create imapd wrapper (needed for kerberos V)
55
56	mv /usr/sbin/imapd /usr/sbin/imapd.real
57
58	nano /usr/sbin/imapd:
59	#!/bin/sh
60	KRB5_KTNAME=/etc/krb5.keytab.cyrus
61	export KRB5_KTNAME
62	exec /usr/sbin/imapd.real $@
63
64	chmod a+x /usr/sbin/imapd
65
66
67
68
69	=head4 link pwcheck to pwcheck_pam
70
71	rm /etc/alternatives/pwcheck
72
73	ln -s /usr/sbin/pwcheck_pam /etc/alternatives/pwcheck
74
75
76
77
78	=head4 configure /etc/pam.d/cyrus
79
80	nano /etc/pam.d/cyrus
81	auth required pam_krb5.so
82	account required pam_ldap.so
83
84
85
86
87	=head4 create kerberos imap service key
88
89	kadmin.local -q "addprinc -randkey imap/<FQDN>@<YOUR KERBEROS REALM>"
90	kadmin.local -q "addprinc -randkey pop/<FQDN>@<YOUR KERBEROS REALM>"
91	kadmin.local -q "ktadd -k /etc/krb5.keytab.cyrus imap/<FQDN>"
92	kadmin.local -q "ktadd -k /etc/krb5.keytab.cyrus pop/<FQDN>"
93	chown cyrus /etc/krb5.keytab.cyrus
94
95
96
97
98	=head3 Requirements
99
100	- Cyrus Imapd v1
101	- libpam-krb5
102	- Kerberos V
103
104
105
106
107	=head3 Resources
108
109
110	=over
111
112	=item Cyrus IMAP Server
113
114	- http://asg.web.cmu.edu/cyrus/imapd/
115
116	=item OpenLDAP, OpenSSL, SASL and KerberosV HOWTO
117
118	- http://www.bayour.com/LDAPv3-HOWTO.html
119
120	=back
121
122
123	=head3 ToDo
124
125	o MORE docu !!
126	o is pam really needed if imaps is use with above wrapper?
127	o write more about Kerberos V
128	o docu installation for other distribution than Debian
129	o check out Cyrus Imapd v2 and SASL v2 more and write howto
130	x write more about Cyrus SASL
131
132
133
134
135	=cut
136
137
MailToCvsAdmin">MailToCvsAdmin	ViewVC Help
Powered by ViewVC 1.1.26