exim courier authuserdb

To: debian-isp@lists.debian.org
Subject: exim courier authuserdb
From: Adam Henry <hank@marinar.com>
Date: Thu, 6 Jun 2002 03:55:29 -0400
Message-id: <[🔎] 20020606075529.GD12999@marinar.com>
Greetings,

I am writing this to work through the problem I was _previously_
having with configuring exim+virtual-systemless-accounts+courier-*.
It should not take much work to get this working with Mysql in the
future.

My requirements were basically Maildir support with virtualhosting
capability.  I wanted to use Exim because it seems actively developed,
and is natively packaged under Debian.  Courier POP/IMAP seemed the
best implementation (others were too immature, or lacked either Maildir
or virthosts without un-audited patches).

I'm running woody with these relevant packages:

	ii  exim           3.34-1
	ii  courier-authda 0.37.3-2
	ii  courier-base   0.37.3-2
	ii  courier-doc    0.37.3-2
	ii  courier-imap   1.4.3-2
	ii  courier-pop   1.4.3-2

I have a working installation of Exim, which delivers using Maildir
format to '/home/virtualmail/${domain}/${local_part}/Maildir/'.

Here is what I have tried so far in accordance with the docs for
courier-imap:
	
	# userdb hank@knah.marinar.com set \
	> home=/home/virtualmail/knah.marinar.com/hank/Maildir \
	> mail=/home/virtualmail/knah.marinar.com/hank/Maildir uid=8 gid=8

	# userdbpw -md5 | userdb hank@knah.marinar.com set systempw
	# makeuserdb

Unless I'm reading this wrong, according to
<http://www.courier-mta.org/FAQ.html#authlib>, I cannot use PAM and
still take advantage of system-less home directories:

	NOTE: PAM is only used for authenticating password. The authpam
	module still uses the pwd.h and group.h library to find the
	 home directory and mailbox.

So instead of configuring authdaemon to use PAM, I ask it nicely to
use authuserdb:

	##NAME: authmodulelist:0
	#
	# The authentication modules that are linked into authdaemond.
	# The default list is installed. You may selectively disable
	# modules simply by removing them from the following list.
	# The available modules you can use are: authcustom authcram
	# authuserdb authldap authmysql authpam

	# authmodulelist="authpam"
	authmodulelist="authuserdb"

I then make sure everything has been restarted:

	# ps ax | grep courier

	/usr/lib/courier/authlib/authdaemond.plain start
	/usr/lib/courier/authlib/authdaemond.plain start
	/usr/lib/courier/authlib/authdaemond.plain start
	/usr/lib/courier/authlib/authdaemond.plain start
	/usr/lib/courier/authlib/authdaemond.plain start
	/usr/lib/courier/authlib/authdaemond.plain start
	/usr/sbin/couriertcpd -address=0 -stderrlogger=/usr/sbin/courierlogger -maxprocs=40 -maxperip=4 -pid=/var/run/courier/imapd.pid -nodnslookup -noidentlookup 143 /usr/lib/courier/courier/imaplogin /usr/lib/courier/authlib/authdaemon /usr/bin/imapd Maildir
	/usr/sbin/courierlogger imaplogin

Here is the fetchmail info:

	# cat ~/.fetchmailrc	
	poll knah.marinar.com proto imap user "hank@knah.marinar.com" pass "p" is ahank here 

	# fetchmail -v -c
	fetchmail: 5.9.11 querying knah.marinar.com (protocol IMAP) at Thu Jun
	6 02:49:54 2002: poll started
	fetchmail: IMAP< * OK Courier-IMAP ready. Copyright 1998-2002 Double
	Precision,
	Inc.  See COPYING for distribution information.
	fetchmail: IMAP> A0001 CAPABILITY
	fetchmail: IMAP< * CAPABILITY IMAP4rev1 CHILDREN NAMESPACE
	THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT
	fetchmail: IMAP< A0001 OK CAPABILITY completed
	fetchmail: IMAP> A0002 LOGIN "hank@knah.marinar.com" "*"
	fetchmail: IMAP< A0002 OK LOGIN Ok.
	fetchmail: IMAP> A0003 EXAMINE "INBOX"
	fetchmail: IMAP< * FLAGS (\Draft \Answered \Flagged \Deleted \Seen
	\Recent)
	fetchmail: IMAP< * OK [PERMANENTFLAGS ()] No permanent flags permitted
	fetchmail: IMAP< * 4 EXISTS
	fetchmail: IMAP< * 4 RECENT
	fetchmail: IMAP< * OK [UIDVALIDITY 1023346194] Ok
	fetchmail: IMAP< A0003 OK [READ-ONLY] Ok
	fetchmail: IMAP> A0004 SEARCH UNSEEN
	fetchmail: IMAP< * SEARCH 1 2 3 4
	fetchmail: IMAP< A0004 OK SEARCH done.
	4 messages for hank@knah.marinar.com at knah.marinar.com.
	fetchmail: IMAP> A0005 LOGOUT
	fetchmail: IMAP< * BYE Courier-IMAP server shutting down
	fetchmail: IMAP< A0005 OK LOGOUT completed
	fetchmail: 5.9.11 querying knah.marinar.com (protocol IMAP) at Thu Jun
	6 02:49:54 2002: poll completed
	fetchmail: normal termination, status 0

	# tail -f /var/log/syslog
	Jun  6 02:50:26 hank imaplogin: Connection, ip=[::ffff:209.176.88.254]
	Jun  6 02:50:26 hank imaplogin: LOGIN, user=hank@knah.marinar.com,
	ip=[::ffff:209.176.88.254]
	Jun  6 02:50:26 hank imaplogin: LOGOUT, user=hank@knah.marinar.com,
	ip=[::ffff:209.176.88.254], headers=0, body=0

Works beautifully (IMAP is 2 seconds faster).  The trick for me was the
'NOTE' about not using PAM.  I thought I would be able to slip in this
to get the PAM working before:

	auth            required       pam_userdb.so    nullok
	account         required       pam_userdb.so
	password        required       pam_userdb.so    md5
	session         required       pam_userdb.so

However, I only get a very non-descriptive error message saying
authentication failed when I use authpam in authdaemonrc.  I like the
idea of still using PAM, and am confused by the desclaimer described
above, so if anyone knows any better please let me know.

I hope this information is of aid to someone of similar configuration
requirement.

thanks for listening,
hank

-- 
Adam Henry <hank@marinar.com> | Phn: 440.354.1458x24
Marinar Communications Group  | Mob: 439.742.0011


-- 
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to:
Prev by Date: new user, new install
Next by Date: Anything magic about PHP4 and gettext?
Previous by thread: new user, new install
Next by thread: Anything magic about PHP4 and gettext?
Index(es):
- Date
- Thread