######################################
#
#  $Id: mini-howto-cyrus_imapd_v1-pam-kerberosV.pod,v 1.2 2003/01/27 09:21:51 jonen Exp $
#
######################################
#
#  $Log: mini-howto-cyrus_imapd_v1-pam-kerberosV.pod,v $
#  Revision 1.2  2003/01/27 09:21:51  jonen
#  + updated
#
#  Revision 1.1  2003/01/25 08:44:50  jonen
#  + create new
#
#
#
######################################


=pod



=head2  Cyrus Imapd v1 + PAM + Kerberos V mini-HowTo

Sebastian Utz  S<seut@netfrag.org>


B<last changes>

    Revision 1.1  2003/01/25 08:44:50  jonen
    + create new



=head3  Description

Install and configure Cyrus Imapd v1 with PAM and Kerberos V support
    (debian way...)




=head4  install cyrus imapd

Be sure, your deb sources contains kerberosized cyrus packages!

  Turbo Fredriksson has good ones:

    deb ftp://ftp.bayour.com/pub/debian local .
    deb-src ftp://ftp.bayour.com/pub/debian local .

  apt-get install cyrus-common cyrus-imapd cyrus-admin

  


=head4  create imapd wrapper (needed for kerberos V)

  mv /usr/sbin/imapd /usr/sbin/imapd.real
  
  nano /usr/sbin/imapd:
       #!/bin/sh
      KRB5_KTNAME=/etc/krb5.keytab.cyrus
      export KRB5_KTNAME
      exec /usr/sbin/imapd.real $@
      
  chmod a+x /usr/sbin/imapd




=head4  link pwcheck to pwcheck_pam

  rm /etc/alternatives/pwcheck
  
  ln -s /usr/sbin/pwcheck_pam /etc/alternatives/pwcheck
   



=head4  configure /etc/pam.d/cyrus

  nano /etc/pam.d/cyrus
     auth    required        pam_krb5.so
     account required        pam_ldap.so

    


=head4  create kerberos imap service key

  kadmin.local -q "addprinc -randkey imap/<FQDN>@<YOUR KERBEROS REALM>"
  kadmin.local -q "addprinc -randkey pop/<FQDN>@<YOUR KERBEROS REALM>" 
  kadmin.local -q "ktadd -k /etc/krb5.keytab.cyrus imap/<FQDN>"
  kadmin.local -q "ktadd -k /etc/krb5.keytab.cyrus pop/<FQDN>"
  chown cyrus /etc/krb5.keytab.cyrus




=head3 Requirements

  - Cyrus Imapd v1
  - libpam-krb5
  - Kerberos V




=head3 Resources
 

=over

=item  Cyrus IMAP Server 

  - http://asg.web.cmu.edu/cyrus/imapd/

=item  OpenLDAP, OpenSSL, SASL and KerberosV HOWTO

  - http://www.bayour.com/LDAPv3-HOWTO.html

=back


=head3 ToDo

  o MORE docu !!
  o is pam really needed if imaps is use with above wrapper?
  o write more about Kerberos V
  o docu installation for other distribution than Debian
  o check out Cyrus Imapd v2 and SASL v2 more and write howto
  x write more about Cyrus SASL
  



=cut