|
Size: 1093
Comment: document that courier needed nopag for vmail users
|
← Revision 5 as of 2018-12-02 20:51:26 ⇥
Size: 1062
Comment: we ended up having to use nopag for courier after all
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 11: | Line 11: |
| At least through Debian Jessie, courier needed to run with nopag so that vmail users would have tokens, using the following pam config: | At least through Debian Stretch, courier needs to run with nopag so that vmail users would have tokens, using the following pam config: |
| Line 27: | Line 27: |
| Initially appears that it is no longer needed on Debian Stretch, but storing this here just in case that proves false. | Using standard PAM config seems to work in ''some'' cases, but fails most of the time. |
Courier is managed by Puppet class hcoop::service::mail::courier
1. Notes
- Members authenticate using PAM and therefore read mail as their normal user
VMail users gain tokens via /etc/courier/get-token and a local modification to the courier authuserdb method
- Default generated Debian dh_parameters are OK as of Debian Stretch (3072 bits)
2. nopag
At least through Debian Stretch, courier needs to run with nopag so that vmail users would have tokens, using the following pam config:
# PAM configuration file for Courier IMAP daemon #@include common-auth #@include common-account #@include common-password #@include common-session session required pam_afs_session.so debug nopag always_aklog auth required pam_krb5.so debug auth required pam_afs_session.so debug nopag always_aklog account required pam_krb5.so
Using standard PAM config seems to work in some cases, but fails most of the time.