welcome: please sign in

Diff for "DaemonAdmin/Courier"

Differences between revisions 3 and 4
Revision 3 as of 2018-04-24 04:34:50
Size: 403
Editor: ClintonEbadi
Comment:
Revision 4 as of 2018-09-20 02:26:43
Size: 1093
Editor: ClintonEbadi
Comment: document that courier needed nopag for vmail users
Deletions are marked like this. Additions are marked like this.
Line 9: Line 9:
== nopag ==

At least through Debian Jessie, courier needed to run with nopag so that vmail users would have tokens, using the following pam config:

{{{
# PAM configuration file for Courier IMAP daemon

#@include common-auth
#@include common-account
#@include common-password
#@include common-session

session required pam_afs_session.so debug nopag always_aklog
auth required pam_krb5.so debug
auth required pam_afs_session.so debug nopag always_aklog
account required pam_krb5.so
}}}

Initially appears that it is no longer needed on Debian Stretch, but storing this here just in case that proves false.

Courier is managed by Puppet class hcoop::service::mail::courier

1. Notes

  • Members authenticate using PAM and therefore read mail as their normal user
  • VMail users gain tokens via /etc/courier/get-token and a local modification to the courier authuserdb method

  • Default generated Debian dh_parameters are OK as of Debian Stretch (3072 bits)

2. nopag

At least through Debian Jessie, courier needed to run with nopag so that vmail users would have tokens, using the following pam config:

# PAM configuration file for Courier IMAP daemon

#@include common-auth
#@include common-account
#@include common-password
#@include common-session

session         required       pam_afs_session.so debug nopag always_aklog
auth            required       pam_krb5.so debug
auth            required       pam_afs_session.so debug nopag always_aklog
account         required       pam_krb5.so

Initially appears that it is no longer needed on Debian Stretch, but storing this here just in case that proves false.


CategorySystemAdministration

DaemonAdmin/Courier (last edited 2018-12-02 20:51:26 by ClintonEbadi)