|
Size: 403
Comment:
|
Size: 1093
Comment: document that courier needed nopag for vmail users
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 9: | Line 9: |
| == nopag == At least through Debian Jessie, courier needed to run with nopag so that vmail users would have tokens, using the following pam config: {{{ # PAM configuration file for Courier IMAP daemon #@include common-auth #@include common-account #@include common-password #@include common-session session required pam_afs_session.so debug nopag always_aklog auth required pam_krb5.so debug auth required pam_afs_session.so debug nopag always_aklog account required pam_krb5.so }}} Initially appears that it is no longer needed on Debian Stretch, but storing this here just in case that proves false. |
Courier is managed by Puppet class hcoop::service::mail::courier
1. Notes
- Members authenticate using PAM and therefore read mail as their normal user
VMail users gain tokens via /etc/courier/get-token and a local modification to the courier authuserdb method
- Default generated Debian dh_parameters are OK as of Debian Stretch (3072 bits)
2. nopag
At least through Debian Jessie, courier needed to run with nopag so that vmail users would have tokens, using the following pam config:
# PAM configuration file for Courier IMAP daemon #@include common-auth #@include common-account #@include common-password #@include common-session session required pam_afs_session.so debug nopag always_aklog auth required pam_krb5.so debug auth required pam_afs_session.so debug nopag always_aklog account required pam_krb5.so
Initially appears that it is no longer needed on Debian Stretch, but storing this here just in case that proves false.