Penn Computing
Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

Kerberos Authenticated POP/IMAP Service Installation Instructions

This document describes how to install Kerberos authenticated POP and IMAP service on Penn UNIX servers using University of Washington's popular, open-source IMAP server software.

Prerequisites

  1. Install the MIT Kerberos V5 distribution using the Penn installation instructions.

Obtain and unpack the software

  1. Download the most current imap source distribution, to which this URL always points:

    ftp://ftp.cac.washington.edu/mail/imap.tar.Z

  2. Unpack the imap distribution and move to the directory it creates. The directory name will be "imap-", the release year, a letter if a minor revision, and a distribution status:

    zcat imap.tar.Z | tar xvf - cd imap-2002.RC2

Compile and install the software

  1. Before compiling the software, look at the file 'Makefile' to determine the 3-letter code for your platform type. Use this code with 'make' in step 2. For example, in the case of FreeBSD the code is 'bsf'.

  2. Compile the software with the 3-letter code for your platform. Using the previous example, you would issue this command to allow only kerberized authentication:

    make bsf EXTRADRIVERS= EXTRAAUTHENTICATORS=gss PASSWDTYPE=nul

    To allow traditional authentication in addition to Kerberized authentication, use the following "make" command instead:

    make bsf EXTRADRIVERS= EXTRAAUTHENTICATORS=gss
    

  3. Install the binaries and manual pages according to the install instructions and your group's conventions. For example::

    cp imapd/imapd /usr/local/sbin/imapd cp src/imapd/imapd.8c /usr/local/man/man8/imapd.8 cp ipopd/ipop3d /usr/local/sbin/ipop3d cp src/ipopd/ipopd.8c /usr/local/man/man8/ipop3d.8

  4. Create principals and keytabs for POP and IMAP. Run 'kadmin':

    kadmin -p username/kadmin-dept.upenn.edu [you will be prompted for your password here]

  5. Issue commands (still from within 'kadmin') to create the service principals for IMAP and POP for your system (addprinc), then extract keytabs for them to your host (ktadd):

    addprinc -randkey +requires_preauth imap/machine.dept.upenn.edu addprinc -randkey +requires_preauth pop/machine.dept.upenn.edu ktadd imap/machine.dept.upenn.edu pop/machine.dept.upenn.edu exit

  6. Make sure the /etc/services has the following entries for POP and IMAP service:

    imap 143/tcp pop3 110/tcp

  7. Insert entries for the servers into /etc/inetd.conf for POP and IMAP:

    imap stream tcp nowait root /usr/local/sbin/imapd imapd pop3 stream tcp nowait root /usr/local/sbin/ipop3d ipop3d

    Note:

    The service name (the first word in the inetd.conf lines) must match the service names specified in the /etc/services file in step 6.

    If your system uses xinetd (http://www.xinetd.org) instead of inetd, consult your documentation for configuration particulars.

    If you use firewalls, tcp-wrappers or other restrictions on access, be sure to modify firewall or tcp-wrappers rules to allow the new services.

  8. Restart 'inetd' using the appropriate procedure for the system. (On most machines, send SIGHUP signal to inetd process.

top

Information Systems and Computing
University of Pennsylvania
Comments & Questions


University of Pennsylvania Penn Computing University of Pennsylvania Information Systems & Computing (ISC)
Information Systems and Computing, University of Pennsylvania