User Tools
sspi_gssapi_аутентификация_для_сервиса_imapd
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
sspi_gssapi_аутентификация_для_сервиса_imapd [2009/04/21 12:10] val |
— (current) | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== SSPI/GSSAPI аутентификация для сервиса imapd ====== | ||
| - | |||
| - | ===== Регистрация сервиса imap в AD ===== | ||
| - | |||
| - | Добавляем пользователя в AD | ||
| - | <code> | ||
| - | Login: gXimap | ||
| - | Password: Pa$$w0rd | ||
| - | </code> | ||
| - | Пароль не меняется и не устаревает | ||
| - | |||
| - | ===== Копирования ключа KERBEROS AD на сервер imap ===== | ||
| - | <code> | ||
| - | C:\>ktpass -princ imap/gX.adX.class@ADX.CLASS -mapuser gXimap -pass 'Pa$$w0rd' -out gXimap.keytab | ||
| - | |||
| - | C:\>pscp gXimap.keytab student@gX: | ||
| - | |||
| - | gX# ktutil copy ~student/gXimap.keytab /etc/krb5.keytab | ||
| - | |||
| - | gX# ktutil list | ||
| - | |||
| - | gX# chmod +r /etc/krb5.keytab | ||
| - | </code> | ||
| - | |||
| - | ===== Инсталяция IMAP сервера ===== | ||
| - | |||
| - | ==== FreeBSD ==== | ||
| - | <code> | ||
| - | [gX:~] # pkg_add -r cyrus-imapd22 | ||
| - | |||
| - | [gX:~] # rehash | ||
| - | |||
| - | [gX:~] # cd /usr/local/etc | ||
| - | </code> | ||
| - | |||
| - | ==== Ubuntu ==== | ||
| - | <code> | ||
| - | root@gX:~# apt-get install postfix | ||
| - | (Internet Site) | ||
| - | |||
| - | root@gX:~# apt-get install cyrus-imapd-2.2 cyrus-admin-2.2 | ||
| - | root@gX:~# apt-get install sasl2-bin libsasl2-modules-gssapi-mit | ||
| - | |||
| - | root@gX:~# cd /etc | ||
| - | </code> | ||
| - | |||
| - | ===== Настройка IMAP сервера ===== | ||
| - | <code> | ||
| - | gX# rcsdiff imapd.conf | ||
| - | ... | ||
| - | 108c108 | ||
| - | < #admins: <none> | ||
| - | --- | ||
| - | > admins: cyrus | ||
| - | </code> | ||
| - | |||
| - | ===== Инициализация хранилища почты IMAP сервера и запуск сервера===== | ||
| - | |||
| - | ==== FreeBSD ==== | ||
| - | <code> | ||
| - | [gX:~] # mkdir /var/imap | ||
| - | [gX:~] # mkdir /var/spool/imap | ||
| - | [gX:~] # chown -R cyrus:mail /var/imap | ||
| - | [gX:~] # chown -R cyrus:mail /var/spool/imap | ||
| - | [gX:~] # chmod -R 750 /var/imap | ||
| - | [gX:~] # chmod -R 750 /var/spool/imap | ||
| - | |||
| - | [gX:~] # su cyrus | ||
| - | %/usr/local/cyrus/bin/mkimap | ||
| - | ... | ||
| - | |||
| - | %exit | ||
| - | |||
| - | [gX:~] # cat /etc/rc.conf | ||
| - | ... | ||
| - | cyrus_imapd_enable=yes | ||
| - | |||
| - | [gX:~]# /usr/local/etc/rc.d/imapd start | ||
| - | </code> | ||
| - | |||
| - | ==== Ubuntu ==== | ||
| - | <code> | ||
| - | root@gX:~# chown -R cyrus:mail /var/spool/cyrus | ||
| - | root@gX:~# chown -R cyrus:mail /var/run/cyrus | ||
| - | root@gX:~# chown -R cyrus:mail /var/lib/cyrus | ||
| - | |||
| - | root@gX:~# /etc/init.d/cyrus2.2 restart | ||
| - | </code> | ||
| - | |||
| - | ==== Проверка ==== | ||
| - | <code> | ||
| - | gX# telnet localhost 143 | ||
| - | </code> | ||
| - | ===== Регистрируем в sasl базе данных не kerberos пользователей сервиса IMAP ===== | ||
| - | (соответствующие системные пользователи не обязательны) | ||
| - | <code> | ||
| - | gX# saslpasswd2 -c cyrus | ||
| - | ... | ||
| - | |||
| - | gX# saslpasswd2 -c student | ||
| - | ... | ||
| - | |||
| - | gX# sasldblistusers2 | ||
| - | cyrus@gX.adX.class: userPassword | ||
| - | student@gX.adX.class: userPassword | ||
| - | </code> | ||
| - | Альтернативное решение состоит в использовании системных пользователей, их паролей и службы saslauthd | ||
| - | (см. на примере http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html) | ||
| - | |||
| - | ===== Создаем почтовые ящики всех пользователей сервиса IMAP ===== | ||
| - | <code> | ||
| - | gX# su cyrus | ||
| - | %cyradm localhost | ||
| - | Password: | ||
| - | localhost.class> cm user.root | ||
| - | localhost.class> cm user.uX | ||
| - | localhost.class> lm | ||
| - | user.root (\HasNoChildren) user.uX (\HasNoChildren) | ||
| - | localhost.class> quit | ||
| - | %exit | ||
| - | </code> | ||
| - | |||
| - | ===== Настраиваем MTA на использование доставщика cyrus-imap ===== | ||
| - | |||
| - | ==== FreeBSD (Sendmail) ==== | ||
| - | <code> | ||
| - | [gX:~] # cat /etc/rc.conf | ||
| - | sendmail_enable="YES" | ||
| - | ... | ||
| - | |||
| - | [gX:~] # more /usr/local/share/doc/cyrus-imapd/text/install-configure | ||
| - | |||
| - | [gX:~] # cd /etc/mail | ||
| - | |||
| - | [gX:/etc/mail] # cat gX.adX.class.mc | ||
| - | OSTYPE(freebsd6) | ||
| - | define(`confLOCAL_MAILER', `cyrusv2') | ||
| - | MAILER(local) | ||
| - | MAILER(smtp) | ||
| - | MAILER(`cyrusv2') | ||
| - | |||
| - | [gX:/etc/mail] # make install | ||
| - | ... | ||
| - | |||
| - | [gX:/etc/mail] # /etc/rc.d/sendmail restart | ||
| - | Stopping sendmail. | ||
| - | Starting sendmail. | ||
| - | </code> | ||
| - | |||
| - | ==== Ubuntu (Postfix)==== | ||
| - | <code> | ||
| - | root@gX:~# cat /etc/postfix/main.cf | ||
| - | mailbox_transport = cyrus | ||
| - | |||
| - | root@gX:~# cat /etc/postfix/master.cf | ||
| - | ... | ||
| - | cyrus unix - n n - - pipe | ||
| - | flags=R user=cyrus argv=/usr/sbin/cyrdeliver -e ${user} | ||
| - | |||
| - | root@gX:~# /etc/init.d/postfix restart | ||
| - | </code> | ||
| - | |||
| - | ===== Проверяем связку MTA - cyrys-imap ===== | ||
| - | |||
| - | ==== FreeBSD ==== | ||
| - | <code> | ||
| - | [gX:~] # pkg_add -r cone | ||
| - | [gX:~] # rehash | ||
| - | </code> | ||
| - | |||
| - | ==== Ubuntu ==== | ||
| - | <code> | ||
| - | root@gX:~# apt-get install mailx cone | ||
| - | </code> | ||
| - | |||
| - | ==== FreeBSD/Ubuntu ==== | ||
| - | <code> | ||
| - | gX# mail root | ||
| - | gX# cone | ||
| - | </code> | ||
| - | Настройте cone добавив imap account to localhost | ||
| - | |||
| - | ===== Настройка почтового клиента Thunderbird ===== | ||
| - | <code> | ||
| - | gX# mail uX | ||
| - | </code> | ||
| - | |||
| - | Email адрес: uX@gX.adX.class | ||
| - | |||
| - | При первом запуске Thunderbird отмените получение почты с указанием пароля | ||
| - | |||
| - | Откройте свойства папки uX@gX.adX.class -> Параметры сервера->Использовать защищенную аутентификацию | ||
sspi_gssapi_аутентификация_для_сервиса_imapd.1240301433.txt.gz · Last modified: 2013/05/22 13:50 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
