Good evening,
about 2.5 years ago I presented the first public version of pam_mapi. If
you don't know pam_mapi, please read my initial introduction e-mail at
https://lists.fedoraproject.org/pipermail/zarafa-announce/2011-November/000027.html
Today I am happy to announce pam_mapi 0.2.0 - which is supporting Zarafa's
feature management. What does this mean? Since Zarafa 7.0.0 some features
can be enabled and disabled on a per-user basis. If e.g. IMAP is disabled
for a specific user any IMAP login will fail. More about this can be read
in the Zarafa documentation, section "8.7. Zarafa Feature management" at
http://doc.zarafa.com/7.1/Administrator_Manual/en-US/html/_FeatureManagement.html
This feature management can be now optionally applied to pam_mapi for e.g.
SMTP authentication. But so far even if both, IMAP and POP3 were disabled,
pam_mapi was still succeeding authentication and thus allowing to relay
e-mails. If this is unwished the new argument "service=pop3|imap" can now
be added to the PAM configuration file /etc/pam.d/smtp. This requires that
either POP3 or IMAP is enabled to pass authentication.
Valid values for the "service" argument are values from "disabled_features"
in /etc/zarafa/server.cfg. Multiple services can be listed using the pipe
character ("|") and behave like a digital logic OR gate.
Configuration example for /etc/pam.d/smtp when authenticating only against
Zarafa users while the IMAP feature must be enabled in Zarafa:
#%PAM-1.0
auth required pam_mapi.so try_first_pass service=imap
account required pam_mapi.so
More configuration examples are available in the documentation of pam_mapi.
Of course pam_mapi still supports Zarafa versions before 7.0.0 - however
without feature/service management (and without unicode). The oldest with
pam_mapi 0.2.0 tested Zarafa version is 6.20; the release where Zarafa got
Open Source.
The installation of pam_mapi on Fedora or Red Hat Enterprise Linux can be
simply performed via "yum". Note, that for Red Hat Enterprise Linux and
derivates like CentOS, the repository Extra Packages for Enterprise Linux
(EPEL) has to be enabled: https://fedoraproject.org/wiki/EPEL/FAQ#howtouse
yum install -y pam_mapi
Until the updated package is available in the repositories, just download
it manually from https://admin.fedoraproject.org/updates/search/pam_mapi.
More information regarding configuration and possible options can be found
in the man page:
man pam_mapi
In case you need help, you could write an e-mail to the Zarafa mailing list
at the Fedora Project on https://lists.fedoraproject.org or you could join
the IRC network Freenode on channel #zarafa.
And if you should find bugs or issues, please fill a bug report in Red Hat
Bugzilla as described here:
https://fedoraproject.org/wiki/Zarafa#Bugs
Your feedback is very much appreciated.
Greetings,
Robert
No comments:
Post a Comment