IMAP password different from your `/etc/shadow` password

By default, courier-imap uses PAM for authentication. Since PAM is plugable and awesome, it can be configured so that IMAP connections authenticate against a secondary password that differs from your unix login password in /etc/shadow. First you need to sudo aptitude install libpam-dotfile. Then, edit /etc/pam.d/imap.

If you're running etch, you'll need to replace

auth            required       pam_unix.so      nullok
account         required       pam_unix.so
password        required       pam_unix.so
session         required       pam_unix.so

and if you're on lenny, you'll need to replace

@include common-auth
@include common-account
@include common-password
@include common-session

Whatever the case may be, change those lines to read

auth sufficient pam_unix_auth.so
auth sufficient pam_dotfile.so use_first_pass no_warn
auth required pam_deny.so

Now from each user account, you can execute pam-dotfile-gen -a imap to set up a second password for that user. The password will only work for imap connections, though unix password will still work as well. The password is stored in ~/.pam-imap in a hashed way. See /usr/share/doc/libpam-dotfile/README.gz for more info.

Renewing SSL certificates

The SSL certificate for Courier IMAP Daemon periodically expires, causing client applications to refuse further communication. To renew the certificate:

# go to the config dir
cd /etc/courier/
# move the old certificate out of the way
sudo mv -i imapd.pem imapd.pem.expired_N  # (where you increment N each time you do this)
# create the new certificate
sudo mkimapdcert

References:

DebianNotes/CourierImap (last edited 2010-06-05 20:55:56 by MrGreen)