IMAP password different from your `/etc/shadow` password
By default, courier-imap uses PAM for authentication. Since PAM is plugable and awesome, it can be configured so that IMAP connections authenticate against a secondary password that differs from your unix login password in /etc/shadow. First you need to sudo aptitude install libpam-dotfile. Then, edit /etc/pam.d/imap.
If you're running etch, you'll need to replace
auth required pam_unix.so nullok account required pam_unix.so password required pam_unix.so session required pam_unix.so
and if you're on lenny, you'll need to replace
@include common-auth @include common-account @include common-password @include common-session
Whatever the case may be, change those lines to read
auth sufficient pam_unix_auth.so auth sufficient pam_dotfile.so use_first_pass no_warn auth required pam_deny.so
Now from each user account, you can execute pam-dotfile-gen -a imap to set up a second password for that user. The password will only work for imap connections, though unix password will still work as well. The password is stored in ~/.pam-imap in a hashed way. See /usr/share/doc/libpam-dotfile/README.gz for more info.
Renewing SSL certificates
The SSL certificate for Courier IMAP Daemon periodically expires, causing client applications to refuse further communication. To renew the certificate:
# go to the config dir cd /etc/courier/ # move the old certificate out of the way sudo mv -i imapd.pem imapd.pem.expired_N # (where you increment N each time you do this) # create the new certificate sudo mkimapdcert