Skip to content
Permalink
Browse files

Add an ssl_pam variant. This uses a development snapshot of the IMAP-UW

code, which is why it's a variant and not the default for Panther.  Once
the code goes stable, the port will be updated to use it by default.  If
people feel strongly enough that it should be the default now, please
let me know and I'll change it.

Bug:
Submitted by:		rshaw
Reviewed by:
Approved by:
Obtained from:

git-svn-id: https://svn.macports.org/repository/macports/trunk/dports@4228 d073be05-634f-4543-b044-5fe20cf6d1d6
  • Loading branch information
Jim Mock
Jim Mock committed Dec 16, 2003
1 parent 4dbd38a commit 4351392fcf0de0c2919e8853a44ba24abed40d85
@@ -1,9 +1,9 @@
# $Id: Portfile,v 1.12 2003/11/17 21:20:00 jkh Exp $
# $Id: Portfile,v 1.13 2003/12/16 07:04:24 mij Exp $

PortSystem 1.0
name imap-uw
version 2002e
revision 1
revision 2
categories mail
maintainers mij@opendarwin.org
description University of Washington IMAP daemon
@@ -24,11 +24,29 @@ configure {}
build.target osx

platform darwin 7 { patchfiles patch-src-osdep-unix-Makefile \
patch-src-osdep-unix-ckp_osx.c }
patch-src-osdep-unix-ckp_osx.c }

variant ssl_plain { patchfiles patch-Makefile
build.args SSLTYPE=unix }

variant ssl_pam { version 2003.DEV.SNAP-0312072251
distname imap-${version}
checksums md5 cb1cee5c5970d76f0a1f59987318a9af
depends_lib lib:libssl.0.9:openssl
patchfiles patch-Makefile
build.target oxp
post-destroot { file mkdir ${destroot}${prefix}/share/doc/${name}
file copy ${filespath}/README-MACOSX \
${filespath}/etc-pam.d-imap \
${filespath}/etc-xinetd.d-imap \
${filespath}/etc-xinetd.d-imaps \
${destroot}${prefix}/share/doc/${name}/
reinplace "s|__PREFIX|${prefix}|" \
${filespath}/README-MACOSX \
${destroot}${prefix}/share/doc/${name}/etc-xinetd.d-imap \
${destroot}${prefix}/share/doc/${name}/etc-xinetd.d-imaps
ui_msg "For setup of IMAP-UW using SSL and PAM on Mac OS X 10.3, please see\n${prefix}/share/doc/${name}/README-MACOSX for details." } }

variant mbx { build.args-append CREATEPROTO=mbxproto }

variant subdir { patchfiles-append patch-env_unix.c }
@@ -0,0 +1,68 @@
IMAP-UW Darwin/Mac OS X 10.3 README
Author: Robert Shaw <rshaw@opendarwin.org>

Tested with IMAP-UW version 2003.DEV.SNAP-0312072251 on Mac OS X 10.3.1
Built and installed using:
sudo port install imap-uw +ssl_pam +subdir

This file outlines the set of steps needed to enable use of IMAP-UW with
SSL using PAM on a Mac OS X (or Darwin) 10.3 system. Most of the
information provided here was gathered from the following web pages:

http://www.theatrain.net/pantherimaps.html
http://www.macosxhints.com/article.php?story=20031023144031331
http://www.macosxhints.com/article.php?story=20031202115248100
http://docs.info.apple.com/article.html?artnum=25593

First, we need to enable PAM support for IMAP by creating the
appropriate IMAP PAM setup file:

sudo cp /opt/local/share/doc/imap-uw/etc-pam.d-imap /etc/pam.d/imap

NOTE: POP can be similarly enabled. See above web links for further
details if desired.

Next, we need to enable XINETD to handle incoming IMAP or IMAPS requests
by creating the appropriate XINETD setup files:

sudo cp /opt/local/share/doc/imap-uw/etc-xinetd.d-imap /etc/xinetd.d/imap
sudo cp /opt/local/share/doc/imap-uw/etc-xinetd.d-imaps /etc/xinetd.d/imaps

Now, we need to tell XINETD to re-read the available services by sending
it a HUP signal:

sudo kill -HUP `cat /var/run/xinetd.pid`

To enable SSL authentication to the IMAP-UW server, we need to also
create a SSL certificate:

cd /System/Library/OpenSSL/certs
sudo openssl req -new -x509 -nodes -out imapd.pem -keyout imapd.pem -days 3650

NOTE: It is IMPORTANT that you use your server's hostname (e.g. the same
name you enter in the "Incoming Mail Server" field of Mail.app) for the
"Common Name" prompt when creating this certificate. Otherwise, the next
step won't work right, and Mail.app will always ask you to confirm
acceptance of this certificate everytime you login to the IMAP-UW
server.

Finally, to prevent Mail.app from continually asking about your
self-signed certificate everytime you connect to the server, you can do
the following to load the certificate into your keychain:

1. Click "Show certificate" when Mail asks if you want to accept the
certificate.

2. Press the Option key while dragging the certificate to the desktop.
The certificate's icon appears on the desktop.

3. Add the certificate to your keychain by dragging its icon on top of
Keychain Access. Note: Keychain Access is located in the Utilities
folder (/Applications/Utilities).

4. When Keychain Access opens, you may be prompted to select a
certificate type. If this happens, choose X509 Anchors.

NOTE: This "import" of the certificate will need to be done on each
client that you use to access the IMAP-UW server.

@@ -0,0 +1,8 @@
# imap : auth account password session
auth required pam_nologin.so
auth sufficient pam_securityserver.so
auth sufficient pam_unix.so
auth required pam_deny.so
account required pam_permit.so
password required pam_deny.so
session required pam_uwtmp.so
@@ -0,0 +1,13 @@
service imap
{
disable = no
socket_type = stream
wait = no
user = root
server = __PREFIX/sbin/imapd
groups = yes
log_on_success += DURATION USERID
log_on_failure += USERID
flags = NOLIBWRAP
}

@@ -0,0 +1,13 @@
service imaps
{
disable = no
socket_type = stream
wait = no
user = root
server = __PREFIX/sbin/imapd
groups = yes
log_on_success += DURATION USERID
log_on_failure += USERID
flags = NOLIBWRAP
}

0 comments on commit 4351392

Please sign in to comment.
You can’t perform that action at this time.