mod_auth_imap

Why: This facility allows a person to specify users on an email server in a .htaccess file. Our application for this is in class websites at Southern Adventist University. Advantages include:

  1. Class website contents can be restricted to students of the classes.
  2. The teacher doesn't have to maintain a separate password set for students.
  3. Students do not have to handle passwords for their classes.
  4. Students may change passwords using protocols set up by IS, without any teacher intervention (or even knowledge).
  5. The teacher can manage the list of individuals on the authorized list easily.

If you are a user (e.g. teacher) and not the system administrator, skip to the User Implementationsection of this document.

Installation

(assuming Debian Sarge)

  1. In order to install mod_auth_imap, you must first have apxs available. This is part of the apache_dev module. You'll need the C++ compiler too. Don't worry about the kernel compability error message when you install gcc:

    # apt-get install apache-dev
    # apt-get install gcc

  2. Next you need to obtain mod_auth_imap. It's at http://freshmeat.net/mod_auth_imap or you can get it here. That means copy it to your PC, then use SSH file transfer to send it to the LINUX box.
  3. Uncompress the archive: (Note: After typing mod_ you can use a tab to fill out the rest of the filename)
    # gunzip mod_auth_imap-current.tar.gz
  4. That leaves you with a .tar file. Now you need to unpack that into the pieces that will be needed for installation..
    # tar -xvf mod_auth_imap-current.tar.gz
  5. Now for the actual install. First cd into the directory created by the previous command, then::
    # apxs -i -a -c mod_auth_imap.c
  6. (If this line is already in httpd.conf, you don't have to add it.) You are given suggested configuration files. Ignore the file intended for appending to httpd.conf. Instead, insert the following line at the end of the LoadModule section (just before the string "ExtendedStatus").

    LoadModule auth_imap_module /usr/lib/apache/1.3/mod_auth_imap.so

  7. Restart Apache:
    # apachectl restart

User Implementation

You'll be creating a .htaccess file to place in the directory you wish to protect. Here is an example that allows any user at SAU in:

#Turn on IMAP Authentication
Auth_IMAP_Enabled on

#Give a name to the authentication domain, whatever you want:
AuthName "SAU Email username and password"

#Only basic authentication is supported for now:
AuthType Basic

#If you feel like it, restrict the users or allow all valid users:
Require valid-user
#Make IMAP Authentication authoritative for this .htaccess file:
Auth_IMAP_Authoritative on

#Set the IMAP Server to which you want to connect (default=localhost):
Auth_IMAP_Server imap.southern.edu

#Set the port on which the imap server is running (default=143):
Auth_IMAP_Port 143

#Turn on some extra logging (login attempts, etc.) in Apache's Error Log
Auth_IMAP_Log on

If you want a specific user list to apply, change the "require" line to start with "require user" then a list of space-delimited email usernames. Don't forget to include your own. For example:
require user jbeckett bruckner urbina wmunger haltermn tyson dwilliam