Good evening,
about 2.5 years ago I presented the first public version of pam_mapi. If you don't know pam_mapi, please read my initial introduction e-mail at https://lists.fedoraproject.org/pipermail/zarafa-announce/2011-November/0000...
Today I am happy to announce pam_mapi 0.2.0 - which is supporting Zarafa's feature management. What does this mean? Since Zarafa 7.0.0 some features can be enabled and disabled on a per-user basis. If e.g. IMAP is disabled for a specific user any IMAP login will fail. More about this can be read in the Zarafa documentation, section "8.7. Zarafa Feature management" at http://doc.zarafa.com/7.1/Administrator_Manual/en-US/html/_FeatureManagement...
This feature management can be now optionally applied to pam_mapi for e.g. SMTP authentication. But so far even if both, IMAP and POP3 were disabled, pam_mapi was still succeeding authentication and thus allowing to relay e-mails. If this is unwished the new argument "service=pop3|imap" can now be added to the PAM configuration file /etc/pam.d/smtp. This requires that either POP3 or IMAP is enabled to pass authentication.
Valid values for the "service" argument are values from "disabled_features" in /etc/zarafa/server.cfg. Multiple services can be listed using the pipe character ("|") and behave like a digital logic OR gate.
Configuration example for /etc/pam.d/smtp when authenticating only against Zarafa users while the IMAP feature must be enabled in Zarafa:
#%PAM-1.0 auth required pam_mapi.so try_first_pass service=imap account required pam_mapi.so
More configuration examples are available in the documentation of pam_mapi.
Of course pam_mapi still supports Zarafa versions before 7.0.0 - however without feature/service management (and without unicode). The oldest with pam_mapi 0.2.0 tested Zarafa version is 6.20; the release where Zarafa got Open Source.
The installation of pam_mapi on Fedora or Red Hat Enterprise Linux can be simply performed via "yum". Note, that for Red Hat Enterprise Linux and derivates like CentOS, the repository Extra Packages for Enterprise Linux (EPEL) has to be enabled: https://fedoraproject.org/wiki/EPEL/FAQ#howtouse
yum install -y pam_mapi
Until the updated package is available in the repositories, just download it manually from https://admin.fedoraproject.org/updates/search/pam_mapi.
More information regarding configuration and possible options can be found in the man page:
man pam_mapi
In case you need help, you could write an e-mail to the Zarafa mailing list at the Fedora Project on https://lists.fedoraproject.org or you could join the IRC network Freenode on channel #zarafa.
And if you should find bugs or issues, please fill a bug report in Red Hat Bugzilla as described here:
https://fedoraproject.org/wiki/Zarafa#Bugs
Your feedback is very much appreciated.
Greetings, Robert
zarafa@lists.fedoraproject.org