In this document (see INSTALL.html for the formatted version of this INSTALL file):
See the README file for a general description of this library. The following software should be installed before building the Courier authentication library:
expect
" command. expect
is usually
included with most systems. Expect
can be downloaded from
http://expect.nist.gov/
if it's not installed on your
system. This utility is used to change system login passwords, by
scripting the passwd
command. If you do not have
expect
installed you will not be able to change system login
passwords. However non-system authentication modules (LDAP, PostgreSQL,
and others) will work.Courier-authlib uses Libtool to build shared libraries. Libtool is not strict required, but Libtool should be installed unless a good -- a very-very good -- reason exists not to. If Libtool is not installed, a copy of Libtool in courier-authlib's source will be used. However, this may cause problems later down the road, if either another Libtool-using package is installed later, or if Libtool itself is installed. Bottom line: install Libtool.
On non-Linux platforms the GNU linker is also required. Courier-authlib's build script uses some GNU linker-specific options. It's possible to manually specify the native linker's equivalent options manually, if they exist. If the native linker does not have the equivalent options, the GNU linker will have to be installed.
On the other hand, GNU make will be required in almost every case. SYSV-derived make variants (probably) will not work.
The same line of logic also applies to gcc. So, strictly speaking, only a basic C compiler, GNU make and libtool, are really needed to build courier-authlib. Still, try the following before giving up if problems occur when building this package:
The following sequence of commands should be sufficient to install courier-authlib in most cases:
./configure [options] [variable=value]*... make make install make install-migrate make install-configure
NOTE: On the BSD family, GNU make is usually the 'gmake' command. Use the 'gmake' command, instead of 'make'.
NOTE: It might appear that the
configure
script is stuck in an infinite loop. This is only an optical illusion. Theconfigure
script takes several minutes to complete. The Courier authentication library consists of many small modules, each with its own configuration script; and all configuration scripts are built from the same template. When they are invoked, one at a time, an illusion of an infinite loop appears.
Courier-authlib is a requirement starting with the following Courier package versions: Courier 0.48, Courier-IMAP 4.0, SqWebMail 5.0. When upgrading from earlier versions of these packages, install the Courier-authlib package first, then upgrade the existing package.
The 'make install-migrate
' command imports the authentication
configuration from earlier versions of these packages. 'make
install-migrate
' is not needed otherwise.
The 'make install-migrate
' command searches all the known
default installation directories for Courier, Courier-IMAP, and SqWebMail,
and imports the older configuration files. If the older versions of these
packages are installed in some unusual, non-standard, directories, the
make install-migrate
command won't find them. Instead, copy
those configuration files (authdaemonrc
,
authldaprc
, authmysqlprc
,
authpgsqlprc
, and userdb
) by hand. DO NOT
COPY authdaemonrc.dist
, authldaprc.dist
,
authmysqlprc.dist
, and authpgsqlprc.dist
.
After finishing 'make install-migrate
', the rest of the
installation steps, and after upgrading Courier, Courier-IMAP, or SqWebMail
to the new versions, to avoid future confusion the old copies of these
configuration files (including the .dist
files), should be
removed from Courier/Courier-IMAP/SqWebMail's configuration directory. They
now live in Courier-authlib's configuration directory
(/usr/local/etc/authlib
, or whatever was specified to the
configure
script).
The 'make install-configure
' command is required; it installs
and updates the configuration files; this command must be executed when
installing Courier-authlib for the first time, and when upgrading from an
older version.
The configure script takes the usual autoconf
options:
--prefix
, --bindir
, and the rest of the usual
toolchain options. The default installation directories should be sufficient,
though.
DO NOT USE the --disable-static
, or
--enable-static=no
option. Both static and shared library
options must be enabled for courier-authlib to build properly (but see
"Post-installation cleanup" below).
--without-stdheaderdir
The default configuration installs development files in
/usr/local/include
(see "What gets installed", below). This
directory is usually in the compiler's search path for header files. This
option must be specified if the compiler does NOT search for header files in
/usr/local/include
by default.
This option must also be specified if other configuration options (such as
--prefix
or --includedir
) specify a different
installation directory, and the new directory is also not searched by the
compiler, by default
--with-mailuser=userid,
--with-mailgroup=groupid
"userid" is a reserved system username, "groupid" is a reserved system groupname. These two options should be used before installing Courier for the first time. These options are not required before installing Courier-IMAP or SqWebMail.
These options specify the user/group that will own the configuration files, and the socket that authentication daemon process listens on. This is a key part of Courier's security model.
These options should not be necessary if upgrading from an earlier version of Courier and/or this authentication library. The default userid and groupid are computed as follows:
When installing Courier authentication library for the first time, it is highly recommended to create a "courier" userid and groupid, so that specifying these options will not be necessary.
This configure script descends from the old authentication library that was included in the older Courier, Courier-IMAP, and SqWebMail packages. As such, it also has many other undocumented options that manually disable specific authentication modules.
These options are no longer officially documented.
Individual modules can be disabled after installation, by editing the
authdaemonrc
configuration file.
VARIABLE=
value
Environment variables may be set either before running the configure script, or by providing the environment variables as parameters to the configure script. Example:
./configure --with-mailuser=mail --with-mailgroup=mail \ CC=/opt/fsf/bin/gcc LDFLAGS=-L/opt/fsf/lib \ MAKE=gmake
The CC
environment variable specifies the name of the C
compiler that will be used to compile the authentication library. For some
reason, on this oddball system some system libraries are installed in
/opt/fsf/lib
, and the compiler doesn't search this directory by
default. Therefore, the compiler needs the "-L/opt/fsf/lib
" to
properly link all programs, and this option is specified in the
LDFLAGS
environment variable.
Another possibility is to add the /opt/fsf/bin
directory to
the PATH
environment variable, prior to running the
configure
script. The configure
script searches for
all needed software in the current PATH
. Explicitly pointing
configure to something, like CC
, is only needed if the program
is not already in the default PATH.
Finally, Courier authentication library must be built with GNU make. On
this example system the make
command is the old SysV-derived
make, which will not work. GNU make is installed here as the
"gmake
" command. The configure
script will
ordinarily find the make
command and be happy with it, by
mistake. Explicitly setting MAKE
to gmake
fixes
that (and the human operator also needs to invoke the gmake
command also).
On a minimum, bare-bones system, the Courier authentication library builds
support for garden-variety authentication against system accounts (from the
system's password file, /etc/passwd
).
If the configure
script detects that certain optional
software components are installed, additional authentication modules will be
built and installed. This chapter describes what needs to be installed in
order to build the optional authentication modules.
NOTE: In all cases, it is not sufficient to install the runtime support libraries for the following components. In order to build the authentication modules the DEVELOPMENT LIBRARIES for the following software packages must be installed. The development libraries are usually a separate package, that must be installed in addition to the package that adds alleged support for the following software libraries.
userdb
authentication module will be built if either library is installed. The
userdb
authentication module includes Perl scripts that
maintain a list of available accounts in plain text files. A Perl script
then compiles the account list into a binary database, either GDBM or DB,
which is then used to look up account information./usr/local/etc/authlib
- the configuration files./usr/local/sbin
- the authdaemond startup script; several
utility programs (courierlogger, authconfig, authtest, authenumerate);
and userdb scripts./usr/local/lib/courier-authlib
- various authentication
modules, as shared libraries./usr/local/libexec/courier-authlib
- some miscellaneous
stuff./usr/local/var/authdaemon
- a subdirectory that contains
the filesystem socket which authdaemond listens on./usr/local/include
- a header file that Courier packages
will use to build against courier-authlib.Toolchain options to the configure
script may be used to
select alternative installation directories for these components.
On most systems, after running make install-configure
all
static libraries can be removed from the
/usr/local/lib/courier-authlib
directory:
rm -rf /usr/local/lib/courier-authlib/*.a
The Courier authentication library uses only the shared libraries. The static versions of the shared libraries are not used. They are installed by default, via libtool, but are not really needed. On most platforms the libtool files, "*.la" can also be removed. Do not remove any soft links.
Following "make install
", see the README_authlib.html
file for
details on setting up the authentication modules. The
README_authlib.html
file gets assembled as part of the build
process.
Before proceding to install any other packages, be sure to verify that the
authentication library is working by running the authtest
command, as documented in the README_authlib.html
file.
The following command must be added to your system startup script, in order to initialize the authentication library when booting:
/usr/local/sbin/authdaemond start
Similarly, the authentication library can be stopped by the
"authdaemond stop
" command. After editing the
authdaemonrc
configuration file use "authdaemond
restart
" command to reconfigure the daemon process. Systems that use
SYSV-derived initscripts can use the "courier-authlib.sysvinit
"
script, which gets built in the source directory, to start and stop
authdaemond
when the system boots or halts.
See http://www.courier-mta.org/FAQ.html#rpm
for instructions on building binary RPMs from the source tarball. Those
instructions will work for this package.
NOTE:
RPM will refuse to build the Courier authentication library unless all prerequisite development libraries for LDAP, MySQL, and PostgreSQL are installed. Do not try to hack the RPM build script to ignore these dependencies! For simplicity's and maintainability sake the RPM build script creates all available authentication modules. All extra authentication modules will be built as optional subpackages. They do not have to be installed at runtime. Install the LDAP, MySQL, and PostgreSQL development libraries only for the duration of building binary RPMs. They can be uninstalled afterwards.
The recommended way to build packages can be inferred from the RPM build script. It is summarized here for convenience:
configure
script, run make
, then
make install
as usual.sysconftool
" and "authmigrate
"
scripts somewhere into the installation tree. A good place would be
%libexecdir%/courier-authlib
. This is the 'make
install-migrate
' and 'make install-upgrade
' commands.
Don't run them at build time. Instead, arrange for the package
installation script to run the authmigrate
script first,
then "sysconftool %sysconfdir%/authlib/*.dist
", after the
package is installed OR UPGRADED.authdaemond
", "authenumerate
", and
"authtest
" commands can be renamed, to avoid name
clashes.%libdir%/courier-authlib
.Now, create the installable packages, as follows:
%libdir%/courier-authlib/libauthldap*
goes into the LDAP
subpackage.%libdir%/courier-authlib/libauthmysql*
goes into the MySQL
subpackage.%libdir%/courier-authlib/libauthpgsql*
goes into the
PostgreSQL subpackage.%libdir%/courier-authlib/libauthuserdb*
goes into the
userdb subpackage.courierauthconfig
binary, stuff in
%includedir%
, and in %mandir%/man3
, can go into
a devel subpackage.