configuring cyrus imapd

Our goals are Single sign on and central administration. Therefore cyrus imapd has to be "kerberized" and there should be a possibility to add a mailbox for a user automatically if a new user is crated in OpenLDAP.

kerberizing imapd

These command add principals for imap and pop. is the hostname of the cyrus imapd server:

kadmin.local: addprinc -randkey imap/
kadmin.local: addprinc -randkey pop/
kadmin.local: addprinc -randkey sieve/
kadmin.local: ktadd -k /etc/krb5.keytab.cyrus imap/
kadmin.local: ktadd -k /etc/krb5.keytab.cyrus pop/
kadmin.local: ktadd -k /etc/krb5.keytab.cyrus sieve/
kadmin.local: quit
chown cyrus /etc/krb5.keytab.cyrus

Note: The cyrus imapd server has to be able to read the keytab file. Therefore you should not use the default keytab file.
And to make the cyrus imapd read the kerberos keytab we set the environment variable in the /etc/init.d/cyrus (or however it is named in your distro):

export KRB5_KTNAME

automatically add mailboxes

Fortunately cyrus imapd offers options to add a mailbox if a user authenticates successfully or a mail for a new user arrives. Add these lines to /etc/imapd.conf:

autocreatequota: -1
autocreateinboxfolders: Sent | Drafts | Trash | Junk
createonpost: yes

This creates also some useful folders.