Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-0426: How to make IMAP server authenticate AD Users?

Centrify DirectControl ,   Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:12 AM

Applies to: Centrify DirectControl - All Versions

Question: How to make IMAP server authenticate AD Users?

Answer:

In order to make IMAP server authenticate AD users, IMAP application has to be pam enabled, appropriate IMAP entries have to be added into the pam configuration files so that IMAP server can call Centrify PAM modules to authenticate AD Users.

 
If you look at Centrify's modified pam.conf file(At the time of join, Centrify modifies this file to support pam authentication) we are specifying "pam_centrifydc.so" which means you are using Centrify module to authenticate against AD. 

Centrify /etc/pam.conf file (Solaris) 

login auth sufficient pam_centrifydc.so unix_cred 
login auth requisite pam_centrifydc.so deny 

In the vendor's example, they are using "pam_unix.so module", which authenticates user from the system's shadow password file. So you need to replace the module name with ours and leave the rest the same. PAM-lines are read from top to bottom and so these lines need to go on top. Centrify highly recommends customer to take a backup of their existing pam.conf files before they make any changes. Also changes to these files will require you to re-start Centrify and the associated pam-related service which is in this case IMAP and POP3. 
 
In Solaris, its a single file called /etc/pam.conf while Linux has separate files under /etc/pam.d for each of the Pam services. So the files will be /etc/pam.d/pop3 and /etc/pam.d/imap. 

From vendor

imap auth requisite pam_centrifydc.so 
imap auth required pam_centrifydc.so 

 
Notes: Some of the IMAP services doesn't support PAM, so make sure to read about IMAP server documentation to see if it supports PAM. For eg., "UW imap daemon" does not support PAM where as "Dovecot imap/pop3 daemon" has support for PAM.
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.