<html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
  <title>INSTALL</title>
  <meta name="generator" content="amaya 8.7, see http://www.w3.org/Amaya/" />
  <!-- $Id: INSTALL.html,v 1.6 2005/07/02 14:48:57 mrsam Exp $ -->
  <!-- Copyright 2004 Double Precision, Inc.  See COPYING for -->
  <!-- distribution information. -->
</head>

<body>
<h1>Table of Contents</h1>

<p>In this document (see INSTALL.html for the formatted version of this
INSTALL file):</p>
<ul>
  <li><a onclick="" href="#Requirements">Requirements</a></li>
  <li><a onclick="" href="#Installation">Installation overview</a></li>
  <li><a onclick="" href="#deps">Dependencies</a></li>
  <li><a onclick="" href="#What">What gets installed</a></li>
  <li><a onclick="" href="#manpage">For more information</a></li>
  <li><a onclick="" href="#Starting">Starting and stopping the authentication
    daemon</a></li>
  <li><a onclick="" href="#Building">Building RPMs</a></li>
  <li><a onclick="" href="#Guidelines">Guidelines for using other package
    managers</a></li>
</ul>

<h2><a name="Requirements" id="Requirements">Requirements</a></h2>

<p>See the README file for a general description of this library. The
following software should be installed before building the Courier
authentication library:</p>
<ul>
  <li>A modern version of gcc (<a onclick=""
    href="http://www.gnu.org/software/gcc/">http://www.gnu.org/software/gcc/</a>)</li>
  <li>The GNU linker (<a onclick=""
    href="http://www.gnu.org/software/binutils/">http://www.gnu.org/software/binutils/</a>)</li>
  <li>Libtool (<a onclick=""
    href="http://www.gnu.org/software/libtool/">http://www.gnu.org/software/libtool/</a>)</li>
  <li>GNU make (<a onclick=""
    href="http://www.gnu.org/software/make/">http://www.gnu.org/software/make/</a>)</li>
  <li>The "<code>expect</code>" command. <code>expect</code> is usually
    included with most systems. <code>Expect</code> can be downloaded from
    <code>http://expect.nist.gov/</code> if it's not installed on your
    system. This utility is used to change system login passwords, by
    scripting the <code>passwd</code> command. If you do not have
    <code>expect</code> installed you will not be able to change system login
    passwords. However non-system authentication modules (LDAP, PostgreSQL,
    and others) will work.</li>
</ul>

<p>Courier-authlib uses Libtool to build shared libraries. Libtool is not
strict required, but Libtool should be installed unless a good -- a very-very
good -- reason exists not to. If Libtool is not installed, a copy of Libtool
in courier-authlib's source will be used. However, this may cause problems
later down the road, if either another Libtool-using package is installed
later, or if Libtool itself is installed. Bottom line: install Libtool.</p>

<p>On non-Linux platforms the GNU linker is also required. Courier-authlib's
build script uses some GNU linker-specific options. It's possible to manually
specify the native linker's equivalent options manually, if they exist. If
the native linker does not have the equivalent options, the GNU linker will
have to be installed.</p>

<p>On the other hand, GNU make will be required in almost every case.
SYSV-derived make variants (probably) will not work.</p>

<p>The same line of logic also applies to gcc. So, strictly speaking, only a
basic C compiler, GNU make and libtool, are really needed to build
courier-authlib. Still, try the following before giving up if problems occur
when building this package:</p>
<ol>
  <li>Install a recent version of the GNU linker</li>
  <li>Install the current version of Libtool</li>
  <li>Install the current version of gcc</li>
</ol>

<h2><a name="Installation" id="Installation">Installation overview</a></h2>

<p>The following sequence of commands should be sufficient to install
courier-authlib in most cases:</p>
<pre>./configure [options] [variable=value]*...
make
make install
make install-migrate
make install-configure</pre>

<blockquote>
  <p><strong>NOTE:</strong> On the BSD family, GNU make is usually the
  'gmake' command. Use the 'gmake' command, instead of 'make'.</p>
</blockquote>

<blockquote>
  <p><strong>NOTE:</strong> It might appear that the <code>configure</code>
  script is stuck in an infinite loop. This is only an optical illusion. The
  <code>configure</code> script takes several minutes to complete. The
  Courier authentication library consists of many small modules, each with
  its own configuration script; and all configuration scripts are built from
  the same template. When they are invoked, one at a time, an illusion of an
  infinite loop appears.</p>
</blockquote>

<p>Courier-authlib is a requirement starting with the following Courier
package versions: Courier 0.48, Courier-IMAP 4.0, SqWebMail 5.0. When
upgrading from earlier versions of these packages, install the
Courier-authlib package first, then upgrade the existing package.</p>

<p>The '<code>make install-migrate</code>' command imports the authentication
configuration from earlier versions of these packages. '<code>make
install-migrate</code>' is not needed otherwise.</p>

<p>The '<code>make install-migrate</code>' command searches all the known
default installation directories for Courier, Courier-IMAP, and SqWebMail,
and imports the older configuration files. If the older versions of these
packages are installed in some unusual, non-standard, directories, the
<code>make install-migrate</code> command won't find them. Instead, copy
those configuration files (<code>authdaemonrc</code>,
<code>authldaprc</code>, <code>authmysqlprc</code>,
<code>authpgsqlprc</code>, and <code>userdb</code>) by hand. <strong>DO NOT
COPY</strong> <code>authdaemonrc.dist</code>, <code>authldaprc.dist</code>,
<code>authmysqlprc.dist</code>, and <code>authpgsqlprc.dist</code>.</p>

<p>After finishing '<code>make install-migrate</code>', the rest of the
installation steps, and after upgrading Courier, Courier-IMAP, or SqWebMail
to the new versions, to avoid future confusion the old copies of these
configuration files (including the <code>.dist</code> files), should be
removed from Courier/Courier-IMAP/SqWebMail's configuration directory. They
now live in Courier-authlib's configuration directory
(<code>/usr/local/etc/authlib</code>, or whatever was specified to the
<code>configure</code> script).</p>

<p>The '<code>make install-configure</code>' command is required; it installs
and updates the configuration files; this command must be executed when
installing Courier-authlib for the first time, and when upgrading from an
older version.</p>

<h3>Configuration options</h3>

<p>The configure script takes the usual <code>autoconf</code> options:
<code>--prefix</code>, <code>--bindir</code>, and the rest of the usual
toolchain options. The default installation directories should be sufficient,
though.</p>

<p><strong>DO NOT USE</strong> the <code>--disable-static</code>, or
<code>--enable-static=no</code> option. Both static and shared library
options must be enabled for courier-authlib to build properly (but see
"Post-installation cleanup" below).</p>

<h4><code>--without-stdheaderdir</code></h4>

<p>The default configuration installs development files in
<code>/usr/local/include</code> (see "What gets installed", below). This
directory is usually in the compiler's search path for header files. This
option must be specified if the compiler does NOT search for header files in
<code>/usr/local/include</code> by default.</p>

<p>This option must also be specified if other configuration options (such as
<code>--prefix</code> or <code>--includedir</code>) specify a different
installation directory, and the new directory is also not searched by the
compiler, by default</p>

<h4><code>--with-mailuser=<em>userid</em>,
--with-mailgroup=<em>groupid</em></code></h4>

<p>"userid" is a reserved system username, "groupid" is a reserved system
groupname. These two options should be used before installing Courier for the
first time. These options are not required before installing Courier-IMAP or
SqWebMail.</p>

<p>These options specify the user/group that will own the configuration
files, and the socket that authentication daemon process listens on. This is
a key part of Courier's security model.</p>

<p>These options should not be necessary if upgrading from an earlier version
of Courier and/or this authentication library. The default userid and groupid
are computed as follows:</p>
<ul>
  <li>If an earlier version of the Courier authentication library is already
    installed in the same directory, the userid and the groupid is the same
    as the earlier version, otherwise:</li>
  <li>If an earlier version of the Courier package is installed (only the
    Courier package, the Courier-IMAP and SqWebMail packages do not carry
    this information), the userid and the groupid is the same as the ones
    used to configure Courier, otherwise:</li>
  <li>The userid is the first userid from the following list which exists in
    the system: courier, daemon, adm, bin, root; and the groupid is the first
    groupid from the following list which exists in the system: courier,
    daemon, adm, sys, root.</li>
</ul>

<p>When installing Courier authentication library for the first time, it is
highly recommended to create a "courier" userid and groupid, so that
specifying these options will not be necessary.</p>

<p>This configure script descends from the old authentication library that
was included in the older Courier, Courier-IMAP, and SqWebMail packages. As
such, it also has many other undocumented options that manually disable
specific authentication modules.</p>

<p><strong>These options are no longer officially documented.</strong>
Individual modules can be disabled after installation, by editing the
<code>authdaemonrc</code> configuration file.</p>

<h4><code>VARIABLE=</code><em><code>value</code></em></h4>

<p>Environment variables may be set either before running the configure
script, or by providing the environment variables as parameters to the
configure script. Example:</p>

<blockquote>
  <pre>./configure --with-mailuser=mail --with-mailgroup=mail \
     CC=/opt/fsf/bin/gcc LDFLAGS=-L/opt/fsf/lib \
     MAKE=gmake</pre>
</blockquote>

<p>The <code>CC</code> environment variable specifies the name of the C
compiler that will be used to compile the authentication library. For some
reason, on this oddball system some system libraries are installed in
<code>/opt/fsf/lib</code>, and the compiler doesn't search this directory by
default. Therefore, the compiler needs the "<code>-L/opt/fsf/lib</code>" to
properly link all programs, and this option is specified in the
<code>LDFLAGS</code> environment variable.</p>

<p>Another possibility is to add the <code>/opt/fsf/bin</code> directory to
the <code>PATH</code> environment variable, prior to running the
<code>configure</code> script. The <code>configure</code> script searches for
all needed software in the current <code>PATH</code>. Explicitly pointing
configure to something, like <code>CC</code>, is only needed if the program
is not already in the default PATH.</p>

<p>Finally, Courier authentication library must be built with GNU make. On
this example system the <code>make</code> command is the old SysV-derived
make, which will not work. GNU make is installed here as the
"<code>gmake</code>" command. The <code>configure</code> script will
ordinarily find the <code>make</code> command and be happy with it, by
mistake. Explicitly setting <code>MAKE</code> to <code>gmake</code> fixes
that (and the human operator also needs to invoke the <code>gmake</code>
command also).</p>

<h2><a name="deps" id="Dependencies">Dependencies</a></h2>

<p>On a minimum, bare-bones system, the Courier authentication library builds
support for garden-variety authentication against system accounts (from the
system's password file, <code>/etc/passwd</code>).</p>

<p>If the <code>configure</code> script detects that certain optional
software components are installed, additional authentication modules will be
built and installed. This chapter describes what needs to be installed in
order to build the optional authentication modules.</p>

<blockquote>
  <p><strong>NOTE:</strong> In all cases, it is not sufficient to install the
  runtime support libraries for the following components. In order to build
  the authentication modules the <strong>DEVELOPMENT LIBRARIES</strong> for
  the following software packages must be installed. The development
  libraries are usually a separate package, that must be installed in
  addition to the package that adds alleged support for the following
  software libraries.</p>
</blockquote>
<ul>
  <li><strong>GDBM or Berkeley DB library</strong> - The <code>userdb</code>
    authentication module will be built if either library is installed. The
    <code>userdb</code> authentication module includes Perl scripts that
    maintain a list of available accounts in plain text files. A Perl script
    then compiles the account list into a binary database, either GDBM or DB,
    which is then used to look up account information.</li>
  <li><strong>OpenLDAP</strong> - The LDAP authentication modules requires
    OpenLDAP client libraries to be installed. Sometimes there's some
    confusion when commercial LDAP servers are used, which come with their
    own development toolkits, which use a different API than OpenLDAP. Even
    if a commercial LDAP server is used to provide LDAP services, OpenLDAP is
    still required to enable LDAP services in Courier.</li>
  <li><strong>MySQL/PostgreSQL</strong> - The MySQL and PostgreSQL
    authentication modules require, obviously, MySQL/PostgreSQL development
    libraries.<br />
  </li>
</ul>

<h2><a name="What" id="What">What gets installed</a></h2>
<ul>
  <li><code>/usr/local/etc/authlib</code> - the configuration files.</li>
  <li><code>/usr/local/sbin</code> - the authdaemond startup script; several
    utility programs (courierlogger, authconfig, authtest, authenumerate);
    and userdb scripts.</li>
  <li><code>/usr/local/lib/courier-authlib</code> - various authentication
    modules, as shared libraries.</li>
  <li><code>/usr/local/libexec/courier-authlib</code> - some miscellaneous
    stuff.</li>
  <li><code>/usr/local/var/authdaemon</code> - a subdirectory that contains
    the filesystem socket which authdaemond listens on.</li>
  <li><code>/usr/local/include</code> - a header file that Courier packages
    will use to build against courier-authlib.</li>
</ul>

<p>Toolchain options to the <code>configure</code> script may be used to
select alternative installation directories for these components.</p>

<h3>Post-installation cleanup</h3>

<p>On most systems, after running <code>make install-configure</code> all
static libraries can be removed from the
<code>/usr/local/lib/courier-authlib</code> directory:</p>

<p><code>rm -rf /usr/local/lib/courier-authlib/*.a</code></p>

<p>The Courier authentication library uses only the shared libraries. The
static versions of the shared libraries are not used. They are installed by
default, via libtool, but are not really needed. On most platforms the
libtool files, "*.la" can also be removed. Do not remove any soft links.</p>

<h2><a name="manpage" id="manpage">For more information</a></h2>

<p>Following "<code>make install</code>", see the <a
href="README_authlib.html"><code>README_authlib.html</code></a> file for
details on setting up the authentication modules. The
<code>README_authlib.html</code> file gets assembled as part of the build
process.</p>

<p>Before proceding to install any other packages, be sure to verify that the
authentication library is working by running the <code>authtest</code>
command, as documented in the <code>README_authlib.html</code> file.</p>

<h2><a name="Starting" id="Starting">Starting and stopping the authentication
daemon</a></h2>

<p>The following command must be added to your system startup script, in
order to initialize the authentication library when booting:</p>
<pre>/usr/local/sbin/authdaemond start</pre>

<p>Similarly, the authentication library can be stopped by the
"<code>authdaemond stop</code>" command. After editing the
<code>authdaemonrc</code> configuration file use "<code>authdaemond
restart</code>" command to reconfigure the daemon process. Systems that use
SYSV-derived initscripts can use the "<code>courier-authlib.sysvinit</code>"
script, which gets built in the source directory, to start and stop
<code>authdaemond</code> when the system boots or halts.</p>

<h2><a name="Building" id="Building">Building RPMs</a></h2>

<p>See <a onclick=""><code>http://www.courier-mta.org/FAQ.html#rpm</code></a>
for instructions on building binary RPMs from the source tarball. Those
instructions will work for this package.</p>

<blockquote>
  <p><strong>NOTE:</strong></p>

  <p>RPM will refuse to build the Courier authentication library unless all
  prerequisite development libraries for LDAP, MySQL, and PostgreSQL are
  installed. <strong>Do not try to hack the RPM build script to ignore these
  dependencies!</strong> For simplicity's and maintainability sake the RPM
  build script creates all available authentication modules. All extra
  authentication modules will be built as <em>optional</em> subpackages. They
  do not have to be installed at runtime. Install the LDAP, MySQL, and
  PostgreSQL development libraries only for the duration of building binary
  RPMs. They can be uninstalled afterwards.</p>
</blockquote>

<h2><a name="Guidelines" id="Guidelines">Guidelines for using other package
managers</a></h2>

<p>The recommended way to build packages can be inferred from the RPM build
script. It is summarized here for convenience:</p>
<ul>
  <li>Decide whether or not Courier-specific userid and groupid needs to be
    created, and, if so, make the necessary arrangements.</li>
  <li>Ensure that all prerequisite development libraries are available.</li>
  <li>Run the <code>configure</code> script, run <code>make</code>, then
    <code>make install</code> as usual.</li>
  <li>Copy the "<code>sysconftool</code>" and "<code>authmigrate</code>"
    scripts somewhere into the installation tree. A good place would be
    <code>%libexecdir%/courier-authlib</code>. This is the '<code>make
    install-migrate</code>' and '<code>make install-upgrade</code>' commands.
    Don't run them at build time. Instead, arrange for the package
    installation script to run the <code>authmigrate</code> script first,
    then "<code>sysconftool %sysconfdir%/authlib/*.dist</code>", after the
    package is installed <strong>OR UPGRADED</strong>.</li>
  <li>The "<code>authdaemond</code>", "<code>authenumerate</code>", and
    "<code>authtest</code>" commands can be renamed, to avoid name
  clashes.</li>
  <li>Remove all static libraries from
  <code>%libdir%/courier-authlib</code>.</li>
</ul>

<p>Now, create the installable packages, as follows:</p>
<ul>
  <li><code>%libdir%/courier-authlib/libauthldap*</code> goes into the LDAP
    subpackage.</li>
  <li><code>%libdir%/courier-authlib/libauthmysql*</code> goes into the MySQL
    subpackage.</li>
  <li><code>%libdir%/courier-authlib/libauthpgsql*</code> goes into the
    PostgreSQL subpackage.</li>
  <li><code>%libdir%/courier-authlib/libauthuserdb*</code> goes into the
    userdb subpackage.</li>
  <li>Everything else can go into the main package. Optionally, the
    <code>courierauthconfig</code> binary, stuff in
    <code>%includedir%</code>, and in <code>%mandir%/man3</code>, can go into
    a devel subpackage.</li>
</ul>

<p></p>
</body>
</html>