I feel happy to announce that I have built NSS support for IndiMail

It is based on a patch on libnss-mysql at sourceforge.net. IndiMail is
mail server which patches qmail to integrate qmail-smtpd (auth,
relay,etc), qmail-local, qmail-remote, with IndiMail's MySQL database.
The patch should work for vpopmail as the schema for the user
database is the same (just change the sql statement in config file)

The patch is standalone and can easily adapted or adopted for your own
MySQL database.

NSS stands for NameService Switch.  NSS allows you to implement access
to various data using any number of modules.  This means that when the
operating system wants to look any user, it doesn't have to know how -
it calls upon the NSS system to perform the task. 

One can write modules for NSS to look for users in places other
than /etc/passwd, /etc/shadow.

The NSS API is the backend for lookup routines like getpwnam(),
getpwuid(), etc

Almost all IMAP servers that I know of have modules to authenticate
users out of /etc/passwd, /etc/shadow, etc. By using NSS, authentication
of IMAP servers can be extended to use databases like MySQL, LDAP.

You can download the libnss-mysql at

and the patch for IndiMail at

to build NSS support for Indimail. For other mail servers, you may
want to change the SQL statement in the libnss-mysql.cfg configuration

libnss-mysql and this patch allows an Imap Server like the courier imap
to use the authpam module shipped with it without changing a single line
of courier-imap.

The patch builds support for PAM routines to authenticate users against
IndiMail's MySQL database. I have tested this with courier imap's

Installation involves familiar ./configure; make; make install
Configuration involves putting 2 files in /etc
a) libnss-mysql.cfg
   This file specifies the SQL statement for selecting a user from
   a MySQL database
b) libnss-mysql-root.cfg
   This file specifies connection parameters for connecting to your
   MySQL database
c) modifying /etc/nsswitch.conf and have the two lines below
   passwd:     files mysql
   shadow:     files mysql

Two big advantage as I see it
1) the function getpwnam() gets extended and applications which use
   this routine automatically gets extended for user lookups in
   MySQL database
2) You can run the Name Service Cache Daemon (/usr/sbin/nscd) on linux.
   nscd gives you good performance boost by caching repeated requests.

You can modify the SQL statement in the file /etc/libnss-mysql.cfg to
use your own specific MySQL database.

You can compile a small tester program to test
users in your own MySQL databse.
(do gcc try.c -o try to compile)



Very few profundities can be expressed in less than 80 characters.


Reply via email to