I feel happy to announce that I have built NSS support for IndiMail
It is based on a patch on libnss-mysql at sourceforge.net. IndiMail is
mail server which patches qmail to integrate qmail-smtpd (auth,
relay,etc), qmail-local, qmail-remote, with IndiMail's MySQL database.
The patch should work for vpopmail as the schema for the user
database is the same (just change the sql statement in config file)
The patch is standalone and can easily adapted or adopted for your own
NSS stands for NameService Switch. NSS allows you to implement access
to various data using any number of modules. This means that when the
operating system wants to look any user, it doesn't have to know how -
it calls upon the NSS system to perform the task.
One can write modules for NSS to look for users in places other
than /etc/passwd, /etc/shadow.
The NSS API is the backend for lookup routines like getpwnam(),
Almost all IMAP servers that I know of have modules to authenticate
users out of /etc/passwd, /etc/shadow, etc. By using NSS, authentication
of IMAP servers can be extended to use databases like MySQL, LDAP.
You can download the libnss-mysql at
and the patch for IndiMail at
to build NSS support for Indimail. For other mail servers, you may
want to change the SQL statement in the libnss-mysql.cfg configuration
libnss-mysql and this patch allows an Imap Server like the courier imap
to use the authpam module shipped with it without changing a single line
The patch builds support for PAM routines to authenticate users against
IndiMail's MySQL database. I have tested this with courier imap's
Installation involves familiar ./configure; make; make install
Configuration involves putting 2 files in /etc
This file specifies the SQL statement for selecting a user from
a MySQL database
This file specifies connection parameters for connecting to your
c) modifying /etc/nsswitch.conf and have the two lines below
passwd: files mysql
shadow: files mysql
Two big advantage as I see it
1) the function getpwnam() gets extended and applications which use
this routine automatically gets extended for user lookups in
2) You can run the Name Service Cache Daemon (/usr/sbin/nscd) on linux.
nscd gives you good performance boost by caching repeated requests.
You can modify the SQL statement in the file /etc/libnss-mysql.cfg to
use your own specific MySQL database.
You can compile a small tester program to test
users in your own MySQL databse.
(do gcc try.c -o try to compile)
Very few profundities can be expressed in less than 80 characters.