HTTP based authentication is the most common and easy-to-setup way of protecting content in apache. But with normal
.htaccess/.htpasswd based protection, the problem is, .htpasswd file should be present in the webserver's filesystem, and in most cases those users are not local unix users.
mod_auth_imap attempts to overcome this limitation by allowing apache to authenticate against an IMAP server, local/remote/whatever. Setting up authentication with mod_auth_imap is also straightforward.
- Download the mod_auth_imap tarball from http://ben.brillat.net/projects/mod_auth_imap/, and extract the contents.
- Make sure apxs is installed (its available in apache2-dev package in debian)
- Run # apxs -i -a -c mod_auth_imap.c as root user to build the apache module and install it in apache.
- Make sure that mod_auth_imap module is enabled in your apache configuration.
An example .htaccess file will look like this.
#Turn on IMAP Authentication
Auth_IMAP_Enabled on
AuthName "Use IMAP username to login"
AuthType Basic
# Turn off Basic auth. We'll make IMAP as authoritative.
AuthBasicAuthoritative Off
#If you feel like it, restrict the users or allow all valid users:
# Require user foouser
Require valid-user
#Make IMAP Authentication authoritative for this .htaccess file:
Auth_IMAP_Authoritative on
Auth_IMAP_Server imap.example.org
Auth_IMAP_Port 143
Auth_IMAP_Log on
