I'm also exploring Fully Automated Install.
- Do a base install
- Follow the Configuration instructions for SASL/GSSAPI.
- apt-get install sudo apache libapache-mod-perl libapache-mod-ssl postgresql-contrib libdbd-pg-perl perlmagick less ntp cyrus-imapd libpam-krb5 amanda-client mailmanHad to do apt-get -b source libapache-mod-perl on another machine since it was compiled for 5.6.0 and 5.6.1 was installed.
- Create key: openssl req -new -x509 -nodes -out /etc/ssl/certs/server.pem -keyout /etc/ssl/private/server.pem -days 365
- Set up openldap:
- Install this slapd package
- Use this /etc/ldap/slapd.conf
- Use this /etc/ldap/access.conf
- Create ldif table and import it. To enable admin, you will need a group with oc=groupOfNames at cn=ldap-adm,ou=Groups,o=top with the member attributes pointing to the DN's of the users who are admins.
- Set up pam_ldap and libnss_ldap:
- Install this libpam-ldap package.
- Use this pam_ldap.confand this libnss-ldap.conf.
- Sprinkle pam_ldap.so throughout /etc/pam.d in many places where you see pam_unix.so. Put it after the pam_unix.so, make it "required" (instead of "required") and put 'use_first_pass' after pam_unix.so for the "auth" line.
- Set up pam_krb5 for shell logins (TODO)
- Set up exim:
- Resource: http://www.bastard.net/~kos/mailrouter/
- Install exim-tls-perl package.
- create exim kerb key and put it in krb5.keytaab (ank -randkey exim/staging.everybody.org; ktadd exim/staging.everybody.org)
- Set up cyrus imapd:
- Add these cyrus packages: cyrus2-admin, cyrus2-common, cyrus2-imapd, cyrus2-pop3d.
- Set up apache:
- Install these no-expat apache packages: apache-no-expat-common, apache-no-expat, libapache-mod-dav-shared-expat.
- Install these apache modules: libapache-mod-perl, libapache-mod-auth-ldap libapache-mod-auth-kerb libapache-album-perl
TODO
- Set up krb5 keys so that the various servers can do lookups off ldap without having to allow anon access.
