authcheck, (C) Vladimir Ivaschenko <vi@maks.net>, GPL2 license
http://www.hazard.maks.net/~hazard
--------------------------------------------------------------

Authcheck is a daemon written in Perl which you can use to 
authenticate your mail users against an SQL table. Apart from the
flexbility you get, you can quite easily setup virtual IMAP and POP3.
One of the methods is to change in usernames "@" to "::" and "." to ".", 
so that user with email address "user@domain.com" gets a login 
"user::domain:com".
Then write a small delivery wrapper which does the necessary changes for
address->username conversion and you're done (or if you use exim mailer,
you can use embedded Perl, sample exim.conf configuration is supplied). 
Note that for this setup you will need a modified version of cyrus imap which 
permits ":" in the usernames, I have one available at my homepage.

authcheck requires several Perl modules in order to work, look at the 
source to see which. You can install required modules using
"PERL -MCPAN -e shell" command.

You need to put 3 params in a file called /etc/authcheck.conf:
databasename
user
password 
tablename

Note that each param should be on a separate line.
The 1st param is a DBI connection string, eg. dbi:mysql:dbname:host.

SQL for the table authcheck uses:
 create table emailtab (
 login varchar(80) primary key,
 password varchar(80) not null,
 fname varchar(120),
 lname varchar(120)
)

where login is a login name, password is an encrypted password,
fname and lname are optional fields (first name and lastname).

The passwords are MD5 crypted. I use a special CGI for user
administration of the IMAP accounts - imapadmin.cgi, which you can
find at my homepage or in the sql-auth.tar.gz.

In Cyrus's imapd.conf, you will need to put this:
sasl_pwcheck_method: pwcheck

In inetd.conf, put something like that:
imap    stream  tcp     nowait  cyrus    /usr/sbin/tcpd imapd

Also you will have to compile SASL with pwcheck support, or you can 
get prebuilt RPMs on my homepage.
Another thing to note is that you need to add user "admin" to the SQL
table manually before you can start using administration CGIs (or
other administration software). 

For example, to insert user "admin" with password "1234":
INSERT INTO emailtab VALUES ("admin","gdyb21LQTcIANtvYMT7QVQ");

** Please make sure that only cyrus has access to the /var/pwcheck
** directory (where Unix domain socket is stored), that authcheck has
** correct permissions (most probably, u+rwx only) and that you run authcheck 
** as correct user (it is a very BAD idea to run it as root).

Thanks to Jeremy Howard, the authcheck daemon now supports pre-forking
and has better error detection.

Vladimir Ivaschenko
