IMAP-UW Darwin/Mac OS X 10.3 README
Author: Robert Shaw <rshaw@opendarwin.org>

Tested with IMAP-UW version 2004 and version 2004a.DEV.SNAP-0405261606 (variant
+devel) on Mac OS X 10.3.4.

Built and installed using:
  sudo port install imap-uw +ssl_pam +subdir
OR
  sudo port install imap-uw +ssl_pam +subdir +devel

This file outlines the set of steps needed to enable use of IMAP-UW with
SSL using PAM on a Mac OS X (or Darwin) 10.3 system. Most of the
information provided here was gathered from the following web pages:

  http://www.theatrain.net/pantherimaps.html
  http://www.macosxhints.com/article.php?story=20031023144031331
  http://www.macosxhints.com/article.php?story=20031202115248100
  http://docs.info.apple.com/article.html?artnum=25593

First, we need to enable PAM support for IMAP by creating the
appropriate IMAP PAM setup file:

  sudo cp /opt/local/share/doc/imap-uw/etc-pam.d-imap /etc/pam.d/imap

NOTE: POP can be similarly enabled. See above web links for further
details if desired.

Next, we need to enable XINETD to handle incoming IMAP or IMAPS requests
by creating the appropriate XINETD setup files:

  sudo cp /opt/local/share/doc/imap-uw/etc-xinetd.d-imap  /etc/xinetd.d/imap
  sudo cp /opt/local/share/doc/imap-uw/etc-xinetd.d-imaps /etc/xinetd.d/imaps

Now, we need to tell XINETD to re-read the available services by sending
it a HUP signal:

  sudo kill -HUP `cat /var/run/xinetd.pid`

To enable SSL authentication to the IMAP-UW server, we need to also
create a SSL certificate:

  cd /System/Library/OpenSSL/certs
  sudo openssl req -new -x509 -nodes -out imapd.pem -keyout imapd.pem -days 3650

NOTE: It is IMPORTANT that you use your server's hostname (e.g. the same
name you enter in the "Incoming Mail Server" field of Mail.app) for the
"Common Name" prompt when creating this certificate. Otherwise, the next
step won't work right, and Mail.app will always ask you to confirm
acceptance of this certificate everytime you login to the IMAP-UW
server.

Finally, to prevent Mail.app from continually asking about your
self-signed certificate everytime you connect to the server, you can do
the following to load the certificate into your keychain:

  1. Click "Show certificate" when Mail asks if you want to accept the
  certificate.

  2. Press the Option key while dragging the certificate to the desktop.
  The certificate's icon appears on the desktop.

  3. Add the certificate to your keychain by dragging its icon on top of
  Keychain Access. Note: Keychain Access is located in the Utilities
  folder (/Applications/Utilities). 

  4. When Keychain Access opens, you may be prompted to select a
  certificate type. If this happens, choose X509 Anchors.

NOTE: This "import" of the certificate will need to be done on each
client that you use to access the IMAP-UW server.