HTTP Auth with mod_auth_imap – /me on the net!

Posted by Anurag inutilities
Tuesday, July 3. 2007

HTTP based authentication is the most common and easy-to-setup way of protecting content in apache. But with normal .htaccess/.htpasswd based protection, the problem is, .htpasswd file should be present in the webserver’s filesystem, and in most cases those users are not local unix users.

mod_auth_imap attempts to overcome this limitation by allowing apache to authenticate against an IMAP server, local/remote/whatever. Setting up authentication with mod_auth_imap is also straightforward.

  • Download the mod_auth_imap tarball from, and extract the contents.
  • Make sure apxs is installed (its available in apache2-dev package in debian)
  • Run # apxs -i -a -c mod_auth_imap.c as root user to build the apache module and install it in apache.
  • Make sure that mod_auth_imap module is enabled in your apache configuration.

An example .htaccess file will look like this.

#Turn on IMAP Authentication
Auth_IMAP_Enabled on
AuthName "Use IMAP username to login"
AuthType Basic

# Turn off Basic auth. We'll make IMAP as authoritative.
AuthBasicAuthoritative Off

#If you feel like it, restrict the users or allow all valid users:
# Require user foouser
Require valid-user

#Make IMAP Authentication authoritative for this .htaccess file:
Auth_IMAP_Authoritative on
Auth_IMAP_Port 143
Auth_IMAP_Log on

Leave a Reply

Your email address will not be published. Required fields are marked *