Courier-authlib with MySQL

Background
Qmail+vpopmail+courier-imap was popular setup at a time, and many legacy installations still exist. In that setup, courier-authlib uses authvchkpw, which is vpopmails authentication daemon to authenticate users for IMAP and POP3 access. Starting from version 0.60.4 support for authvchkpw was removed from courier-authlib. It is possible to hack the source and add the support, but it is cumbersome and risk-prone process and it is required to do that on every upgrade. Users were forced to mask versions of courier-authlib higher 0.60, to keep the support of authvchkpw. However, many security related bugfixes were added to the courier-authlib since than, so it was more than desirable to switch to a newer version of courier-authlib. For a setups in which vpopmail uses MySQL to do authentication, elegant drop-in solution exists which allows direct authentication of users against MySQL by courier-authlib, without using authvchkpw.

How-to
First, in case things go really wrong, pack up your trusty installation of courier-authlib:

If at any stage you want to restore previos install run

Remove courier-authlib from package.mask, in case it is there:

Stop courier-authlib, unmerge it, clean-up and install a brand new one:

Make sure that net-libs/courier-authlib has mysql flag enabled, and emerge it:

Edit authmysqlrc file so that it has following options:

Now, start imap and pop3 servers, and try to authenticate with the server using e-mail client.

If something does not work, try debugging courier-authlib:

Note, that this leaves all password in your logs.

Conclusion
Courier-authlib, and consequently, courier-imapd and courier-pop3d should now be able to authenticate users directly against MySQL, without the need for authvchkpw.

NB - if you have emerged vpopmail with the clearpasswd use flag disabled (this causes there to be no pw_clear_passwd column in the table) just replace "pw_clear_passwd AS clearpw" with " &#39;&#39; AS clearpw " - this seems to work fine for me. Also note, that AUTH CRAM-MD5 only works with vpopmail emerge with the clearpasswd use flag enabled.