[OpenAFS] AFS Issues

[Charles Clancy]

On Wed, 10 Oct 2001, Derrick J Brashear wrote:

> On Wed, 10 Oct 2001, Cosimo Leipold wrote:
>
> > 	1. Since the AFS Install my procmail is broken. Presumably this is
> > because of authorization issues - procmail's docs dont seem to have info
> > re AFS and I can't find much on AFS about procmail. Procmail runs but it
> > cant write/modify because it isn't authenticated. Solutions?
>
> Authenticate it. I recommend getting and installing kth-krb and using
> kauth (which it comes with) for this, but of course it means leaving a
> kerberos srvtab around "somewhere"

What I've done in the past involves using Sendmail and UW-IMAP.  Have
sendmail write inboxes to /var/mail -- a local disk.  Then have your imapd
do AFS authentication via PAM, and store the IMAP folders in the user's
home directory (which it can write to because PAM gets the token for the
imapd process).

This works quite nicely with PINE, because the IMAP folders are all there
in ~/mail, in MBX format, which PINE likes.  Then you can enable RSH
Inboxes under PINE, such that you allow unauthenticated RSH to your mail
server where everyone's shell is /usr/sbin/in.imapd (use netgroups under
NIS+ to make this easy), and since /var/mail isn't in AFS space, you don't
need to worry about authentication (PINE only gets Inboxes via RSH -- the
rest are already local).  People can have un-authenticated mail
connections from trusted workstations (i.e. the ones that can RSH in).

Overall, it's much better than NFS-sharing your inboxes, because you don't
need to worry about locking issues between Sendmail and remote mail
clients reading from mailhost:/var/mail.

--
t. charles clancy <> tclancy@uiuc.edu <> www.uiuc.edu/~tclancy