[5529] in Kerberos
Re: kerberos, sendmail, passwd
daemon@ATHENA.MIT.EDU (Sam Hartman)
Fri Jul 21 15:14:25 1995
To: jwb@wilbur.hhisland.com (Joe Beiter)
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of "21 Jul 1995 09:21:33 EDT."
<3uo9kt$bll@wilbur.hhisland.com>
Date: Fri, 21 Jul 1995 14:49:28 EDT
From: Sam Hartman <hartmans@MIT.EDU>
At the high school I attended, which uses Kerberos and POP, we
do the following:
following:
1) Add everyone to Kerberos using kadmin
2) Have our public Unix box add everyone to a userdb format file
directing
their mail to user@mailserver.pop (replace mailserver with the first
stem of the hostname)
3) Have the public workstation generate an MH style POP database
without passwords.
4) Have a hack in ruleset 0 of sendmail.cf to direct user@foo.pop to
foo.rest.of.domain.name; if the current machine is
foo.rest.of.domain.name, then run spop username on the message.
5) Have a kpopd running to allow authenticated POP, and a pop3d with
the PASSWORD_HACK option defined to allow insecure usage of POP
pulling passwords from the Kerberos database.
MIT's system is somewhat more complicated because they have a
rather complicated user database (Moira) and have many more mail
servers. Also, they don't support the cleartext password POP for most
users.
--Sam
