[5680] in Kerberos
Re: Understanding Kerberized POP
daemon@ATHENA.MIT.EDU (Dejan Vucinic)
Fri Aug 11 16:13:53 1995
To: kerberos@MIT.EDU
Date: 11 Aug 1995 20:06:16 GMT
From: dejan@MIT.EDU (Dejan Vucinic)
In article <Tom.Boyce-1008950835100001@osiris.jpl.nasa.gov>,
Tom Boyce <Tom.Boyce@jpl.nasa.gov> wrote:
>Lets say that I have Eudora + Kerborized pop server + Kerberos server, and
>I've set Eudora to pop the mail server every 15 minutes. Does
>authentication take place every time Eudora makes a connection to the pop
>server?
>
>If I had 10,000 pop users spread out on 5 pop servers, would 1 Kerberos
>server be sufficient to handle the load if that many people were poping
>all day? If it would be sufficient, what system resources would be
>required to handle the load (a Sparc 20, a 4CPU Sparc 1000, etc.)? Would
>it be better to run Kerberos servers on each of the pop servers?
Polling the mail spool is in my opinion a very bad idea for any
network with more than a dozen nodes. If you anticipate that your
users will do this and you have no power to discourage them, then yes,
have a mighty server handy. On the other hand, if you are the one who
decides how your users will get their mail, then I suggest you take a
look at Zephyr.
On the POP server I maintain I have sendmail send out a (mail, pop)
Zephyr message to the recipient for every delivered mail message.
Same thing is done here on Athena. A simple way to do this is to
change Mlocal macro in sendmail.cf to point to a wrapper instead of
/bin/mail. (How is this done on Athena, btw?) Of course, you then
have to run a Zephyr server, but I find that the advantages of having
Zephyr are substantial, and it hardly requires any work but the
initial setup.
Unfortunately, the current release of Zephyr doesn't support Kerberos 5
so if you want secure notification wait for a couple of months...
Regards,
Dejan Vucinic
dejan@mit.edu
P.S. How do I make a (mail, pop) message authentic? suid pop zpopnotify
doesn't help.
