[6053] in Kerberos
Re: AFS-aware IMAP daemon?
daemon@ATHENA.MIT.EDU (Randall S. Winchester)
Wed Oct 25 20:38:53 1995
Date: Wed, 25 Oct 1995 20:20:01 -0400 (EDT)
From: "Randall S. Winchester" <rsw@eng.umd.edu>
To: Michael Grubb <mg@ac.duke.edu>
Cc: kerberos@MIT.EDU
In-Reply-To: <46mgql$krc@news.duke.edu>
As an aside, my mail spools often do reside in AFS, and my Pine3.91
extended imapd does infact get a pag and token for the user. However for
those with spool space in AFS, imap is not used as much any more because
they can read their mail off the local machine. Now if only PC-Pine or
some other PC mailreader could read the unix mailbox format, I could use
Samba, and drop all that popd stuff. Patience...
Randall
On 25 Oct 1995, Michael Grubb wrote:
> In article <46mbop$nm8@bigblue.oit.unc.edu>,
> Trey Harris <harris@email.unc.edu> wrote:
>
> >My question has to do with my IMAP users. Mail spools will continue to
> >reside in the Unix filesystem, not AFS. Thus, as I understand it, there
> >is no need for an 'AFS-ized' IMAP daemon just to get at the inboxes of
> >users. AFS does not come into this scenario. A Kerberized daemon is
> >required so that the plaintext login can be authenticated to Kerberos.
>
> >However, when an IMAP client makes a request for an archived mail folder
> >(such as the sent or saved messages), the daemon must get this information
> >from the user's home directory--which resides in AFS.
>
> There's no reason for folders to be in AFS unless the user puts them there.
> (The user can define folder locations in the client, as with pine's
> folder collections definitions in the .pinerc.) You can configure the IMAP
> server so that folders and inboxes alike are located on local filesystems.
> How to do that depends on which imapd you are running.
>
> >Now, if we use the Cyrus imapd, a plaintext login (such as Pine,
> >MailDrop, Siren Mail or Simeon Email use) will cause the imap daemon to
> >get a Kerberos ticket.
>
> If you use the Cyrus imapd, your users should not be logging in to the IMAP
> server, and your users' login sessions on other machines should have no
> effect on authentication of the imapd processes. A fortiori, the Cyrus
> imapd handles all folders on local disk. Trying to wedge that into AFS
> would be a supremely bad idea.
>
> >This is where I get fuzzy, however. I believe that a Kerberos ticket is
> >necessary but not sufficient to grant a process access to the AFS
> >filespace. An AFS token is also required for a process to be able to
> >read and write to an AFS filesystem. Am I correct?
>
> That's right, but it shouldn't enter into your IMAP server configuration
> at all.
>
> If you need some boilerplate code to serve as an example of how a process
> can get a Kerberos ticket and an AFS token, let me know and I'll be glad to
> send you a sample or two. Getting such code to build is highly dependent
> on your particular platform, Kerberos libraries, and AFS version.
>
> -- Mike
>
>
> --
> Michael Grubb <mg@ac.duke.edu>
> Duke University Office of Information Technology
> phone +1 919 660 6903 / 417 North Building, Durham NC 27708-0132 USA
>
