IP-based access is totally fine if that part of your network is
physically secure. It sure solves a lot of headaches.
On 2/10/10 10:22 AM +0100 Per-Erik Persson wrote:
Well, what you describe would be the correct and security aware way of
doing it.
However since I am still testing i just did it the quick and dirty way.
By adding the IP of the server handling the maildeliveries to the group
called mail-writers which has permissions on every users Maildir.
Something like "pts adduser 1.2.3.4 mail-writers" if I remeber correctly.
In theory this would decrease the load on the kdc and the afs server, but
in practice I don't know if it would be possible to measure a difference.
On 02/10/2010 09:56 AM, Steffen Kaiser wrote:
On Wed, 10 Feb 2010, Per-Erik Persson wrote:
I now have dovecots deliver (1.1.?)up and running and delivering
mails to maildirs located on the AFS
So if anyone is wondering, I would say that AFS works as a backend
for storing emails without any ugly patches.
Do you have a local keytab and use an kerberos account, that may write
to any AFS volume, in order to run deliver?
