Well, what you describe would be the correct and security aware way of doing it.
However since I am still testing i just did it the quick and dirty way. By adding the IP of the server handling the maildeliveries to the group called mail-writers which has permissions on every users Maildir. Something like "pts adduser 1.2.3.4 mail-writers" if I remeber correctly. In theory this would decrease the load on the kdc and the afs server, but in practice I don't know if it would be possible to measure a difference.
On 02/10/2010 09:56 AM, Steffen Kaiser wrote:
On Wed, 10 Feb 2010, Per-Erik Persson wrote:
I now have dovecots deliver (1.1.?)up and running and delivering mails to maildirs located on the AFS
So if anyone is wondering, I would say that AFS works as a backend for storing emails without any ugly patches.
Do you have a local keytab and use an kerberos account, that may write to any AFS volume, in order to run deliver?