Running a ``standard'' delivery program authenticated as some designated
AFS user will meet the criterion for reading .forward without giving
world-read permissions to home directories. (It won't ensure that such
a standard delivery program will notice the difference between
open-failed-because-file-is-missing and
open-failed-because-a-server-is-temporarily-down.) You can keep such a
program authenticated by one of the contributed programs that
periodically does a klog or its moral equivalent.
Programs like Sendmail are configurable to do mail delivery by calling a
program of your choice; one could write such a program to create a new
file in a designated subdirectory of a user's home directory.
Just in case you're one of the six members of info-afs that I haven't
told about the Andrew mail software, it's a completely different local
delivery mechanism, freely available, designed to work with AFS file
semantics. It's something of a big deal to install, but it does have
several pleasant features of its own. It's designed to work with a
different collection of mail user agents, none of which is exactly like
Mush or UCB Mail or xmh or mh, but there's no inherent reliance of the
delivery system on those mail user agents.
The delivery system itself (AMDS) works like a local mail delivery
system for an AFS cell, requiring some dedicated processes to support
queued and incoming delivery. It uses a White Pages database of mail
addresses stored in AFS itself, plus some cell-wide mail queues (again
in AFS). Mail can be injected into AMDS with a variety of mechanisms,
and mail is delivered from AMDS into designated subdirectories of users'
home directories, each message as a separate file.
The mail user agents that come with the Andrew software are configurable
to run with or without AMDS; most sites run the flagship mail agent
because of its support for multi-media mail, not only multi-media
display but also multi-media composition.
Check anonymous FTP to emsworth.andrew.cmu.edu for sources; what's there
is more up to date than what was packaged with the latest X.V11
distribution. I'm not sure there's an unauthenticated-AFS connection to
it these days. There's an ATK Consortium (``Andrew Tool Kit'') at
Carnegie-Mellon U. that does continuing development of the
user-interface software.
Craig
