We used IP-based ACL's to get around the token problem. We created a subdirectory in ~/ in which the new, cur and tmp dir's lived. Then, we created PTS users/groups that contained the IP's of our mail servers, and gave those groups write access into the mail subdirectory. Just make sure your mail servers are hardened, as IP ACL's represent a significant security issue.
They do, but it doesn't have anything to do with how well hardended the machines are whose addresses are on the ACL. An IP address is not an authenticator, and IP-address-based ACL's are pretty easy to subvert, without having to have access to any machine that's "supposed" to be on the ACL.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA
_______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
