RE: ACL problems, any suggestions would be great

Using NIS+/NFS/Kerberos is probably your best way to go.

You could use PKI authentication so when pine ssh's into the other host,
you would not have to enter a password. This complicates things because
all of your users must have a home directory on the remote system with a
~.ssh/authorized_keys containing their public key.

I'd recommend getting the book
 Practical UNIX & Internet Security
from O'reilly.  It is a good resource for questions like this.

Ryan

On Mon, 16 Aug 2004, Turner, Carl H [NTK] wrote:

> Because that would make it once again, insecure. :)
>
> NFS is based on the RPC protocol, which is plain old text. Very old
> stuff...
> However, there is secure RPC now. Check into NFS+ if NFS is your thing.
>
>
> -Carl
>
> -----Original Message-----
> From: Greg Wooledge [mailto:wooledg@eeg.ccf.org]
> Sent: Wednesday, August 11, 2004 10:46 AM
> To: secureshell@securityfocus.com
> Subject: Re: ACL problems, any suggestions would be great
>
> On Tue, Aug 10, 2004 at 01:57:35PM -0400, Bryan Loniewski wrote:
> > User logs into some machine (frontend) starts pine, pine ssh's to
> another machine
> > (backend) where their mail is actually stored in Maildir format and
> exec /etc/rimapd.
> > We want to do this without the user having to enter a password again
> on the backend
> > machine.
>
> Why not just NFS-mount the directory where their Maildirs live?  Have
> pine
> read the Maildirs directly as local files.  (This is automagical if you
> have Maildir/ in $HOME where it belongs....)