[OpenAFS] converting Kaserver and protection server to working with LDAP

Derek Atkins warlord@MIT.EDU
04 Jun 2001 11:05:15 -0400

One thing to consider is that LDAP has little security, whereas the
AFS Administration tools, which use RX, have Kerberos-based security
of all operations.  Another thing to keep in mind is that you need
database consistency between all your AFS DB servers.

Perhaps I'm a little confused, but do you want to change the (remote)
administration protocols so that you could use LDAP clients?  Or did
you want to keep the current administration tools but have the various
servers use LDAP as a back-end database storage (so you could access
the database directly)?

I think that LOTS of stuff will break if you remove the AFS admin
protocols.  For example, the fileservers access the ptservers to
obtain group information, and cache managers need to access the
vlservers to determine where a volume is located.


Eddy Czitrom <Eddy.Czitrom@ness.com> writes:

> Hello,
> I am currently working on a project based on OpenAFS for Linux, and one of
> our goals is to make OpenAFS work with LDAP for user management.
> The general idea is to change the user management methods in the kaserver
> and protection server like addUser,deleteUser etc. to corresponding LDAP
> functionality.  
> I am concerned about the possibility that by doing so I will damage other
> abilities of the OpenAFS or impair its stability.
> I welcome any comments that can illuminate this issue.
> Thanks,
> Eddy Czitrom
> Project Leader
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available