[OpenAFS] Future of AFS? Interesting Ideas!?
Derrick J Brashear
shadow@dementia.org
Mon, 16 Dec 2002 12:05:53 -0500 (EST)
On 16 Dec 2002, Patrick J. LoPresti wrote:
> Seriously, I think Benjamin has a good point. If AFS wants to become
> more than an obscure, largely academic technology, it must be easier
> to integrate with more widespread technologies. Kerberos 5 and LDAP
> would be my choices; a less idealistic person might say Active
> Directory :-(.
I agree, if it can be done without forcing the adoption of those
technologies. If I don't want LDAP, forcing me to set it up is likely to
make me just ignore the product entirely.
> Maintaining multiple databases (LDAP, Kerberos, pts) sucks. Note that
> "good synchronization tools" is not a solution. If the
> synchronization is incremental, it inevitably leads to
> inconsistencies; if the synchronization is by full DB conversion, it
> is too slow for large installations.
Agree. We ran krb5 and kaserver in a loosely synchronized manner at CMU
for a while, it was unpleasant. The tradeoff is now we have fixed-master
replication. Sigh.
> I find it amazing, and discouraging, that it is almost 2003 and there
> is still no decent "single sign on" solution for heterogenous sites.
> Granted, a large part of this is Microsoft's fault. But not all of
> it. And it would be nice if OpenAFS were part of the solution instead
> of the problem.
Do you think Kerberos is not (part of) said solution? Do you feel LDAP is?
I'm mostly just curious.