[OpenAFS] Using OpenAFS with Web Servers

BNQ binq@yahoo.com
Mon, 18 Mar 2002 15:24:48 -0500

> I haven't personally tried this, but I'm itching to set up a system like
> this for someone.  It seems like the absolute perfect solution for large
> web sites.  Scalability is not an issue; if you need more front-end
> servers, add new Apache servers.  If you need more back-end I/O bandwidth,
> add new read/only replica AFS servers, so on and so forth.

This is exactly what I was thinking, but the problem is that replicas are
not meant for files that are updated frequently (my clients are constantly
updating files).

Also I have a feel that the intranet bandwidth between the web servers and
AFS servers are going to be a bottleneck.  I mean even a gigabit network
will only take me so far.  Are these fears unfounded?

> Another great advantage is the ability to have a read/write staging copy
> of web content where web developers can actively make changes, and then
> atomically rolling those changes into production with one command.

I did not know this was possible though AFS.  How would it be done?

> AFS really doesn't communicate with anything like LDAP.  I'd recommend
> using Kerberos V for authentication and as for authorization, the AFS
> protection server is pretty much the only game in town.

I know that Kerberos can be made to interface with LDAP so I think I am ok
with that.  As for authorization, if it means deciding whether a user should
have access to a file based on ACLs, then I am ok.  I can authenticate users
with (Kerberos/LDAP) and then authorize users to have access to only certain
directories using AFS ACLs.  So I do mind using AFS protection server
(authentication is the important part).

Thanks for the quick reply Jason.

- binq

Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com