[OpenAFS] I need some information

Tino Schwarze tino.schwarze@informatik.tu-chemnitz.de
Tue, 14 Oct 2003 09:31:13 +0200 

On Mon, Oct 13, 2003 at 03:09:13PM -0200, Gustavo Sverzut Barbieri wrote:

> I'm considering to move from NFS + YP to AFS + LDAP.
> 
> It's a university lab system and about 150 simultaneous users online, each
> one have about 50mb quota avaiable in their /home, which will be provided
> via AFS.

You do know that all AFS stuff will be available at /afs/yourcell/etc ?
That is, there should usually be nothing in /home on an AFS client.

> Users login using gdm (RH9.0) and it was not clear to me if I have to do
> any special thing to get users logged in in both system and AFS. There is
> any way to have user just type in password and have everything mounted?
> Maybe using some pam module or something? Maybe this could go in FAQ?

Using PAM, you can hand off authentication completely to AFS. If you're
starting with a new setup, you might want to consider Kerberos5 instead
of Kerberos4 shipped with AFS.

>    Also, I don't know if it matters but users have flexibility to use
> various window managers, screensavers and others, so if I need to patch
> those please say where do I get those patches... maybe this could be
> transparently handled by pam?

You need to care for programs which authenticate the user (e.g.
xscreensaver) - they usually have PAM support and even enabled on RedHat
AFAIK. There's another issue: Some programs (e.g. screen) try to create
sockets or pipes in the user's home directory but this does not work
with AFS.  These programs need to be adjusted; it is often sufficient to
set an environment variable.

> They also need access to IMAP, SMTP and SSH, I need anything special to
> provide those services?

SMTP usually runs unauthenticated. SSH has PAM support (it get's a bit
difficult if you want automatic token passing, that is password-less
login to remote machines including the AFS authentication). The details
have been discussed recently on this list (and I didn't follow the
discussion). If you use Cyrus for IMAP, it has SASL and therefore PAM
and therefore AFS support for authentication.

> And the last info I need: If I have to provide 100mb/user 1000 users, 300
> clients (simultaneous; 1GbitE), what server configuration would you use?
> (Processor, RAM, Raid (IDE/SCSI), ...). Clients have a good amount of RAM
> (1Gb)

I leave this question to the server guys on the list. ;-)

HTH! Tino.

-- 
             * LINUX - Where do you want to be tomorrow? *
                  http://www.tu-chemnitz.de/linux/tag/