[OpenAFS-devel] Starting fs without salvaging...

[Nathan Neulinger]

"D. Hageman" wrote:
> 
> Nathan,
> 
> The network setup you describe sounds very impressive.  The most
> interesting part of it was that you are utilizing a full kerberos 5 setup.
> This is something that we are very interested in doing.  The general
> timeline that we would like is to first implement krb5 for all the systems
> and then attempt to transition OpenAFS into the grand scheme of things.
> 
> One of the items that concerns me is user management.  With such a large
> system that you have, I am wondering how easy user management is?  We have
> been toying around with the idea of making a SQL backend (most likely we
> will use PostgreSQL) to the MIT Kerberos package.  A couple of other
> reasons why we are wanting something like a generic way to store user
> account management is because of the web systems and a potential wireless
> lan setup for the engineering buildings.  We figure that we will have
> better luck with a SQL backend then berkley dbs.

We do most account administration via web tools, and use them to keep
data in sync. Kerberos is considered the authoritative authentication
source. SQL tables keep track of userids, ownership (ssn/etc.) before
the afs/krb5/nds/etc. userids are ever created.

For administrative tasks, we have perl scripts that open pipes to
kadmin. Our NIS infrastructure is 100% derived from database tables. (We
simply 'select xxxxx' and write out the master files for nis.)

I wouldn't recommend the SQL approach to krb5 db, as it's likely to slow
it down, and why run both a database server and a KDC on the same box. I
certainly wouldn't combine the two unecessarily. I may be wrong on this
though.

> At any rate, those are kinda my thoughts on the matter.  I apreciate any
> feedback or recommondations that you might have to offer on the subject
> matter.
> 
> > Yes, for 1000+ NT stations, and 200-300 unix stations (mix of hp, solaris,
> > linux, with a couple sgis thrown in, although we are trying to get out of
> > them as there are only 3 of them.) We have 9 afs servers at the moment, 3
> > are DB-only on suns, and the rest are a mix of suns and linux, for about 1.4
> > Tb, of which most is wasted space due to administrative decisions on how to
> > handle quotas.
> >
> > We're also fully krb5, no kaservers. (Moving to ADS gradually as well...
> > have yet to see how that will work out in the end.)
> 
> --
> //===================================================================\\
> ||  D. Hageman                            <dhageman@eecs.ukans.edu>  ||
> ||  Information Specialist                1010C Learned Hall         ||
> ||  Phone: 785.864.3923                                              ||
> \\===================================================================//

-- 


------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
CIS - Systems Programming                Fax: (573) 341-4216