[OpenAFS-devel] afs-nfs translator
Jeffrey Hutzelman
jhutz@cmu.edu
Tue, 15 May 2001 21:14:53 -0400 (EDT)
On 14 May 2001, Derek Atkins wrote:
> Production setting? Uh, I would certainly hope not. The NFS
> side of the protocol is completely insecure and could easily
> be hacked. Also, the translator has never, IMHO, been a stable
> product. It's been useful to me in rare occasions when I've
> had a machine without an AFS client, but I would never, personally,
> use a translator-based client for my real files. I've lost way
> too much data to the translator failing at just the wrong time.
I'm unclear on what Art meant by "this method". I think he may have been
referring to your comments about exporting AFS read-only without the
translator. I'm actually not convinced this is possible on most
platforms, due to the design of the VFS layer. You don't need rmtsysd for
read-only access, of course.
We have been using the translator in production for a long time. We use
it primarily for read-only access to archives and local software during
operating system installs -- most OS installers are happy to install from
NFS, but don't support AFS. I actually did get the RedHat 5.2 installer
to support AFS installs using an in-memory cache manager, but was not able
to do so with 6.2. Maybe next time...
In a few cases, we have users with machines which cannot run an AFS cache
manager for some reason. In these situations, we reluctantly use the
translator, mostly with users logging in to the translator machine to run
knfs (note that setting tokens via rmtsysd is _extremely_ insecure).
-- Jeff