[OpenAFS-devel] CMU CS cell configuration

Jeffrey Hutzelman jhutz@cmu.edu
Thu, 21 Nov 2002 16:49:45 -0500 (EST) 

On Wed, 20 Nov 2002, Chris Colohan wrote:

> It appears that the server list for the cell CS.CMU.EDU in your
> currently shipping OpenAFS configuration is incomplete.
>
> Could you please add avocado.srv.cs.cmu.edu to that list?  Without
> avocado tokens can not be obtained in that cell...
>
> (I am not an administrator there -- just a user who got bitten by the
> fact that the default OpenAFS configuration for CS doesn't work...)

Hm; I thought I already answered this in our internal help system, but I'm
happy to answer again in this forum...

The OpenAFS source does not ship with a CellServDB.  Some binary
distributions do include one, depending on the packaging format, and
most that do use the GRAND.CENTRAL.ORG Public CellServDB, which I
maintain.

The entry for the cs.cmu.edu cell in the GCO CellServDB is correct; it
contains that cell's three current dbservers, which are cucumber, lemon,
and papaya.  The entry does not list avocado as a dbserver because it is
not a dbserver -- it is a Kerberos KDC.  Thus, including it would not be
appropriate.


The IBM AFS and OpenAFS Windows clients make the unfortunate assumption
that they can make Kerberos V4 protocol requests to any dbserver, rather
than using separate Kerberos configuration.  This causes problems here at
CMU, where we have an unusual configuration in which our AFS dbservers do
_not_ run Kerberos KDC's and do not respond to Kerberos requests.  The
workaround for this problem is to list at least one KDC as if it were a
dbserver, and trust that the cache manager will time it out quickly and no
other programs will care (because traditionally, no other programs on
Windows talked to dbservers directly).  Local support staff know about
this workaround, and arrange for it to be applied on supported systems.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
   GRAND.CENTRAL.ORG/OpenAFS.ORG postmaster, webmaster, etc
   Sr. Research Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA