[OpenAFS-devel] Cell naming

Jeffrey Hutzelman jhutz@cmu.edu
Thu, 22 Jan 2004 11:11:06 -0500 

On Wednesday, January 21, 2004 21:34:29 -0500 Derek Atkins 
<warlord@MIT.EDU> wrote:

> There is no absolute requirement, but convention is to use a
> fqdn.  If you ever intend to allow anyone else to access
> your data, you should definitely use the fqdn.

>> Should cells be named "redcell" or "redcell.ted-doris.fam"

In most cases, AFS cells are also Kerberos realms.

In these cases, the AFS cell name should be the all-lowercase version of 
the name of the corresponding Kerberos realm.  For realms you plan to use 
with AFS, the realm name should be a valid domain-style realm name (as 
described in section 7.1 of RFC1510, or section 6.1 of 
draft-ietf-krb-wg-kerberos-clarifications-04.txt), corresponding to a 
domain which you control.

In a few cases, there are reasons to name a cell something different (most 
commonly, because there are multiple cells in the same realm).  Even when 
this is the case, cell names should still correspond to the fully-qualified 
name of a domain you control.


Now, a break for some administrivia:
Ted also sent a followup question to openafs-devel-admin, instead of to 
this list.  Please, folks, don't do that.  Those of you using Outlook need 
to specifically check on EVERY REPLY that it's not inappropriately replying 
to the address in the "Sender" header or in the SMTP envelope (which is the 
list administrator address), instead of to the address in the From or 
Reply-To headers.

In any event, hitting "reply" to a message you see on this list will not 
send your reply to the list -- it will either send it to the author of your 
message or, if your mailer is broken, to the list administrator.  If you 
want your reply to go to the list, make sure you are sending it to 
openafs-devel@openafs.org, and not to some other address.



Ted's followup question was this:

> My internal domain is family.fam but I would get in from the outside using
> dhs_name.dhs.org - which I have to use because Comcast rolls my IP address
> occasionally - kind of "semi-dynamic, every few months or so"..
>
> Since CellServDB needs fixed IP addresses (really fixed) what's the best
> way to update?
>
> The current users harken from the time when dynamic IP addresses weren't
> an issue.

You should give your cell the name of a real domain you control in the 
public DNS.  Don't use a name like family.fam, because "fam" is not 
currently a valid TLD, but might be sometime in the future, and then your 
cell name might conflict with someone else's.

However, there's an even better reason to use a real domain name.  If you 
do, you can publish AFSDB records for your cell, and do away with the 
CellServDB entirely.  The right hand side of an AFSDB record contains a 
domain name, not an IP address, so once the records exist you don't need to 
update them every time your address changes -- just update the DNS record 
naming your dbserver, as you do now.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
   Sr. Research Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA