[OpenAFS-devel] Looking for an OpenAFS sandbox environment...

Norbert Gruener nog@MPA-Garching.MPG.DE
Mon, 3 Nov 2008 12:26:46 +0100 

Hi Steven,

On Thu, Oct 30 2008, Steven Jenkins wrote:
> On Thu, Oct 30, 2008 at 7:50 AM, Norbert Gruener
> <nog@mpa-garching.mpg.de> wrote:
> ...
> > On Thu, Oct 30 2008, Jeffrey Altman wrote:
> ...
> >> kaserver is no longer being developed.
> >
> > I am aware of that.  But was is your suggestion, when somebody
> > complains about a problem in AFS::KAS.  Should I just say "sorry but
> > you have to convert your cell to Kerberos 5" ?
> >
> > This would be an easy part for me.  But I am afraid that the guy,
> > having problems with AFS::KAS would not be very pleased with this
> > answer.
> >
> > So, what does the OpenAFS community say about this problem ?  Should
> > the support for AFS::KAS module just be frozen?
> >
> 
> First, a question on this: do you know roughly how many users of
> AFS::KAS you currently have and have any idea of how difficult it
> would be for them to migrate to Kerberos 5? Understanding that can
> help weigh the tradeoffs of continuing to support AFS::KAS vs
> encouraging users to migrate.

to be honestly, I have no idea how many users are using my AFS Perl
API.  

When we decided to migrate to Kerberos 5  we learned that it was quite
easy and painless to convert to Kerberos 5.

And as I said already previously, it took me just one day to convert
all my Perl applications from AFS::KAS to "Authen::Krb5" and to
"Authen::Krb5::Admin".

> Despite being a heavy user of the kaserver (e.g., in development
> sandboxes where Kerberos 5 infrastructures are not always readily
> available) and a big fan of your  AFS::* modules, I agree with Jeff on
> this.  If you have users that are still using the kaserver, you should
> encourage them to move to a Kerberos 5 infrastructure.  Freezing
> support for AFS::KAS will help encourage them to move in the right
> direction.
> 
> If your users find that migration painful, they should feel free to
> ask for help on openafs-info -- it is more strategic for the community
> to spend time and energy helping people get off kaserver rather than
> on maintaining that legacy part of AFS.

I think this is a good point and I will proceed in this direction.

Thank you for your contribution,

Norbert
-- 
Ceterum censeo          | PGP encrypted mail preferred.
Redmond esse delendam.  | PGP Key at www.MPA-Garching.MPG.de/~nog/