[OpenAFS] converting Kaserver and protection server to working with LDAP
Derek Atkins
warlord@MIT.EDU
04 Jun 2001 11:05:15 -0400
One thing to consider is that LDAP has little security, whereas the
AFS Administration tools, which use RX, have Kerberos-based security
of all operations. Another thing to keep in mind is that you need
database consistency between all your AFS DB servers.
Perhaps I'm a little confused, but do you want to change the (remote)
administration protocols so that you could use LDAP clients? Or did
you want to keep the current administration tools but have the various
servers use LDAP as a back-end database storage (so you could access
the database directly)?
I think that LOTS of stuff will break if you remove the AFS admin
protocols. For example, the fileservers access the ptservers to
obtain group information, and cache managers need to access the
vlservers to determine where a volume is located.
-derek
Eddy Czitrom <Eddy.Czitrom@ness.com> writes:
> Hello,
>
> I am currently working on a project based on OpenAFS for Linux, and one of
> our goals is to make OpenAFS work with LDAP for user management.
> The general idea is to change the user management methods in the kaserver
> and protection server like addUser,deleteUser etc. to corresponding LDAP
> functionality.
> I am concerned about the possibility that by doing so I will damage other
> abilities of the OpenAFS or impair its stability.
> I welcome any comments that can illuminate this issue.
>
> Thanks,
> Eddy Czitrom
> Project Leader
>
>
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available