[OpenAFS] Future of AFS? Interesting Ideas!?

[Patrick J. LoPresti]

Derrick J Brashear <shadow@dementia.org> writes:

> On Sun, 15 Dec 2002, Benjamin Rodewald wrote:
> 
> > 2. AFS Databases in LDAP?
> > - - You can use slurpd(openldap) for replication
> 
> Boy how I love that fixed master replication. 

So contribute some Ubik code to OpenLDAP :-).

Seriously, I think Benjamin has a good point.  If AFS wants to become
more than an obscure, largely academic technology, it must be easier
to integrate with more widespread technologies.  Kerberos 5 and LDAP
would be my choices; a less idealistic person might say Active
Directory :-(.

Maintaining multiple databases (LDAP, Kerberos, pts) sucks.  Note that
"good synchronization tools" is not a solution.  If the
synchronization is incremental, it inevitably leads to
inconsistencies; if the synchronization is by full DB conversion, it
is too slow for large installations.

A single database is by far the best solution.  Failing that, two
databases is better than three, three is better than four, and so on.

I find it amazing, and discouraging, that it is almost 2003 and there
is still no decent "single sign on" solution for heterogenous sites.
Granted, a large part of this is Microsoft's fault.  But not all of
it.  And it would be nice if OpenAFS were part of the solution instead
of the problem.

I am speaking here as an admin and potential OpenAFS customer, not as
someone ready to put some code where his mouth is.  Feel free to
weight my opinion accordingly.

 - Pat