[OpenAFS] Future of AFS? Interesting Ideas!?

Martin Schulz schulz@iwrmm.math.uni-karlsruhe.de
17 Dec 2002 12:07:45 +0100


Paul Blackburn <mpb@est.ibm.com> writes:

> Right, but what do you do for sites which do _not_ have
> an existing single sign-on infrastructure?

Provide an off-the-shelf krb5 as an option? Krb5 is quite painlessly
available for most *ixes. On linux, this is just a matter of another
packet dependency on a standard rpm. 

An even more obvious point is the time synchronization. On which
platforms have we AFS clients or servers where there is no xntp
(or similar) available? 


> Also, how do you cope with all the possible types of
> single sign-on infrstructures that different sites may implement?

Are there really so many?  

Well, my approach would be to create some kind of "translation"
modules, much like krb524. I'd vote for some "ad2krb5" add-on. 

> It's a nightmare to try and provide something to please everyone.

Have a look at the perl DBI module. This is a generic database
interface that does (together with the appropriate DBD moldule) all
fancy stuff to communicate with various database backends from
different vendors. The user of the DBI module do not need to worry
much about the specifics of the database system, he can simply use it
and change the backend at will. 

> AFAIK, AFS has always been capable of being
> used either with the kerberos kaserver supplied with it or
> with kerberos 5 from MIT.

In my opinion, the second should be the default.  The kaserver could
be an optional "backward-compatibility" add-on.  The default
installation procedure as described in the IBM manuals is rather an
obstacle than a help for sites that do not have a
single-sign-on-infrastructure yet. Printer and email servers and
clients are in existance today that can use krb5, but not kaserver.

Krb5 could easily obtained from other sources as your Unix vendor or
MIT download. I see no need to package this into AFS itself. 


This is just my "customer view",
-- 
Martin Schulz                             schulz@iwrmm.math.uni-karlsruhe.de
Uni Karlsruhe, Institut f. wissenschaftliches Rechnen u. math. Modellbildung
Engesser Str. 6, D-76128 Karlsruhe