[OpenAFS] A few questions
Derek Atkins
warlord@MIT.EDU
03 Jul 2002 07:53:56 -0400
"Klaas Hagemann" <kerberos@northsailor.de> writes:
> Hi,
Hi,
> i am getting more and more komfortable using AFS. But there are still a few
> questions remaining.
I'll try to answer them.
> 1. I am running MIT Kerberos V as authentication service and it works well
> with openafs and aklog. Do i really need the krb524d deamon?
Yes. aklog uses this service to obtain the "v4 ticket" that becomes
the AFS token. If you remove krb524d, aklog will stop working.
> 2. Do i really have to add all kerberos-users with pts createuser? the
> problem is not to create them, it is more to keep these databases in sync.
Yes. The PTServer creates a mapping from Kerberos-Principal (name)
to FileSystemID (UID). The PTServer also maintains group mappings.
> 3. Is the AFS communication between the servers and between client and
> server encrypted?
I don't know about between servers, but client-server communication
can be encrypted via the "fs setcrypt" command at the client.
> 4. Lets say A is the Client, B is a Database Server and C is a fileserver. A
> wants from B a file being stored in C. How is the communication working?
> Does C sends the file or volume or whatever direct to A or first to B which
> sends it to C?
A want's a file stored in volume V. A sends a query to B asking
"Where can I find volume V?" B responds with "V is located at C". A
then contacts C and requests the file; C responds back to A with the
file.
> 5. Is there any chance to distribute a printing service using AFS?
I'm not sure what you mean. Do you mean "can you distribute
/etc/printcap entries and the LPR software using AFS?" The answer to
that is "yes". If you are asking "can I have a shared print-spool in
AFS?" I would suggest you first try the former option.
> Thanks a lot for your answers,
>
> Klaas
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available