[OpenAFS] OpenAFS and IIS

freebsduser freebsduser@earthlink.net
Tue, 23 Jul 2002 00:14:12 -0400 (EDT)


Thanks for response.  I wasn't sure if anyone had AFS working with IIS so
I figured I would ask.

We are continuing development on a website and our customer has given us a
requirement to restrict access to certain products.  Our clients office is
about 1200 miles from where the site will be hosted and I was looking to
AFS to hopefully solve the replication issue since the client can maintain
the repository and release volumes to the hosting site as needed.  The
data at the hosting site would not be modified by users.

Unfortunately, the target audience for these products is about 500,000
people.  There are about 30,000 products, half of which I expect will
require access control.  In addition to the 500,000 audience, about half
of the products will be available to the general public.  The problem
comes in when we have to identify individual users (target audience) and
also allow the public to use aspects of the site that will require logins
(email notifications, etc).  We will need to automate the "account"
creation as well as give the product owners the ability to add/remove
access to their products.

I cracked open the AFS book again and came across the page that states the
total number of user identities is limited to 32768 (0 to 32767).  That is
well below the number we expect to have as registered users.  In addition
to the above limit, I installed the windows client on my laptop, and
realized I do not have any drive mapping until after I have logged in..
This is no good on a web server that may or may not have an admin logged
in.

We are currently managing the users inside our database (almost 15000
accounts). We could go in the direction of Oracles IFS, but having to pull
everything from the database will definately slow things down.

I am at a loss right now as to a possible solution....


Scott



On Mon, 22 Jul 2002, forrest whitcher wrote:

> Off the top of my head I think not. I have not applied the umich tools
> to authenticate clients against krb5/afs, but I doubt they easily apply
> to iis.
> 
> 2 questions.
> 
> If you are an NT shop anyway why not use NT authentication? one of 
> IIS's features is integration into the NT security model.
> 
> Common reasons for wanting (needing) to use AFS would certainly
> include :
> 
>   better admin tools on a distributed fs 
> 
>   A distirbuted fs which scales better (both size & geography)
> 
> 
> Just how solid do you want the authentication / authorization to be?
> 
> 
> forrest
> 
> 
> 
> 
> On Sun, 21 Jul 2002 21:55:17 -0400 (EDT) 
> freebsduser <freebsduser@earthlink.net> did inscribe thusly:
> 
> > Is it possible to use AFS with an IIS web server?  
> > 
> > I know apache can be set up to authenticate with AFS to allow access
> > control over files and I am hoping the same can be done with IIS.
> > 
> > I have a task in the next six months to work with our web developers to
> > build a site that has very granular access to files.  I know AFS controls
> > access to the dirdctory level and in this instance that is fine since each
> > file will reside in its own directory.  The current site is all IIS on the
> > frontend and that will not be changing.
> > 
> > 
> > Thanks,
> > 
> > Scott
> > 
> > 
> > 
> > _______________________________________________
> > OpenAFS-info mailing list
> > OpenAFS-info@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-info
>