[OpenAFS] OpenAFS Newbie Questions

[Tino Schwarze]

On Tue, Sep 24, 2002 at 01:17:51PM -0700, Raymond wrote:

> I have a RH73 server and wish to replace the /home directory and mount with
>  an AFS volume. Redhat will be reloaded soon with all partitions recreated
>  and formated with ext3 or reiserfs. The primary use of this machine will be
>  to share user data located on this machine. The /home partition is typically
>  structured as /home/<org unit>/<user>/ with public, protected and private
>  subdirectories. The clients are all Win2K machines spread across a continent
>  via T1 and DS3 wan.
> 
> 1) Is the vicepx partition where all the user (/home) data is stored. If so,
> can I  create a /vicepa partition in lieu of the /home partition during RH73
> installation? When creating a new user via console useradd or kde's kuser,
> would the home directory be /vicepa/usr/<org unit>/<user>/ or
> /afs/<cell>/usr/<org unit>/<user>/  ?

AFS works fundamentally different from NFS etc. You do _not_ export a
file system directly. Instead, the AFS client talks to the AFS file
server to get some files. /vicepa can be seen like a heap where the file
server stores the data. AFS data is alway organized in volumess (a
volume has a name, an ID, a quota and maybe clones attached to it).
Then, volumes are "mounted" in /afs space by creating a special file
which points to the volume name.

When you want to access a file, the AFS client (cache manager) figures
out the volume name and asks the Volume Location server on which file
server(s) this volume resides.

Therefore, if you'd like to store user home directories in AFS, you just
set up an AFS server (which consists of several different server
processes) and create your own AFS cell. Then you create a volume for
each user which gets mounted as /afs/<yourcell>/whereever/username

> 2) After perusing the list archives, it appears only ext2 is guaranteed to
> work with the client cache. Therefore, is it advisable to create a 100+ meg
> ext2 /usr/afs/cache  partition during RH73 installation?

I for myself have used ext3 successfully as an AFS cache.

> 3) I wish to replicate the /vicepa partition to a geographically remote
>  machine for fault-tolerance. Is this easily achievable?

AFS does not do real-time duplication. You can have several read-only
copies of the same read-write volume. But synchronization is done
manually by issuing "vos release $volume"

> 5) I currently utilize pam for all user application authentication to the
> system. Does the RH73 RPM version of OpenAFS support this? 

Yes, this should work.

> Is Kerberos implicitly utilized to create an encryption *hash" or

AFS-authentication is based on Kerberos. In fact, a standard AFS
installation includes a Kerberos4 server (kaserver).

> should I wrap OpenAFS file transfers with SSH2?

Authentication is always secured. File transfers are not, but can be
made more secure by issuing "fs setcrypt -crypt on". Unfortunately, the
ciphers used are pretty old and not considered very secure today.

HTH! Tino.

-- 
             * LINUX - Where do you want to be tomorrow? *
                  http://www.tu-chemnitz.de/linux/tag/