[OpenAFS] Questions about AFS usage

Rubino Geiß kb44@rz.uni-karlsruhe.de
Tue, 25 Feb 2003 10:17:41 +0100


> I'm very new to afs so forgive me if these questions have
> been asked to death. First let me describe what I would like 
> to do. I would like to set up an AFS server to share common 
> files for our servers. For instance if we have load balanced 
> servers I would like them to have a single directory so I 
> don't have to have multiple copies. I know I can sync the 
> directories but I'd rather not.

AFS can be used for that. At least we use it that way.

> A lot of the features of AFS
> are very appealing but I don't see how I can deal with losing 
> tokens all the time. 

I do not really know what you are talking about. Maybe you refer to the
limited token life time? That can be fixed by a) reauthentificating, b)
using rl permissions or c) ip based ACLs.

method
------
a) in fixed intervalls a mother process of a server issues a klog (or
simmilar) using a stored password
b) set system:anyuser read on the dirs
c) use ip based ACLs

cons
----
a) storing password on local disk, or typing it in on system startup
b) word readable dirs
c) any user/process of a machine can read, maybe ip/dns manipulation issues

our practice
------------
we use a) and b)
a) is used if we have restriced access to some data. We use b) for public
data read by our servers (such as public webpages). As well as our cell is
not public, so  that system:anyuser means all computers on our lan.

> Am I perhaps trying to use AFS for
> something it wasn't intended or am I missing something? Any 
> guidance is greatly appreciated. Oh, I should also note that 
> I would like to do this on Windows servers as well as Linux 
> and Solaris servers. Thanks.

We do use it for storing files for servers on Linux an UNIX (Tru64 &
Solaris), but only end-user clients on windows.

Bye, Ruby