[OpenAFS] OpenAFS speed - some benchmarks

Rodney M Dyer rmdyer@uncc.edu
Wed, 25 Jun 2003 14:40:19 -0400


At 09:46 AM 6/25/2003 -0700, you wrote:
>I doubt anyone with a large AFS infrastructure is going to throw it away,
>but there are some reasons why people would be looking at NFSv4.  One of
>the reasons that came up here recently was decentralized administration.
>Right now, all AFS servers have to be highly trusted because they all
>share a powerful key.  I believe this is not the case with NFSv4, which
>would allow a department with a grant to throw up their own NFSv4 server,
>have referrals inserted at the right place in a global namespace, and be
>off and running without compromising the security of the whole
>infrastructure if their system is broken into.

Huh?  As far as I know NFSv4 will not have global namespace.  And, what 
about Kerberos?  If you aren't using Kerberos with centralized 
authentication how are you going to manage uid namespace across those 
boundaries?  You can't just "thow up" servers and expect them to trust the 
security credentials of the user's blindly just because they have the same 
"uid".

What are you talking about?

Rodney