[OpenAFS] OpenAFS speed - some benchmarks

Ken Hornstein kenh@cmf.nrl.navy.mil
Wed, 25 Jun 2003 14:45:43 -0400


>Huh?  As far as I know NFSv4 will not have global namespace.  And, what 
>about Kerberos?  If you aren't using Kerberos with centralized 
>authentication how are you going to manage uid namespace across those 
>boundaries?  You can't just "thow up" servers and expect them to trust the 
>security credentials of the user's blindly just because they have the same 
>"uid".

NFSv4 includes as a manditory-to-implement security mechanism GSSAPI
(which really means Kerberos).  I believe the thinking here is that you'd
have everyone share the same Kerberos namespace; if one department's NFS
server gets broken in to, all of the _other_ NFS servers around aren't
compromised (at least, we sure hope not :-) ).

--Ken