[OpenAFS] OpenAFS speed - some benchmarks

[Rodney M Dyer]

At 02:45 PM 6/25/2003 -0400, Ken Hornstein wrote:
>NFSv4 includes as a manditory-to-implement security mechanism GSSAPI
>(which really means Kerberos).  I believe the thinking here is that you'd
>have everyone share the same Kerberos namespace; if one department's NFS
>server gets broken in to, all of the _other_ NFS servers around aren't
>compromised (at least, we sure hope not :-) ).

So, in effect what you are saying is...

a.  You "can" create a single "admin" kerberos principle.

b.  Or, you "can" create "admin_srv1", "admin_srv2", "admin_srv3", etc..

c.  And, the person who "throws up" the NFS server chooses which "admin" 
principles, or user principles are authentictated to the filespace?

d.  But, since all principles are a part of the single Kerberos namespace 
they all must also be managed via a single "uid" namespace too...which all 
the NFS servers must share in common?

So must a user re-auth for every server they "hit" when drilling down 
through the mount points?

Rodney