[OpenAFS] OpenAFS speed - some benchmarks
Ken Hornstein
kenh@cmf.nrl.navy.mil
Wed, 25 Jun 2003 15:25:28 -0400
>a. You "can" create a single "admin" kerberos principle.
Uh, yeah, I guess ... although unless you're a small site, I'm not sure
why'd you _want_ to.
>b. Or, you "can" create "admin_srv1", "admin_srv2", "admin_srv3", etc..
I suppose.
>c. And, the person who "throws up" the NFS server chooses which "admin"
>principles, or user principles are authentictated to the filespace?
I'm not sure I know what you mean here. I mean, in theory anyone in
that realm (or foreign realms) could authenticate to that NFS server.
What you could do is up to the administrator of that server.
>d. But, since all principles are a part of the single Kerberos namespace
>they all must also be managed via a single "uid" namespace too...which all
>the NFS servers must share in common?
A uid namespace? I don't understand. From what I've seen, there is only
a "userid" namespace.
>So must a user re-auth for every server they "hit" when drilling down
>through the mount points?
You mean, just like in AFS? Yeah, I suppose that's true.
--Ken