[OpenAFS] OpenAFS speed - some benchmarks

Ken Hornstein kenh@cmf.nrl.navy.mil
Wed, 25 Jun 2003 15:47:20 -0400


>>A uid namespace?  I don't understand.  From what I've seen, there is only
>>a "userid" namespace.
>
>I'm confused.  Kerberos is for "authentication" not "authorization".  What 
>I'm asking is what is the "authorization" method used under 
>NFSv4?  Normally a NFS server maps "uids" of "authenticated users" to files 
>right?  Well, for multiple NFS servers using Kerberos "authentication" 
>there needs to be some way of mapping "authenticated" users to "uids" on 
>those systems...right?  Since all the NFS servers, even ones run by 
>individuals, fall under the same Kerberos authentication namespace, then 
>they all need to use the same "uid" space too...right?  Otherwise, how do 
>you perform a chown?

As I understand it, how the translation of a Kerberos principal name
gets turned into a Unix uid is up to the server implementation.  I
believe that the Solaris GSS-API NFS implementations use the standard
getnamebyuid() calls at some point.  How this gets translated into a
uid over the wire I'm not quite sure about, to be honest.

--Ken