[OpenAFS] OpenAFS speed - some benchmarks
Derek Atkins
warlord@MIT.EDU
25 Jun 2003 15:58:05 -0400
Rodney M Dyer <rmdyer@uncc.edu> writes:
> At 03:25 PM 6/25/2003 -0400, Ken Hornstein wrote:
> >A uid namespace? I don't understand. From what I've seen, there is only
> >a "userid" namespace.
>
> I'm confused. Kerberos is for "authentication" not "authorization".
> What I'm asking is what is the "authorization" method used under
> NFSv4? Normally a NFS server maps "uids" of "authenticated users" to
> files right? Well, for multiple NFS servers using Kerberos
> "authentication" there needs to be some way of mapping "authenticated"
> users to "uids" on those systems...right? Since all the NFS servers,
> even ones run by individuals, fall under the same Kerberos
> authentication namespace, then they all need to use the same "uid"
> space too...right? Otherwise, how do you perform a chown?
No, they do not... The NFSv4 RPCs could perform a translation for you,
theoretically. AFS certainly doesn't need to keep UID space the
same across multiple AFS Cells.
Granted, it _looks_ better if you keep the uid space the same. But
theoretically if you have a centralized Kerberos infrastructure you
probably also have a centralized Hesiod/LDAP/NIS which implies a
centralized uid namespace.....
> Rodney
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available