[OpenAFS] OpenAFS speed - some benchmarks
Russ Allbery
rra@stanford.edu
Wed, 25 Jun 2003 13:08:23 -0700
Rodney M Dyer <rmdyer@uncc.edu> writes:
> Huh? As far as I know NFSv4 will not have global namespace.
It has referrals, so you can build a global namespace. It's not nearly as
nice as AFS's version of the same, but it's manageable. (And may be
better than I think; I've not yet investigated it in detail.)
> And, what about Kerberos? If you aren't using Kerberos with centralized
> authentication how are you going to manage uid namespace across those
> boundaries?
I don't think you understand the problem. Having a unified authentication
infrastructure isn't an issue. We can do that. The problem is rather
that departments get grants of disk and want to use it for file servers.
We can't easily support that with AFS without pulling those servers into
the central architecture, since they have to have a powerful local key.
If each server had its own key, so that a compromise of that server
wouldn't affect other servers, we could just let departments throw up any
AFS server that they wished and problems with it would only affect the
volumes on that server.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>