[OpenAFS] OpenAFS speed - some benchmarks
Derek Atkins
warlord@MIT.EDU
25 Jun 2003 17:17:33 -0400
Russ Allbery <rra@stanford.edu> writes:
> There's "secure enough that I'm not really worried about people breaking
> into the server" and there's "secure enough that I'm willing to trust that
> server with a copy of the AFS master key for our entire cell." I think it
> should be pretty obvious that those are different standards of secure. I
> would prefer not to have to hold all file servers to the latter standard.
> Right now, I believe that NFSv4 gives me that and AFS doesn't.
>
> AFS gives me a lot of other stuff that I like, not to mention that we have
> a huge investment in AFS already. But that's one NFSv4 feature that looks
> rather appealing.
So, if it were possible to give each fileserver its own Server Key,
one that authenticated it to the cell but did not provide any real
power over other servers (or the cell in general), would that make
you happy?
Granted, that opens up a whole can of worms in terms of authenticating
various operations like volume creation, backup, cloning and
replication, etc... It also doesn't help add new users to the cell.
Is this a reasonable goal? Or would it be better to create a much
easier setup system to reduce the overhead and learning curve of
setting up a new AFS Cell? In other words, "run this script and
you'll have your new cell setup while you hold your breath"?
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available