[OpenAFS] Multiple Cells

Lars Schimmer l.schimmer@cgv.tugraz.at
Mon, 07 Nov 2005 14:39:07 +0100 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mikkel Kruse Johnsen wrote:
> Hi All
>=20
> Great about the new release. Looks cool and works, just a few questions.
>=20
> 1. OpenAFS 1.4 should be capable of using MIT Kerberos V, When creating
> the the keytab (for use with asetkey) I do "ktadd -e des-cbc-crc:v4
> afs/linet.dk", when using aklog it fails if krb524d is not running. Is
> that the way to create the keytab ? Should'nt I be able to use aklog
> without krb524d running ?
>=20
> 2. I understand that OpenAFS is not able to manage multple cells,
> because it don't include the cell name in the protocol (correct me if
> i'm wrong). What would it take to make OpenAFS able to handle multiple
> cells. ?
>=20
> I would like to provide an AFS cell for my customers, so I need to have
> more than one root.afs and also each cells must authenticate to each on=
e
> MIT Kerberos V REALM.
>=20
>         /afs/linet.dk
>         /afs/custum1.dk
>         /afs/custom2.dk
>=20
> Each cell has it's own vicepx partition and it's own user database and
> authenticate to it's own REALM.
>=20
> Could someone comment on this, please  ?

I am not full into multiple cell. I just know, IMHO it is possible as
every fileserver is able to handle volumes for every cell.
And I think it is possible with krb5 within crossrealm auth.
But I think you need one database server for every cell with its own
root.cell and vicepa on which the root.cell is.

And as a client it is no problem at all - I use two or three cells at
once right now - you just need the tokens and the name of the cell :-)


> Kind regarts
>=20
> Mikkel
>=20

Cya
Lars
- --
- -------------------------------------------------------------
TU Graz, Institut f=C3=BCr ComputerGraphik & WissensVisualisierung
Tel.: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
PGP-Key-ID: 0xB87A0E03
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDb1j7VguzrLh6DgMRAomrAJkB7ML8AtHsaFoyiNuWQBg3HdemKwCaAmA9
81O5HBIFcPh51mjgwkWUcSM=3D
=3DMvy8
-----END PGP SIGNATURE-----