[OpenAFS] Multiple Cells

Lars Schimmer l.schimmer@cgv.tugraz.at
Mon, 07 Nov 2005 14:39:07 +0100

Hash: SHA1

Mikkel Kruse Johnsen wrote:
> Hi All
> Great about the new release. Looks cool and works, just a few questions.
> 1. OpenAFS 1.4 should be capable of using MIT Kerberos V, When creating
> the the keytab (for use with asetkey) I do "ktadd -e des-cbc-crc:v4
> afs/linet.dk", when using aklog it fails if krb524d is not running. Is
> that the way to create the keytab ? Should'nt I be able to use aklog
> without krb524d running ?
> 2. I understand that OpenAFS is not able to manage multple cells,
> because it don't include the cell name in the protocol (correct me if
> i'm wrong). What would it take to make OpenAFS able to handle multiple
> cells. ?
> I would like to provide an AFS cell for my customers, so I need to have
> more than one root.afs and also each cells must authenticate to each on=
> MIT Kerberos V REALM.
>         /afs/linet.dk
>         /afs/custum1.dk
>         /afs/custom2.dk
> Each cell has it's own vicepx partition and it's own user database and
> authenticate to it's own REALM.
> Could someone comment on this, please  ?

I am not full into multiple cell. I just know, IMHO it is possible as
every fileserver is able to handle volumes for every cell.
And I think it is possible with krb5 within crossrealm auth.
But I think you need one database server for every cell with its own
root.cell and vicepa on which the root.cell is.

And as a client it is no problem at all - I use two or three cells at
once right now - you just need the tokens and the name of the cell :-)

> Kind regarts
> Mikkel

- --
- -------------------------------------------------------------
TU Graz, Institut f=C3=BCr ComputerGraphik & WissensVisualisierung
Tel.: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
PGP-Key-ID: 0xB87A0E03
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org