[OpenAFS] OpenAFS in a production environment

Lester Barrows barrows@email.arc.nasa.gov
Fri, 2 Sep 2005 14:26:28 -0700

Hi Jeffrey,

On Thursday 01 September 2005 8:26 pm, Jeffrey Hutzelman wrote:
> So tell us about your experience, but please don't spread FUD about AFS by
> making blanket statements like "OpenAFS doesn't seem to work very well with
> NATs" based solely on your own experiences.  I don't care for NAT's but I
> do use them from time to time, and it works just fine for me.

To my knowledge it wasn't FUD (fear, uncertainty and doubt): every time I've 
tried it, I've encountered issues. I still wouldn't recommend using AFS 
behind NATs to someone who asked about my experience with it, but it's good 
to know that it works for others.

> If you'd like to describe your setup and symptoms in enough detail that we
> can reproduce the problem, I'm sure there are any number of people who
> would be interested in helping to try to track it down and build in a
> workaround for whatever broken behavior your network hardware has.  But
> until then, please don't spread FUD about OpenAFS with blanket statements
> like "The developers do not seem to be interested in a solution for this".

I can only go into so much detail about our configuration for various reasons, 
but I'd be happy to do what I can in the future. My statement that the 
developers are not interested in a solution for the NAT issue however comes 
from the recurring anti-NAT response seen several times in the past on this 
list when these issues have come up. I won't argue the point any further, 
however the particular statement you pulled out was intended to be taken in 
context of the statement which directly followed.

> If you ask around, I expect that most people will tell you that the
> solution to your problem is to stop using the kaserver.

Undoubtedly. I don't think our issue is with the kaserver, which works, but 
rather the client PAM module. I'll get it worked out eventually I'm sure.

> That said, feel free to file a bug report.  Without one, your problem will
> not be fixed, before 1.4 or after.  I was unable to reproduce any problem
> with getting tokens from a kaserver on an amd64_linux26 box, but then, I
> didn't know enough about your environment to try very hard.

It must be something I'm doing wrong then, it's good to know that it works in 
your case.

Lester Barrows