[OpenAFS] OpenAFS in a production environment
Fri, 2 Sep 2005 14:26:28 -0700
On Thursday 01 September 2005 8:26 pm, Jeffrey Hutzelman wrote:
> So tell us about your experience, but please don't spread FUD about AFS by
> making blanket statements like "OpenAFS doesn't seem to work very well with
> NATs" based solely on your own experiences. I don't care for NAT's but I
> do use them from time to time, and it works just fine for me.
To my knowledge it wasn't FUD (fear, uncertainty and doubt): every time I've
tried it, I've encountered issues. I still wouldn't recommend using AFS
behind NATs to someone who asked about my experience with it, but it's good
to know that it works for others.
> If you'd like to describe your setup and symptoms in enough detail that we
> can reproduce the problem, I'm sure there are any number of people who
> would be interested in helping to try to track it down and build in a
> workaround for whatever broken behavior your network hardware has. But
> until then, please don't spread FUD about OpenAFS with blanket statements
> like "The developers do not seem to be interested in a solution for this".
I can only go into so much detail about our configuration for various reasons,
but I'd be happy to do what I can in the future. My statement that the
developers are not interested in a solution for the NAT issue however comes
from the recurring anti-NAT response seen several times in the past on this
list when these issues have come up. I won't argue the point any further,
however the particular statement you pulled out was intended to be taken in
context of the statement which directly followed.
> If you ask around, I expect that most people will tell you that the
> solution to your problem is to stop using the kaserver.
Undoubtedly. I don't think our issue is with the kaserver, which works, but
rather the client PAM module. I'll get it worked out eventually I'm sure.
> That said, feel free to file a bug report. Without one, your problem will
> not be fixed, before 1.4 or after. I was unable to reproduce any problem
> with getting tokens from a kaserver on an amd64_linux26 box, but then, I
> didn't know enough about your environment to try very hard.
It must be something I'm doing wrong then, it's good to know that it works in