[OpenAFS] Evaluating AFS for in house use, RFCs...

ted creedon tcreedon@easystreet.com
Thu, 02 Feb 2006 16:30:54 -0800

Forget Samba. AFS is better and more secure and more hack proof.

If you need aLinux  print server use CUPS.


Gordon Bowersox wrote:
> I hope this is not an abuse of the list...
> I am at the early stages of examining AFS for use in our company.  I 
> have my pipe-dream model and have started reading up on everything I 
> need to understand before I dive into proof of concept.  The list of 
> things I need to understand is growing faster than the list of things 
> I understand.  I need solid POC for budget approval May 2006.  I am 
> often accused of terse email and would be happy to continue this with 
> more description offline or online.
> Currently I have identified these components in my speculations.  Many 
> of these are new systems to me and my understanding at this point is 
> based on reading only and not always up-to-date material.
> Kerberos - Kerberos The Definitive Guide (O'REILLY)
> openAFS - Managing AFS The Andrew File System by Richard Campbell
> samba (we have some 2.x)
> MS Active Directory (we have one, not integrated to ldap or samba)
> openLDAP (in use as address book, md5 hash auth for in house 
> applications)
> ----
> Kerberos.
> I am leaning towards MIT version.  Reason it seems to offer better 
> password aging and strength rules.  This will be the first component I 
> install since it provide immediate benefits to the MIS department 
> beyond openAFS.
> The problem.
> We have 36 distributed offices across the United States.  T1 or dual 
> T1 access.  Our current File Sharing system is distributed Novell 4.11 
> servers.  36 (old) servers 36 tape backup jobs 36 people who forget to 
> change tapes at least once a week.
> Dream model ala carte.
> New files server at each location running openAFS with samba on CentOS.
> My goal is samba as the openAFS client, not the actual client PC.
> Linking the afs root to /samba/data/...
> Remote data is mirrored back to HQ via RO replica.
> All backup jobs of remote RO replicas and local HQ RW replicas to run 
> at HQ nightly, possibly a few incremental jobs during the day.
> The extras
> Role based rights to files and folders
> ldap based pointers to 'My Documents' and 'Local Folder' for email
> single admin point for all AD/samba UID
> Kerberos authentication for users to samba, Citrix, web apps, Internet 
> proxy (Kerberos will likely be a continuous evolution)
> Any hidden gotchas on my path?  Any obvious mistakes on my part?
> Gordon Bowersox
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info