[OpenAFS] the notion of "site" is not always well-defined / "project cells"

Jeffrey Hutzelman jhutz@cmu.edu
Sun, 29 Jan 2006 23:48:19 -0500 

On Sunday, January 29, 2006 06:13:29 PM -0800 Jeffrey Altman 
<jaltman@secure-endpoints.com> wrote:

> Adam Megacz wrote:
>
>> I argue that, in the post-Transarc era, there are a large number of
>> situations where OpenAFS is useful for which no coherent/meaningful
>> definition of "site" exists ("cell", of course, is still well-defined).
>
> For 99% of users, they install OpenAFS to access the data in one cell.
>
> The reason that NetIdMgr supports the ability to obtain tokens for
> multiple cells from one Kerberos principal is due to the fact that
> a small number of power users such as myself need that functionality.
> However, today the vast majority of your users are only obtaining data
> from a single location.
>
> Your "cell" is a "site".  It has its own authentication service and
> provides its own name space.

The problem, Jeff, is that you have not quite gotten over the antiquated 
notion of a "site" in which a central administrator exerts complete control 
over all the services and all the clients.  As someone who has for many 
years been involved in the operation of AFS cells which did not correspond 
to a "site" and whose clients I had little or no control over, I can tell 
you that such things do exist.  If you think my deployments are too unique 
to be worth considering, you might try asking some other regulars on this 
list like Ken Hornstein, Harald Barth, or Matt Andrews.

Adam operates a cell, or at least is trying to start doing so, but he does 
not operate a "site".  He operates a Kerberos realm, but only for the 
ability to create a (probably small) number of "local" principals which 
would be difficult or annoying ot get created the administrators of his 
department's realm, in which he is just another user.  Compare this with 
the operation of the SIPB cell, which operates without a separate realm at 
all.

He also has no control over his clients.  His users are not "his" users; he 
does not manage their machines or provide computing support to them.  I'd 
expect that some of them are part of his project group, but most probably 
are not, and some are likely from various other departments, each with 
their own computing support organizations.  To them, he's just some guy, 
with no particular authority or reason for them to trust him.  So it's 
entirely reasonable they might not want to install a software package from 
him, but be willing to trust a version they downloaded from the "official" 
source.

-- Jeff