[OpenAFS] Maximum # of users

Marcus Watts mdw@umich.edu
Mon, 09 Apr 2007 18:51:33 -0400 

dotmatt <dotmatt@gmail.com> writes:
> Subject: [OpenAFS] Maximum # of users
> Sender: openafs-info-admin@openafs.org
> Errors-To: openafs-info-admin@openafs.org
> Date: Mon, 9 Apr 2007 18:27:33 -0400
> 
> Hello-
>   I have a .edu environment with a single Kerberos realm (MIT Krb5, no
> Krb4) with ~70,000 principals.  I'm not sure I have my terminology
> right, but what is the maximum number of pts user entries I can
> allocate in a single AFS cell?
> 
> I'm thinking about deploying a single AFS cell, where each user's pts
> entry id matches the existing numeric ID (integer, non-reassignable,
> currently our highest is around 100,000, currently used for Posix UIDs
> across many Linux systems).  Is this possible?  I keep seeing
> reference to 32,768 as a maximum pts id number -- is that correct?  If
> this is not possible, what other options would you all recommend?  AFS
> seems to fit all my needs (Krb5 authentication, Unix hosted, virtual
> filesystem, horizontally scalable), as long as all 70,000 users can
> share files securely with all other users.
> 
> I'm sure this info is posted somewhere, but I have not yet stumbled
> upon the magic google-cantation to reveal it to me.  Please point me
> to the correct documentation if it exists, with a well thumped RTM as
> appropriate.
> 
> Thank you all,
> -Matt

spam% tail -10 /afs/umich.edu/group/itd/etc/passwd.long
lssir:*:247178:10:Lauren Shirl Sir:/afs/umich.edu/user/l/s/lssir:/bin/csh
wmpenego:*:247179:10:William M Penegor:/afs/umich.edu/user/w/m/wmpenego:/bin/csh
ajsimons:*:247180:10:Alexia Jade Simons:/afs/umich.edu/user/a/j/ajsimons:/bin/csh
bikobash:*:247181:10:Brian Ichita Kobashigawa:/afs/umich.edu/user/b/i/bikobash:/bin/csh
kraoof:*:247182:10:Khalid A Raoof:/afs/umich.edu/user/k/r/kraoof:/bin/csh
beenat:*:247183:10:Beena  Thannickal:/afs/umich.edu/user/b/e/beenat:/bin/csh
mylehman:*:247184:10:Michael John Lehman:/afs/umich.edu/user/m/y/mylehman:/bin/csh
wbulinda:*:247185:10:Wayne Philip Bulinda:/afs/umich.edu/user/w/b/wbulinda:/bin/csh
shinpaik:*:247186:10:Shin Woo  Paik:/afs/umich.edu/user/s/h/shinpaik:/bin/csh
paulis:*:247187:10:Paulis  Austrins:/afs/umich.edu/user/p/a/paulis:/bin/csh
spam% pts listmax umich.edu 
Max user id is 851087 and max group id is -19786.
spam% 

Older versions of ptserver had an option called "CROSS_CELL",
which had some sort of split 16-bit assumption about viceIDs.
We never ran with this at umich.edu, and the code seems to be gone
in modern versions of openafs.

Older unix systems had a 16-bit uid limit, and for a while, we supported
that at umich.edu by giving users who didn't need a "low" uid a big
one, > 500000.  So we have a hole today in viceids between about 247k and
500k that isn't used.  Viceids between 1000 and 247k are densely packed,
but viceids from 500K to 851k are not densely packed.

There are some special uids around 32K and 64K that you shouldn't use.
If you've got ids up about 100K you've already dealt with those.

You definitely shouldn't try allocating viceids above 2147483647.

				-Marcus Watts