[OpenAFS] AFS without Kerberos headache

Hartmut Reuter reuter@rzg.mpg.de
Sun, 21 Dec 2008 19:06:10 +0100

Harald Barth wrote:
>>In fact what I need ideally is a file system like NFS just with the
>>added features needed to use it in a Metropolitan Network setup, i.e.
>>local caching of files.
> As an added feature, I hope you want to have control who wrote a file.
>>AFS seems to do this in a good way, but Kerberos is a constant annoyance
>>to it. I do have machines that generate simulation data and have to work
>>for weeks. If I like to do this with the current OpenAFS setup, I'll
>>have to log in once a day and refresh the damn Kerberos token :-(.
> You can have longer timed tickets and tokens. You can save tickets in
> keytabs. If your hosts have keytabs, you can use them to generate
> tickets from.
> You can have system:anyuser write if you want to mimic NFS ;)

And you can create pts groups based on IP-addresses and give such a 
group permissions in the ACL. That's less horrible than giving 
system:anyuser write access. But after you have done this you have to 
wait quite a while until the fileserver has re-evaluated those IP-groups
(typically 2 hours) before they work.

> Harald.
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

Hartmut Reuter                  e-mail 		reuter@rzg.mpg.de
			   	phone 		 +49-89-3299-1328
			   	fax   		 +49-89-3299-1301
RZG (Rechenzentrum Garching)   	web    http://www.rzg.mpg.de/~hwr
Computing Center of the Max-Planck-Gesellschaft (MPG) and the
Institut fuer Plasmaphysik (IPP)