[OpenAFS] AFS without Kerberos headache
Hartmut Reuter
reuter@rzg.mpg.de
Sun, 21 Dec 2008 19:06:10 +0100
Harald Barth wrote:
>>In fact what I need ideally is a file system like NFS just with the
>>added features needed to use it in a Metropolitan Network setup, i.e.
>>local caching of files.
>
>
> As an added feature, I hope you want to have control who wrote a file.
>
>
>>AFS seems to do this in a good way, but Kerberos is a constant annoyance
>>to it. I do have machines that generate simulation data and have to work
>>for weeks. If I like to do this with the current OpenAFS setup, I'll
>>have to log in once a day and refresh the damn Kerberos token :-(.
>
>
> You can have longer timed tickets and tokens. You can save tickets in
> keytabs. If your hosts have keytabs, you can use them to generate
> tickets from.
>
> You can have system:anyuser write if you want to mimic NFS ;)
And you can create pts groups based on IP-addresses and give such a
group permissions in the ACL. That's less horrible than giving
system:anyuser write access. But after you have done this you have to
wait quite a while until the fileserver has re-evaluated those IP-groups
(typically 2 hours) before they work.
Hartmut
>
> Harald.
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
--
-----------------------------------------------------------------
Hartmut Reuter e-mail reuter@rzg.mpg.de
phone +49-89-3299-1328
fax +49-89-3299-1301
RZG (Rechenzentrum Garching) web http://www.rzg.mpg.de/~hwr
Computing Center of the Max-Planck-Gesellschaft (MPG) and the
Institut fuer Plasmaphysik (IPP)
-----------------------------------------------------------------