[OpenAFS] AFS without Kerberos headache
Jason Edgecombe
jason@rampaginggeek.com
Sun, 21 Dec 2008 18:11:53 -0500
Georg P. Israel wrote:
> Dear All,
>
> this might be stupid question,
> but I still like to post it on this list.
>
> Can I use OpenAFS without the Kerberos headache???
> AFS is almost exactly what I need. Only this damn Kerberos makes my life
> miserable.
> In fact what I need ideally is a file system like NFS just with the
> added features needed to use it in a Metropolitan Network setup, i.e.
> local caching of files.
>
> AFS seems to do this in a good way, but Kerberos is a constant annoyance
> to it. I do have machines that generate simulation data and have to work
> for weeks. If I like to do this with the current OpenAFS setup, I'll
> have to log in once a day and refresh the damn Kerberos token :-(.
>
> Hence, is there a way to disable this Kerberos time out??
>
> If you know of a solution to this, then please let me know.
>
It sounds like you want to use IP ACL's as Harmut suggests.
as an AFS admin, run the following:
% pts createuser 192.168.1.1
% pts creategroup foo
% pts adduser IP_ADDRESS foo
% fs setacl simulation_folder foo rlidwk
Substitute 192.168.1.1 for your IP address and foo for your group name
in the above example. be careful 192.168.1.0 and 192.168.0.0 means the
whole subnet and 255 subnets respectively.
You can then use the "foo" group to give access to that particular
machine to any folders that you wish.
Sincerely,
Jason