[OpenAFS] ka-forwarder and kaserver
Wed, 19 Nov 2008 12:45:39 -0500
> Date: Wed, 19 Nov 2008 10:49:52 CST
> To: firstname.lastname@example.org
> From: Stefan Strandberg <email@example.com>
> Subject: [OpenAFS] ka-forwarder and kaserver
> In the documentation for ka-forwarder, it states that it will work with
> a fakeka running on a krb5 server. We currently have our VLDBs and
> kaservers running on old solaris boxes. What we would like to do is
> initially migrate the VLDBs off onto three new servers, and run
> ka-forwarder on them to point at the kaserver on the old machines.
> However, it is unclear based on documentation and a google search if
> ka-forwarder will work with kaserver. Does anyone else have any
> experience with this? I expect it will work, as fakeka should in theory
> act like kaserver, but I'm not sure.
> Note: We do plan to install krb5 servers. It is just on hiatus for
> various reasons.
I think the short answer is "no, this is nearly certain not to work".
When ka-forwarder forwards packets, it inserts an 8 byte header with the
original sender in front of it. When it gets a response packet back
from the server, it strips off the header & sends the packet back to
the client. fakeka doesn't use the regular rx library, it uses its own
logic -- and that logic also handles the rest of the forward hack.
Regular kaserver, which does use the regular rx library, lacks logic to
deal with forwarders, so should not work.
Question: are your old & new machines on the *same* subnet? If they are,
I may have an interesting option for you.