[OpenAFS] ka-forwarder and kaserver

Stefan Strandberg stefan@cae.wisc.edu
Wed, 19 Nov 2008 11:50:59 -0600 

Rats, I was really hoping that would work.

As for the same subnet, yes, they are both on the same /24.  We're
currently trying to get the VLDBs running on new machines so we can
start eliminating the old, failing sun machines.  However, we haven't
decided what we ultimately want out of kerberos, so we were hoping to
hold off on a krb5 install for a while, and just get the VLDBs done in
the interim.  As they are going to be debian installs, kaserver running
on the new VLDBs isn't really an option.

Thanks,

-stefan

On Wed, Nov 19, 2008 at 12:45:39PM -0500, Marcus Watts wrote:
> > Date:    Wed, 19 Nov 2008 10:49:52 CST
> > To:      openafs-info@openafs.org
> > From:    Stefan Strandberg <stefan@cae.wisc.edu>
> > Subject: [OpenAFS] ka-forwarder and kaserver
> > 
> > Hi,
> > 
> > In the documentation for ka-forwarder, it states that it will work with
> > a fakeka running on a krb5 server.  We currently have our VLDBs and
> > kaservers running on old solaris boxes.  What we would like to do is
> > initially migrate the VLDBs off onto three new servers, and run
> > ka-forwarder on them to point at the kaserver on the old machines.
> > 
> > However, it is unclear based on documentation and a google search if
> > ka-forwarder will work with kaserver.  Does anyone else have any
> > experience with this?  I expect it will work, as fakeka should in theory
> > act like kaserver, but I'm not sure.
> > 
> > Note:  We do plan to install krb5 servers.  It is just on hiatus for
> > various reasons.
> > 
> > Thanks,
> 
> I think the short answer is "no, this is nearly certain not to work".
> 
> When ka-forwarder forwards packets, it inserts an 8 byte header with the
> original sender in front of it.  When it gets a response packet back
> from the server, it strips off the header & sends the packet back to
> the client.  fakeka doesn't use the regular rx library, it uses its own
> logic -- and that logic also handles the rest of the forward hack.
> Regular kaserver, which does use the regular rx library, lacks logic to
> deal with forwarders, so should not work.
> 
> Question: are your old & new machines on the *same* subnet?  If they are,
> I may have an interesting option for you.
> 
> 				-Marcus Watts
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
> 

-- 
Stefan Strandberg
UNIX group
Computer Aided Engineering - UW Madison
stefan@cae.wisc.edu