[OpenAFS] Re: Authentication without aklog

Andrew Deason adeason@sinenomine.net
Fri, 1 Aug 2014 10:38:44 -0500


On Fri, 1 Aug 2014 10:55:21 -0400
Dave Botsch <botsch@cnf.cornell.edu> wrote:

> Well, is anything really transparent for the administrator? Especially
> w.r.t. AFS, where the admin has to also configure the ThisCell, the afs
> cache size (pre-allocate a cache partition, too, on linux), edit
> ThisCell to be reasonable, and set numerous other client options (config
> files on mac and linux and "ew" registry on Windows)?

The only thing you _need_ to configure currently is the cell name (via
ThisCell, or via accessing /afs/cell.name or aklog -c cell.name, etc).
Everything else can be determined automatically or can have reasonable
defaults.

> Could AFS work like other Kerberos apps with more direct use of kerberos
> tickets and just getting the service ticket when needed, versus having
> to do something extra (ie aklog)? Dunno. Would be nice, but not
> required, IMHO, as long as the user experience is sane.

Thanks, this is the kind of thing I was looking for. (Of course, in my
opinion, yes AFS could :)

-- 
Andrew Deason
adeason@sinenomine.net