[OpenAFS] Re: Exporting AFS from linux without using the translator

Andrew Deason adeason@sinenomine.net
Thu, 6 Nov 2014 19:42:24 -0600

On Thu, 6 Nov 2014 16:39:26 -0800 (PST)
Renata Maria Dart <renata@slac.stanford.edu> wrote:

> Hi, we would like to make AFS available in readonly mode (without
> using the afsnfs translator) to systems that are not running the AFS
> client.  Some past postings suggested unfs as the way to go.  Is there
> a current recommendation of the easiest and most secure way of doing
> this? 

You mention "secure", so are you trying to restrict access to the data?
For unauthenticated access, any userspace nfs daemon should be able to
do the job fine. Another project is nfs-ganesha, which I believe is
under more active development than unfs3; but unfs3 I think tries to do
less, so it may just be older and more stable.

Trying to provide authenticated access may be more difficult. I'm not
sure if anyone has done that with nfs, but if SMB is an option, you
could try samba.

Another option, if you're just wary of running the kernel AFS client on
the relevant machines, is to run the FUSE afs client, which some people
do for unauthenticated access. But of course, that only works on systems
with FUSE (this works on Linux, but also at least in theory would work
on OS X and some Solaris, I think just Solaris 11).

Andrew Deason