We have made modifications to several systems for compatibility with AFS and
thought we should pass them along with hopes of preventing some duplication of
effort.
We run the DQS batch system on our IBM RS/6000's and have implemented
changes so that tokens are passed with jobs and used on the machines of
execution. This means that a user only has to be authenticated when submitting
a job and does not have to authenticate explicitly on the machine to which
his/her job is spooled. The job token lasts for the duration of the default
lifetime in the cell.
The DQS batch system was developed largely by Tom Green of SCRI at Florida
State University. The AFS compatibility modifications were written by Rob
Pennington of the Pittsburgh Supercomputing Center. Rob's code was developed
for DEC 5000 machines but is written to be portable and few changes were
necessary to get it going on our RS/6000's.
We have also modified the pcnfsd for Sun's PC-NFS to authenticate for AFS
and do the necessary knfs. The modified daemon runs on our machines running the
AFS-NFS translator so that PC users can now access their files in AFS on the
Unix machines. The user performs a net login from the PC to authenticate for
file access as usual. Access is then granted to that user at that PC for the
default lifetime of a token. If the user is not successfully authenticated by
kerberos, the password is checked against the Unix password file for access to
NFS files only.
We are also running kerberos authenticating xdm on our workstations and
Xstations. Here too, there is a fall-through for Unix passwords which allows
login but does not grant a token.
For more information, you may contact me as [EMAIL PROTECTED]
-Dan Svitavsky
-----------------------------------------------------------
Daniel E. Svitavsky [EMAIL PROTECTED]
Cornell Materials Science Center [EMAIL PROTECTED]
Ithaca, NY (607) 255-2067
-----------------------------------------------------------
