Keith,
I work in another side of my company, but from reading your
message I think you might be interested in the AFS <-> PC scheme
we run here.
Note, have I've been bugging our product group to put a hook into
PC-I+'s ``login'' program to make/allow AFS (or any other remote
type of) authentication like this a little easier, but we basically
allow PC's to talk to the AFS cell with ``stock'' software and
without using the AFS/NFS translator.
Standard PC-I (dos or mac) client will talk to any other PC-I server
that has the AFS client code on it. Thus /afs can be mapped to any DOS
machine as ``D: or E: or whatever'' by the normal PC-I tricks.
It's pretty cool. Needs no extra stuff on the PC end (other than
a copy of PC-I or PC-I+) since the UNIX side does all the work.
What we do.... here at Locus Boston [Technology Services Group].
We run the AFS 3.x server on a Sun 4.1.1 system.
On the same Sun we install AFS client code (although this
could be another machine that has AFS client
code).
On any machine that has the AFS client (in this case my Sun)
we install the PC-I 3.X server code [3.0.9 in my case].
On my DOS (or DOS/WIN boxes) I install PC-I or PC-I+
First we do a PCI ``login'' command to set up the DOS virtual
disk (i.e. map the Sun's file systems in my virtual disk space as E:
or whatever).
For now, we run do a ``telnet'' (or similar) command on the DOS box
to the Sun to do run the AFS klog command [in the future, I hope to
get our Product side of the house to do the klog for you with a hook
in the PCI ``login'' command]. Once you have the AFS token, we can then
close the telnet session.
At this point, your afs files are available in: e:\afs\system\xxx
Problems 1.) DOS name munging seems to get sometimes confused by the
AFS cell >>in some cases<<. I have not chased this down
since my DOS folks can just use DOS names and it doess not
seem to be a real problem to them.
Problem 2.) Once the token is acquired, folks often to do not log off.
This has the usual security questions, but it no more or
less than normal UNIX except....
Problem 3.) Related is the issue of re-acquiring the token - these are
simple users so ideas like token management are a tad
foreign to them.
Anyway, the AFS/NFS converter is not needed and since PC-I is
very light weight, you don't need to carry the NFS code in your PC
[very much liked by PC users].
Clem Cole
Sr. Scientist
