David,
Thanks for your note (copied below).
I have cc:'ed this reply onto [EMAIL PROTECTED] to open the discussion
to others who have more experience and knowledge than me (hope that's OK).
The contents of the FAQ are based on my experience of using AFS and
contributions from others.
I am sorry you take a cynical view that it is probably "just Transarc PR".
If that is the impression I have made, then I have failed one of my goals
which was to help to make AFS more widely known and share "useful" knowledge
with other AFS users and administrators who *don't* work for Transarc.
wrt section 1.05.g:
Here in the IBM UK AIX Systems Support Centre, I have seen fileserver
outage that did not result in complete denial of access to files from the
downed server. I agree users will have problems trying to update files,
but RO access to cached files was available.
I accept "are usable" is not a precise enough statement and I will revise
the text in the light of your comment.
wrt section 3.03:
When you buy AFS, you get kerberos.
I don't believe the same is true of NFS. Your vendor may offer some
extra security options ("secure NFS") or you may be able to add addional
kerberos based authentication.
The simple fact that NFS comes without kerberos as standard, indicates
to me that it is an afterthought: NFS was not designed with kerberos
in mind originally.
I accept that you have a valid point that more secure versions of NFS
are available from some vendors. I expect that most implementations
of NFS do not have this. However, to be fair and objective, I should
probably add a reference to more secure versions of NFS being available.
--
regards
paul finger [EMAIL PROTECTED]
-- copied note follows --
On Wed, 30 Nov 1994 08:03:54 -0500 [EMAIL PROTECTED] wrote:
> Just a couple of comments regarding the AFS FAQ:
>
> In section 1.05.g:
>
> "If a fileserver crashes, the client's locally cached file copies are usable."
>
> I find this statement quite interesting, having used AFS here at the
> University of Michigan for several years. Generally, the behavior that
> I have experienced (for RW volumes), is that if the server goes down,
> you can't even work on the files you were working on.
>
> Is this just Transarc PR, or is there really some support for this?
>
> In section 3.03:
>
> Security Kerberos mutual authen- Security based on
> tication unencrypted user ID's
>
> In the NFS case, I might note that either DES auth or Kerberos auth are
> available forms of authentication, DES being available from Sun, and
> Kerberos from MIT.
>
> --
> David Snearline CAEN Networking and Operations
> [EMAIL PROTECTED] University of Michigan Engineering
