Subject: Re: Some comments regarding the AFS FAQ...
Date: Wed, 30 Nov 94 14:14:12 +0000
From: Paul Blackburn <[EMAIL PROTECTED]>
[ snip ]
I am sorry you take a cynical view that it is probably "just
Transarc PR". If that is the impression I have made, then I
have failed one of my goals which was to help to make AFS more
widely known and share "useful" knowledge with other AFS users
and administrators who *don't* work for Transarc.
This comment was only in reference to section 1.05.g. Personally, I
really do like many of the features in AFS. Unfortunately, a statement
that files are still usable when servers are down seems a little too good
to be true, at least from the perspective of one who uses AFS every day.
I was merely curious whether this was Transarc's marketing position,
or whether this can actually happen, and under what circumstances does
this work.
wrt section 1.05.g:
Here in the IBM UK AIX Systems Support Centre, I have seen
fileserver outage that did not result in complete denial of
access to files from the downed server. I agree users will have
problems trying to update files, but RO access to cached files
was available.
I accept "are usable" is not a precise enough statement and I
will revise the text in the light of your comment.
wrt section 3.03:
When you buy AFS, you get kerberos.
I don't believe the same is true of NFS. Your vendor may offer some
extra security options ("secure NFS") or you may be able to add addional
kerberos based authentication.
The simple fact that NFS comes without kerberos as standard, indicates
to me that it is an afterthought: NFS was not designed with kerberos
in mind originally.
I accept that you have a valid point that more secure versions of NFS
are available from some vendors. I expect that most implementations
of NFS do not have this. However, to be fair and objective, I should
probably add a reference to more secure versions of NFS being available.
True, the original version of NFS was not secure. But evaluating NFS from
the original spec from the 80's is like evaluating V7 UNIX vs. BSD4.4-- things
have changed over the years. I believe fair comparisons are necessary
-- and besides, NFS has enough other flaws. :)
Overall, I hold the position that AFS is a decent network file system. It's
chief advantages are in providing a seamless common file namespace, allowing
easy volume migration, and simplifying backup management.
Since this is being echoed to info-afs, I'll add my wish list too:
1. Have the AFS kaserver use the standard MIT string_to_key() instead
of having a custom one, so that client software doesn't have to adapt
to two universes of Kerberos.
2. Support for Kerberos 5, although I doubt Transarc will want to support
it until it is completely finished. I look forward to the day I can
type my password once, but be able to get tokens on any machine I
authenticate to via Kerberos.
3. Ship versions of ls and chmod that recognize AFS, and can munge the
output accordingly to help ease the learning curve for new users.
4. More efficient cache manager. Small programs always start up faster
under NFS than AFS, and I'm guessing this is due to cache manager
overhead.
5. Nifty feature item: the ability to store files compressed on a read-only
volume, and have the client cache manager decompress them on the fly.
This would save server space, and reduce network traffic too. And from
tests some students ran here, this would lead to better performance.
--- Dave
