Hiah Dave,
Though I'd throw in my two cents worth, though it may
not be worth that much...
"Unfortunately, a statement that files are
still usable when servers are down seems a little too good
to be true, at least from the perspective of one who uses AFS every day."
This is true, but you can't use the traditional AFS cm to get
results like this. Instead, using a disconnected AFS cm does
the trick...
" But evaluating NFS from the original spec from the 80's is
like evaluating V7 UNIX vs. BSD4.4-- things
have changed over the years. I believe fair comparisons
are necessary -- and besides, NFS has enough other flaws"
Secure NFS still has lots of faults, the mounting model is an example.
But even so, there aren't lots of place which run secure NFS...
I wonder if its a common denominator kinda thing or not...
Not for the server, but for the clients. Too many small
clients are around which don't do secure NFS.
"1. Have the AFS kaserver use the standard MIT string_to_key() instead
of having a custom one, so that client software doesn't have to adapt
to two universes of Kerberos."
I'm not sure I'd want that. It would be nicer if the MIT string_to_key
included some salt from the principal's domain. Game over, man.
"2. Support for Kerberos 5, although I doubt Transarc will want to support
it until it is completely finished. I look forward to the day I can
type my password once, but be able to get tokens on any machine I
authenticate to via Kerberos."
If your goal is single login, that's a different issue than worrying
about kerberosV. Our goal is single login, possibly getting kIV
tickets, kV tickets, possibly even novell tickets; getting the
authenticaion you want by typing your password ONCE.
"3. Ship versions of ls and chmod that recognize AFS, and can munge the
output accordingly to help ease the learning curve for new users. "
Isn't there an AFS-wise ls somewhere in grand.central?
"5. Nifty feature item: the ability to store files compressed on a read-only
volume, and have the client cache manager decompress them on the fly.
This would save server space, and reduce network traffic too. And from
tests some students ran here, this would lead to better performance."
I'm not convinced that having the cm resposible will improve performance
in ALL situations. I think there are lots of special situations for
AFS clients: scientific files (don't cache it), sensitive files (encrypted
data), type files (There Rees, I said it)... I don't get the idea
that mods for these needs will give rise to performance increases across
the board... But who knows, I've been wrong before...
Let me another other thing I'd want:
to kill /etc/passwd.
mts.
