> I haven't personally tried this, but I'm itching to set up a system like > this for someone. It seems like the absolute perfect solution for large > web sites. Scalability is not an issue; if you need more front-end > servers, add new Apache servers. If you need more back-end I/O bandwidth, > add new read/only replica AFS servers, so on and so forth.
This is exactly what I was thinking, but the problem is that replicas are not meant for files that are updated frequently (my clients are constantly updating files). Also I have a feel that the intranet bandwidth between the web servers and AFS servers are going to be a bottleneck. I mean even a gigabit network will only take me so far. Are these fears unfounded? > Another great advantage is the ability to have a read/write staging copy > of web content where web developers can actively make changes, and then > atomically rolling those changes into production with one command. I did not know this was possible though AFS. How would it be done? > AFS really doesn't communicate with anything like LDAP. I'd recommend > using Kerberos V for authentication and as for authorization, the AFS > protection server is pretty much the only game in town. I know that Kerberos can be made to interface with LDAP so I think I am ok with that. As for authorization, if it means deciding whether a user should have access to a file based on ACLs, then I am ok. I can authenticate users with (Kerberos/LDAP) and then authorize users to have access to only certain directories using AFS ACLs. So I do mind using AFS protection server (authentication is the important part). Thanks for the quick reply Jason. - binq _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
