On Sunday, January 29, 2006 06:13:29 PM -0800 Jeffrey Altman <[EMAIL PROTECTED]> wrote:
Adam Megacz wrote:I argue that, in the post-Transarc era, there are a large number of situations where OpenAFS is useful for which no coherent/meaningful definition of "site" exists ("cell", of course, is still well-defined).For 99% of users, they install OpenAFS to access the data in one cell. The reason that NetIdMgr supports the ability to obtain tokens for multiple cells from one Kerberos principal is due to the fact that a small number of power users such as myself need that functionality. However, today the vast majority of your users are only obtaining data from a single location. Your "cell" is a "site". It has its own authentication service and provides its own name space.
The problem, Jeff, is that you have not quite gotten over the antiquated notion of a "site" in which a central administrator exerts complete control over all the services and all the clients. As someone who has for many years been involved in the operation of AFS cells which did not correspond to a "site" and whose clients I had little or no control over, I can tell you that such things do exist. If you think my deployments are too unique to be worth considering, you might try asking some other regulars on this list like Ken Hornstein, Harald Barth, or Matt Andrews.
Adam operates a cell, or at least is trying to start doing so, but he does not operate a "site". He operates a Kerberos realm, but only for the ability to create a (probably small) number of "local" principals which would be difficult or annoying ot get created the administrators of his department's realm, in which he is just another user. Compare this with the operation of the SIPB cell, which operates without a separate realm at all.
He also has no control over his clients. His users are not "his" users; he does not manage their machines or provide computing support to them. I'd expect that some of them are part of his project group, but most probably are not, and some are likely from various other departments, each with their own computing support organizations. To them, he's just some guy, with no particular authority or reason for them to trust him. So it's entirely reasonable they might not want to install a software package from him, but be willing to trust a version they downloaded from the "official" source.
-- Jeff _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
