On 4/29/07, Ken Hornstein <[EMAIL PROTECTED]> wrote:
And I think you're being rather optimistic about the user experiencing a service outage. Unless you're able to change their Unix account, any ACLs, pts entry, etc etc, all at once, the user is going to have some kind of outage. You could shorten it, but I don't see how you're going to make it zero without having everything using one mega database backend (I'm not talking about Moira ... this would have to handle every authorization request).
For us (iastate), they can certainly log into the unix account within a few minutes, if moira's incrementals aren't sadly swamped. Windows access would be a few minutes too, I think. We have moira send the incrementals off to trigger all the updates to all our directories pretty quickly. LDAP & MIT KDC takes care of the OS X, Active Directory takes care of the windows, and hesiod & MIT KDC for unix, and all of those are triggered from moira very quickly. The user would even be able to get their mail to their new username immediately, I believe, just any mail they hadn't fetched to their old username may get batched to them at the end of the day, when the old username becomes a list. Looking at one rename, it seems to have taken 10 seconds for all the changes that moira pushes out to happen. That's not zero time, but it's not bad. moira wasn't very busy then, either. -Tracy _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
