Hi All. This question is perhaps slightly off-topic for this list, but I'm very interested to hear experiences from others about this.
We have spent quite a bit of time here setting up some new infrastructure to provide a single-sign-on (Kerberos/LDAP/PAM) and single home directory (OpenAFS) framework. We had found our old method of managing *NIX accounts individually (on our now 200+ Linux and Solaris machines) was not scaling at all well, so the improvement for us in moving to this framework was substantial. OpenAFS was chosen primarily because it seemed very feature rich, mature and had excellent platform support for both servers and desktops. However, a problem has arisen around the use of Oracle. In addition to our stock of general purpose systems (Web, mail etc), we have many machines that run Oracle databases and applications, ranging from systems with a single Oracle DB instance to full Oracle App/DB (RAC) suites. Now apparently Oracle will only "certify" kernel modules that are provided by the O/S vendors directly (for us, this is RedHat and Sun), plus a handful of special modules for (I'm told) certains SANs and the like. Since the use of AFS relies on loading a kernel module, we are concerned that there will be support problems with Oracle. They regard a kernel with an unsupported kernel module as "tainted". Whilst we will endeavour to work through this with Oracle, I was wondering if other sites are running OpenAFS on systems that also run Oracle? If so, have there been any support issues with Oracle, or indeed any issues with stability on Oracle hosts that could be pinned-down specifically to AFS? Has anyone been able to obtain certification from Oracle to run AFS? (Note that we're only planning on using OpenAFS to provide home directories and some non-critical shared areas, not in any way to interact directly with Oracle). We run Redhat Linux 4+5 (32/64 bit), and Solaris x86 and SPARC. One possible workaround would be to the use the AFS/NFS translator, so that the Oracle hosts only need NFS, but I would really only want to do that as a last resort. I'd be interested in hearing any experiences or ideas that people may have on this subject. Regards, Robert. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
