O Plameras was once rumoured to have said:
> Crossfire wrote:
> >O Plameras was once rumoured to have said:
> >[snip]
> >
> >
> >>Try AFS (www.openafs.org).
> >>
> >>Why use AFS? Benefits: ACLs, Quota and easy management with rock-solid
> >>security. Has de-facto global FS thru VPN if you so require.
> >>
> >>
> >
> >Security is suspect due to the use of a modified krb4 as its primary
> >authentication system. You can use K5 instead, but its fidgetty with
> >MIT K5. I know nothing about Heimdal K5 and AFS however as Heimdal
> >uses a different krb4 compatabiity system.
>
> Nobody use krb4 with OpenAFS anymore. krb4 was used when it was
> first branched from transarc.
>
> OpenAFS use MIT krb5 or heimdal.
Except, in both cases, OpenAFS *STILL* uses k4 tickets. Read your
goddamned documentation.
>> That said, its security is better than NFS. Or SMB for that matter.
>> If you can put up with the strangeness AFS inflicts upon you.
>
> This sounds like you have been severely inflicted by AFS. This is not as
> masochistic a software tool as you seem to project.
It might not be masochistic, but AFS lives in its own world, and thats
probably the biggest potential problem with it for anybody trying to
use it. You can not interogate AFS filesystems using conventional
methods and get the results you expect.
Do you expect expereinced unix users[1] to automagically know to query
their quota using 'fs listquota' rather than 'quota -v'? or to know
to check 'fs listacl' and their PAG ticket validity in addition to
just checking the directory and file modes when trying to work out why
they can't access a file?
Good tools fit into your environment - they do not subvert standard
mechanisms.
>>> As you probably know, getting ACLs and Quota using a Linux server is a
>>> pain
>>> as all sorts of weird utils and kernel patches are involved. Not good
>>> for people maintaining the production lines. This is a piece of cake
>>> with AFS.
>>
>>You know, if you're having trouble with linux quota support, btw,
>>you're not doing something right. Linux diskquota has been around
>>since the dark ages. Of course, ACLs are a different matter
>>altogether.
>
> Unix/Linux quota falls short as an Enterprise tool. This is also true of the
> Unix/Linux permissions (or ACLs in AFS language). That's why many
> applications that requires Quota and/or ACL bypass those tools that come
> with Unix/Linux. These applications made up their own either by patching
> the kernel or making utilities that run in userspace along with the
> application.
> AFS is only one of a number of Enterprise Software that made up their own.
This reaks of windows admin speak. Sorry. I've been in hundreds of
arguments of ACLs vs the Unix UGO permission model. I've yet to hear
any compelling arguments for ACLs over well maintained UGO when the
granularity is as poor as the AFS implementations of ACLs.
I've also yet to see anybody seriously bypass linux fsquota or UGO
permissions in recent years. Would you care to provide some examples
for us[2]?
>> So yeah, whilst this all sounds good in theory, in practice is a bitch
>> to manage unless you *REALLY* *REALLY* need it.
>>
>> If you're doing a public access system for over 500 users, I would
>> qualify that as really needing it, if you have the manpower to support
>> it.
>>
>> For a hosting system, or smaller systems, its overkill.
>
> This is baloney. I have 6 workstations with three servers at home
> and System Administrations time has been tremendously reduced after
> I switched to OpenAFS. Now I have a single and unified view of all
> file systems regardless of which server it is located at. I can
> ascertain very quickly where to locate files. No more extended time
> using locate or find or any of those tools or switching from one
> server to the other or a complicated tracker system.
You were obviously doing things wrong before if it took AFS to give
you this. Most sites attain this using properly managed automounters
and NIS. It does not take AFS to achive a 'unified namespace' across
machines.
C.
[1] That is, experienced unix users who have never encountered AFS
before - which is more often the norm than not.
[2] Mostly because it sounds like the relevant authors need a lynching, but
that aside...
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
