Re: Best network filesystem for a bleeding edge, pure linux environment?
On Thu, 17 Mar 2011 16:05:53 -0500
"Boyd Stephen Smith Jr." <bss@iguanasuicide.net> wrote:
> On 2011-03-17 14:53:37 Celejar wrote:
> >> Already using Kerberos everywhere? If not, don't bother with AFS. I'm
> >> not sure about Coda, but I think it is the same situation.
> >
> >Would you mind elaborating a bit? Are you talking about security,
> >authentication, encryption?
>
> Kerberos is primarily authentication. It provides some information to
> authorization systems built on top of it and has some small authorization
> conventions for managing the domain. It uses encryption to enable the
> authentication, but doesn't necessarily enforce any protocol-level encryption
> on applications using it for authentication.
>
> From what I understand, permissions on files under AFS are not really handled
> the way a "simple" UNIX filesystem is (uid/gid/perms in the inode, optional
> acl extensions). Instead, files are owned and permissions granted based on
> your Kerberos principal for the domain the AFS is in. Essentially, a Kerberos
> infrastructure is necessary to use AFS, at least a minimal one. And, with a
> truly minimal Kerberos configuration, I don't think it would be any more
> secure and probably more poorly performing than an equivalent NFS.
Got it; thanks. I suppose I'll probably go with NFS, if for no other
reason than than experience with linux has taught me that *all else
being equal*, it's generally better to do what the masses are doing, as
the likelihood of it Just Working, and of being able to get help and
support, are much better that way.
Celejar
--
foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator
Reply to: