[6429] in Kerberos
Re: Performance of CNS vs. AFS kaserver?
daemon@ATHENA.MIT.EDU (John Gardiner Myers)
Thu Jan 4 14:43:58 1996
To: kerberos@MIT.EDU
Date: Thu, 4 Jan 1996 12:52:01 -0500
From: John Gardiner Myers <jgm+@CMU.EDU>
harris@email.unc.edu (Trey Harris) writes:
> We're moving our campus email system, which currently has 27,000 users, to
> a new system for performance reasons.
Have you looked at what the Cyrus project is doing?
http://andrew2.andrew.cmu.edu/cyrus
> Since getting Kerberos authentication for our terminal servers and other
> authentication needs has been on our to-do list for awhile, we've been
> investigating using CNS instead of the Transarc AFS Authentication Server
> (kaserver). Since AFS 3.3 and 3.4 include Kerberos ".krb" equivalents of
> many AFS commands (including a login.krb that will get a Kerberos ticket
> and AFS token at login time), the process looks less onerous than it
> might have been in the past.
The ".krb" versions are useful for getting MIT/CNS clients to use the
Transarc server, not the other way around. To use a MIT/CNS server,
you would have to use a MIT/CNS login and other clients. You'd have
to modify the clients (or use aklog) to install an AFS token in the
kernel.
One of the bigger advantages of the kaserver are the much improved
administrative interfaces. One of the biggest disavantages is that
none of the administrative clients (kas, kpasswd) that Transarc
distributes handle the MIT string-to-key.
--
_.John G. Myers Internet: jgm+@CMU.EDU
LoseNet: ...!seismo!ihnp4!wiscvm.wisc.edu!give!up
