[923] in athena10
Re: nss: hesiod -> ldap for groups?
daemon@ATHENA.MIT.EDU (Jonathan Reed)
Thu Jan 22 20:23:48 2009
Cc: debathena@mit.edu
Message-Id: <D57EA9D1-12B9-4D98-8F0D-139011E66354@mit.edu>
From: Jonathan Reed <jdreed@MIT.EDU>
To: Evan Broder <broder@mit.edu>
In-Reply-To: <49791A23.8000901@mit.edu>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v919.2)
Date: Thu, 22 Jan 2009 20:22:49 -0500
Assuming LDAP is guaranteed to be a stable source of (AFS) group
information, this sounds like a good idea. I think LDAP gets a moira
incremental, right, so it would also eliminate a DCM delay when
updating group information. However, is LDAP as replicated as Hesiod
(which has both the local cacheing nameserver and 3 Hesiod servers)?
-Jon
On Jan 22, 2009, at 8:15 PM, Evan Broder wrote:
> Do we want to switch to using LDAP instead of Hesiod for group
> information on Athena 10? This would solve the problem where people
> fall
> off of groups when they're on too many, and also get rid of this weird
> usage of NFS groups - i.e. why should I have to make something an NFS
> group instead of an AFS groups to be able to use it in a Unix ACL?
>
> Does anyone have opinions on this?
>
> - Evan
