[8415] in Info-AFS_Redistribution

home help back first fref pref prev next nref lref last post

AFS, krb5, and DCE/DFS

daemon@ATHENA.MIT.EDU (Kelsang Wangden)
Fri Jan 19 19:40:07 2001

From: Kelsang Wangden <wngdn@src.uchicago.edu>
Date: Fri, 19 Jan 2001 18:08:01 -0600
To: info-afs@transarc.com
Message-Id: <20010119180801.B9563@src.uchicago.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hi all,

We're doing some Big Thinking about where to head with our
architechture, and a major issue for me is whether to transition from
straight AFS to AFS + krb5 or to move over to DCE/DFS.  So, I have a
few questions:

I have seen DCE/DFS referred to on this list as a "monstrosity" or
something similar.  Can anyone share with me reasons for staying away
from it?  The main advantages I can see in DFS over AFS are better
(IMHO) ACLs, and scheduled 'vos release's.

Second, how painful is a migration from straight AFS to AFS+krb5?

Third, is there any merit to my boss's very abstract idea that an
"integrated security environment" such as DCE/DFS fills in cracks
better than AFS+krb5?  My personal feeling is that krb5 itself is
quite integrated and solid, and AFS is built with kerberos in mind.
But, I'm wondering if some of you could back me up with more
information or tell me I'm wrong and why.

Thanks in advance,

Wangden
-- 
Kelsang Wangden (Buddhist monk)        Technical Manager
Social Science Research Computing, University of Chicago
       wngdn@src.uchicago.edu      (773) 702-3792
  PGP key:  http://www.src.uchicago.edu/~wngdn/key.txt

home help back first fref pref prev next nref lref last post