I just thought of something; OpenBSD 3.3 has the Arla AFS client built in. It is, perhaps, not the best AFS client, but works well enough for most things. Given the large number of users (who participate in the grex community) with accounts at the University of Michigan, perhaps we should think about setting it up? I've got a few OpenBSD 3.3 machines at home that I use Arla on, and I've found it pleasent to have access to AFS space again. What do other's think?16 responses total.
umich.edu is not the only AFS cell in the world. I think having AFS on machines is useful, even if only to get to the stuff permitted "read system:anyuser"
Could somebody explain in layman's terms what the question is?
Probably not, Mark. AFS is a distributed file system. The servers can be accessed by any appropriate client. If the new grex has an AFS client, then its users can access AFS servers, to read and write (if so permitted) the files on those servers. As an example, I've installed an AFS client on my MacOS X laptop. I now have access to my files on UM's AFS servers as if they were on a hard disk on my laptop.
OK, that makes perfect sense. Thanks Joe.
Nope, you're right, umich.edu is but one AFS cell. However, it seems like the obvious one to mention when advocating for an AFS client on grex. :-)
I'm glad it makes sense, but I don't think of those as "layman's terms," Mark. :) True enough, Dan.
Well, it's at the level I had in mind, anyway.
Layman's terms: It's like NFS or Windows File Sharing on steroids. ;>
It's supposed to have substantially better security than those. Also, Marcus is something of a AFS expert. See the bottom of the page http://www.linuxbox.nu/TRAINING/Instructorinfo.php#marcus If you've got $1800 to spare, you can take the course from him at http://www.linuxbox.nu/TRAINING/openafs.php It's a separate file system. Marcus has talked about using it extensively on Grex someday. I have my doubts about that, mostly because of the weirdness with permissions (AFS has permissions only on directories, not files), but as far as knowledge about AFS goes, I am an ant.
Yes, when you're on steroids you have bigger muscles meaning better security.
NB: the analogy of "NFS on steroids" only goes so far. There are enough differences that it might be more accurate to say that a gorilla is a chimpanzee on steriods.
Well, I brought this up; about the only detractor I can see is users sucking up grex's bandwidth traipsing around in AFS space (AFS is a *networked* filesystem; obviously, when you're using it, you're using, umm, the network).
What if you're mounting a share from 127.0.0.1?
Yes, I would like to see grex on AFS someday. I'm afraid AFS doesn't make much sense for grex today though. AFS requires a reliable network with good bandwidth to perform well, and I don't think we have a good enough network connection to make that either practical or attractive. Arla is not bad, but it has its own limitations -- it can't handle files larger than its cache size, for instance. Also I think the arla client in openbsd is still pretty old. I tried building a newer version, but it failed with some incredibly obscure error and I didn't have time to chase that down. So, yes, AFS is pretty neat, and I'd really like to see grex get to the stage where it's useful. But I don't think we're there yet, and we'd need to see a pretty substantial improvement in network connectivity to make it real. That's a shame, because it would be great fun to give people a chance to wander through AFS. [AFS doesn't have "shares". That's windows speak. For any real instance of AFS, you have dedicated file servers with routeable addresses, so "127.0.0.1" fails on 2 counts.]
For all that AFS does probably have somewhat better security than a typical NFS installation, it's still somewhat mediocre. The encryption that AFS uses, as far as I know, is a slightly modified variant of DES. And the EFF was arguing about 4-5 years ago that DES isn't really secure at all, having built a machine to crack DES in a couple days.
TROGG IS DAVID BLAINE
You have several choices: