You are not logged in. Login Now register |  search
 0-16          
 
Grex > Coop13 > #17: AFS client on nextgrex?
Author Message
cross
AFS client on nextgrex? Mark Unseen   Sep 6 22:05 UTC 2003
I just thought of something; OpenBSD 3.3 has the Arla AFS client built
in.  It is, perhaps, not the best AFS client, but works well enough for
most things.  Given the large number of users (who participate in the
grex community) with accounts at the University of Michigan, perhaps we
should think about setting it up?  I've got a few OpenBSD 3.3 machines
at home that I use Arla on, and I've found it pleasent to have access
to AFS space again.  What do other's think?
16 responses total.
gelinas
response 1 of 16: Mark Unseen   Sep 7 04:41 UTC 2003
umich.edu is not the only AFS cell in the world.  I think having AFS on
machines is useful, even if only to get to the stuff permitted "read
system:anyuser"
aruba
response 2 of 16: Mark Unseen   Sep 7 05:05 UTC 2003
Could somebody explain in layman's terms what the question is?
gelinas
response 3 of 16: Mark Unseen   Sep 7 05:45 UTC 2003
Probably not, Mark.

AFS is a distributed file system.  The servers can be accessed by any
appropriate client.  If the new grex has an AFS client, then its users can
access AFS servers, to read and write (if so permitted) the files on those
servers.

As an example, I've installed an AFS client on my MacOS X laptop.  I now have
access to my files on UM's AFS servers as if they were on a hard disk on my
laptop.
aruba
response 4 of 16: Mark Unseen   Sep 7 16:14 UTC 2003
OK, that makes perfect sense.  Thanks Joe.
cross
response 5 of 16: Mark Unseen   Sep 7 17:13 UTC 2003
Nope, you're right, umich.edu is but one AFS cell.  However, it seems
like the obvious one to mention when advocating for an AFS client on
grex.  :-)
gelinas
response 6 of 16: Mark Unseen   Sep 8 00:26 UTC 2003
I'm glad it makes sense, but I don't think of those as "layman's terms,"
Mark. :)

True enough, Dan.
aruba
response 7 of 16: Mark Unseen   Sep 8 02:39 UTC 2003
Well, it's at the level I had in mind, anyway.
gull
response 8 of 16: Mark Unseen   Sep 8 14:57 UTC 2003
Layman's terms:  It's like NFS or Windows File Sharing on steroids. ;>
janc
response 9 of 16: Mark Unseen   Sep 8 15:07 UTC 2003
It's supposed to have substantially better security than those.

Also, Marcus is something of a AFS expert.  See the bottom of the page
http://www.linuxbox.nu/TRAINING/Instructorinfo.php#marcus
If you've got $1800 to spare, you can take the course from him at
http://www.linuxbox.nu/TRAINING/openafs.php

It's a separate file system.  Marcus has talked about using it extensively
on Grex someday.  I have my doubts about that, mostly because of the weirdness
with permissions (AFS has permissions only on directories, not files), but
as far as knowledge about AFS goes, I am an ant.
dah
response 10 of 16: Mark Unseen   Sep 8 18:06 UTC 2003
Yes, when you're on steroids you have bigger muscles meaning better security.
gelinas
response 11 of 16: Mark Unseen   Sep 8 19:12 UTC 2003
NB: the analogy of "NFS on steroids" only goes so far.  There are enough
differences that it might be more accurate to say that a gorilla is a
chimpanzee on steriods.
cross
response 12 of 16: Mark Unseen   Sep 8 21:41 UTC 2003
Well, I brought this up; about the only detractor I can see is users
sucking up grex's bandwidth traipsing around in AFS space (AFS is a
*networked* filesystem; obviously, when you're using it, you're using,
umm, the network).
dah
response 13 of 16: Mark Unseen   Sep 8 22:19 UTC 2003
What if you're mounting a share from 127.0.0.1?
mdw
response 14 of 16: Mark Unseen   Sep 23 08:37 UTC 2003
Yes, I would like to see grex on AFS someday.

I'm afraid AFS doesn't make much sense for grex today though.  AFS
requires a reliable network with good bandwidth to perform well, and I
don't think we have a good enough network connection to make that either
practical or attractive.  Arla is not bad, but it has its own
limitations -- it can't handle files larger than its cache size, for
instance.  Also I think the arla client in openbsd is still pretty old.
I tried building a newer version, but it failed with some incredibly
obscure error and I didn't have time to chase that down.

So, yes, AFS is pretty neat, and I'd really like to see grex get to the
stage where it's useful.  But I don't think we're there yet, and we'd
need to see a pretty substantial improvement in network connectivity to
make it real.  That's a shame, because it would be great fun to give
people a chance to wander through AFS.

[AFS doesn't have "shares".  That's windows speak.  For any real
instance of AFS, you have dedicated file servers with routeable
addresses, so "127.0.0.1" fails on 2 counts.]
devnull
response 15 of 16: Mark Unseen   Nov 28 19:33 UTC 2003
For all that AFS does probably have somewhat better security than a typical
NFS installation, it's still somewhat mediocre.  The encryption that AFS
uses, as far as I know, is a slightly modified variant of DES.  And the EFF
was arguing about 4-5 years ago that DES isn't really secure at all, having
built a machine to crack DES in a couple days.
jesuit
response 16 of 16: Mark Unseen   May 17 02:14 UTC 2006
TROGG IS DAVID BLAINE
 0-16          
 Response Not Possible: You are Not Logged In
 

- Backtalk version 1.3.30 - Copyright 1996-2006, Jan Wolter and Steve Weiss