[OpenAFS] Future of AFS? Interesting Ideas!?

Derrick J Brashear shadow@dementia.org
Mon, 16 Dec 2002 12:05:53 -0500 (EST)


On 16 Dec 2002, Patrick J. LoPresti wrote:

> Seriously, I think Benjamin has a good point.  If AFS wants to become
> more than an obscure, largely academic technology, it must be easier
> to integrate with more widespread technologies.  Kerberos 5 and LDAP
> would be my choices; a less idealistic person might say Active
> Directory :-(.

I agree, if it can be done without forcing the adoption of those
technologies. If I don't want LDAP, forcing me to set it up is likely to
make me just ignore the product entirely.

> Maintaining multiple databases (LDAP, Kerberos, pts) sucks.  Note that
> "good synchronization tools" is not a solution.  If the
> synchronization is incremental, it inevitably leads to
> inconsistencies; if the synchronization is by full DB conversion, it
> is too slow for large installations.

Agree. We ran krb5 and kaserver in a loosely synchronized manner at CMU
for a while, it was unpleasant. The tradeoff is now we have fixed-master
replication. Sigh.

> I find it amazing, and discouraging, that it is almost 2003 and there
> is still no decent "single sign on" solution for heterogenous sites.
> Granted, a large part of this is Microsoft's fault.  But not all of
> it.  And it would be nice if OpenAFS were part of the solution instead
> of the problem.

Do you think Kerberos is not (part of) said solution? Do you feel LDAP is?
I'm mostly just curious.