Adam Chlipala <[EMAIL PROTECTED]> wrote: > Christopher D. Clausen wrote: >> If there are no objections, I'd like to submit an entry to the >> public CellServDB here: >> http://www.central.org/csdb.html > > Shouldn't we wait until we've finalized our set-up and verified that > it works for even just on-network accesses?
I can access things from home and as far as I can tell, things are working just fine. I have no problem with waiting, but by then it might be too late to get an updated CellServDB into the 1.4.3 release (its it testing stages right now.) > Maybe something will > change, and maybe we even have some security hole at present. If we have a security hole it, should be fixed. Since this list is public anyway, there is no point in not advertising the service to those who would use it as any attacker can already see that AFS is setup. Note: anyone in the world can get a list of volumes off of the servers and the afs version number. This is by design. Also, it could take months to actually get the public CellServDB to be updated and posted. I'd like to ensure that our cell gets listed in the 1.4.3 release of openafs. Although, if IP addresses are going to change it would be best to do so before distributing this info. The only thing worse than no information is wrong information. For future planning, we want any additional AFS servers to have IP addresses numerically higher than deleuze b/c ubik uses the IP address to break ties when voting for "sync site." > We don't yet have any production domains pointed to the new servers > for DNS, so the status of BIND on TaskDistribution isn't directly > relevant here, as that page deals only with the new servers. Tell me > how I should add those records with djbdns on fyodor and I'll do it. According to: http://www.openafs.org/pipermail/openafs-info/2004-August/014684.html I think: :hcoop.net:18:\000\001\007deleuze\005hcoop\003net\000 will work for AFSDB For Kerberos, something like: :_kerberos._udp.hcoop.net:33:\000\000\000\000\000\130\011kerberos1\005hcoop\003net\000 :_kerberos-adm._tcp.hcoop.net:33:\000\000\000\000\002\355\011kerberos1\005hcoop\003net\000 :_kerberos-master._udp.hcoop.net:33:\000\000\000\000\000\130\011kerberos1\005hcoop\003net\000 :_kpasswd._udp.hcoop.net:33:\000\000\000\000\001\320\011kerberos1\005hcoop\003net\000 '_kerberos.hcoop.net:HCOOP.NET And a CNAME kerberos1 -> deleuze (I couldn't quite figure out the correct way to do CNAMEs) Whatever the normal in use TTL is should be fine. <<CDC _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
