We are currently running at CMU a locally modified version
of AFS which allows us to include cell names into ACLs. We've
been using this in production mode for a couple of months now
and it seems to be working well. I'll be giving a presentation
on it in the June AFSUG titled "Cross realm authentication".
It might be the solution to your problem if all that you're concerned
about is users having to klog to more than one cells. The only catch
is that you need a source licence if you want these modifications right
away, otherwise you'll need to wait until they're incorporated into
the standard AFS release.
The second question is, as Mike Gahan pointed out, if you want the
files residing in a local (geographicaly) fileserver as well. If you
don't care then you can use the symlink approach or even better you can
create cross cell mountpoints (<cellname>:<volumename>) which will get
you directly to the volume that you want instead of having to traverse
all the top level directories in the master cell.
If you do care about locality of data, you can use geographicaly
distributed fileservers for the master cell, but you'll still have to
deal with long distance VLDB and PTS interactions.
Dimitris Varotsis
Systems Software Staff
School of Computer Science
Carnegie Mellon University
