Adam Megacz wrote: > To clarify, I need to point them at an installer on openafs.org that > they can double click (with a strong preference for being able to > accept all the default options). This is for Windows and MacOS users; > the Linux users know what they're doing (I hope).
Considering that the default cell for the OpenAFS.org installer is openafs.org, this is not what you want to do. Nor is it what we want you to do. You are an organization attempting to support your users. We intentionally distribute MSI installers and an MSI Deployment Guide as part of the release notes so that you will develop and apply a MSI Transform to the OpenAFS.org installer that customizes the installer for your organization. You should then instruct your users to obtain software from you and not from OpenAFS.org. Your installer will include your own cellname, your own CellServDB file, etc. You should be doing the same with the MIT KFW MSI installer and include your own krb5.ini file and Kerberos defaults. The great thing about transforms is that you develop them once and then can apply them to each new distribution from OpenAFS.org or MIT Kerberos until such time as a major redesign of those installers takes place. > Yeah, I thought about that... users get more suspicious when I ask > them to install my personally-packaged version of some software. I'm > not their "primary" system/network administrator. (I know this is a > rather silly approach to trust+security, but that's user psychology > for you). This would be even more difficult with industrial > researchers we collaborate with; they're incredibly paranoid about > installing stuff. Perhaps with good reason. Whose should your users trust more? You or me? Your users are much better off getting software customized for your site from your site than getting stuff I built whom they have no relation to at all. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
