Rich Sudlow wrote:
What's the best replacement for the old AFS rsh and Transarc inetd which does token passing? I'm using this in a Linux cluster environment so speed is fairly important - and I'd prefer something as easy to setup as the old rsh.
If this is a cluster, and speed is the issue, you could consider either shared K5 ticket caches across a shared cluster file system. Then you pre-stage a K5 ticket. aklog on each node then finds the ticket, and sets it as a token. So there is no extra ticket passing or extra calls to the KDCs. This requires address-less tickets, or a ticket with all the cluster address in the one ticket, and subject to security considerations of the shared file system and network within the cluster. This goes along with what is a cluster, and what is a "session" on your cluster. Can the "session" be consider to include multiple traditional sessions each started by a different rshd for the same user? You could do this with or without PAGs. Without a PAG the aklog only needs to be called once on each node, and any rsh could be used between the cluster nodes. (We did something like this with DCE many years ago where a process could join a PAG, thus avoiding all the extra overhead of getting a lot of tickets for each new rshd session.) Just some other ways to look at a cluster...
Thanks Rich
-- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info