-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 *sry* send the first one only to harald.
Harald Barth wrote: > You may want to think through how you manage the pts entries, how you > add and subtract users / groups. If you need or have another > infrastructure for that anyway, you could easily push to that data > to pts. And then it does not matter if you push it to one or 20 cells. > (or not pushing but with a backend to pts) > > Because of the security implications I would go for several cells. > Then you only have a "security disaster" if someone gets your KDC, > not if someone gets one site. > >> It must be easy to manage for the organization - thats why I think one >> cell could be best. > > You need to do some preconfigured shipping anyway, if you automate the > generate boot CD process it does not matter much if you need to add a > new cellname and security KeyFile in that process. A complete unattended setup of a krb5 and OpenAFS cell is not possible, or? >> Data just needs to be kept at one organization, RW on one partition, RO >> on a second, maybe another RO on a 2nd fileserver in the same organization. > > Sounds like different cells to me. The one organization - one cell way sounds nice, but the work ;-) Will think about it and test it. Another point I missed is: the "proxy" I mentioned is a "must have" for the users to access the data and it is combined with a indexing db which should be able to know where each data of all organizations is located. Kinda like the indexing service jeffrey has in mind. If I only get the funding for it ;-) > Harald. MfG, Lars Schimmer - -- - ------------------------------------------------------------- TU Graz, Institut für ComputerGraphik & WissensVisualisierung Tel: +43 316 873-5405 E-Mail: l.schim...@cgv.tugraz.at Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAktgBqwACgkQmWhuE0qbFyP2MQCfT5YmDNLPYsGWY8LbiqP+MYfL QMYAoIf+Ka+273sXqD1jo5UGZsN5Qe7L =3x4n -----END PGP SIGNATURE----- _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
