Jeffrey Altman wrote:
Stephan Wiesand wrote:
Wouldn't it be an option to not take over the IP address, but just the
vice partition? Once failure of the peer is recognized and confirmed
(which is a problem, I agree, but not at all AFS-specific):
1) stonith
2) mount the new vice partition
On Dec 29, 2005, at 12:28 PM, Christof Hanke wrote:
Jeffrey Altman wrote:
Stephan Wiesand wrote:
Wouldn't it be an option to not take over the IP address, but
just the
vice partition? Once failure of the peer is recognized and confirmed
(which is a problem, I agree, but not at all
I did something like this years ago and it worked, but somehow I still
have a bad feeling about doing it ;-)
It only gets tricky, when you have two machines claiming to be the same
server...;-)
It was using FibreChannel devices, which are very easy to 'move'.
It included moving the IP
Here /usr/afs is on its own partition as well as the /vicepxx's.
As long as /usr/afs is intact - or backed up - the partitions can be
physically moved to a new server or recovered or whatever.
When new hardware is built, the drives are physiclly relocated to the
new server and voila...
Ken Hornstein [EMAIL PROTECTED] writes:
Maybe it's me, but I've never really seen the difference between a junk
certificate and a Kerberos ticket;
Somebody with no prior trust relationship can check the validity of a
junk certificate.
I'm confused; do you know about some cryptosystem that I
Stephan Wiesand wrote:
On Wed, 28 Dec 2005, Derek Atkins wrote:
You don't want AFS for an imap or maildir backend. You should just
Since it's void of any locks, what would be wrong with maildir in AFS?
There's a bunch of things wrong with stock maildir; I've done a lot of
work with it.
Ken Hornstein [EMAIL PROTECTED] writes:
zeroauth (for lack of a better term) is a completely different matter.
I agree. I think the point I'm trying to make is that this is outside
the scope of what I'm proposing, and that modularity is good.
What I'm saying is that you should be able to keep
Jeffrey Altman [EMAIL PROTECTED] writes:
In any case, this is not the biggest impediment to OpenAFS adoption.
If you can obtain a domain name and publish the appropriate records
in a name server, then you can successfully deploy an AFS cell and
Kerberos realm.
The current situation is sort
Jeffrey Altman [EMAIL PROTECTED] writes:
Granted these models are currently not distributed such that you could
download an implementation from MIT or KTH but that is because there
has not been appropriate demand for such functionality and the current
Kerberos implementors do not have the
Ken Hornstein [EMAIL PROTECTED] writes:
While I am pretty liberal with who we cross-realm with, that does
not extend to users using those realms. We control the principal
to userid mapping, and do not let users get interactive access to
our systems from arbitrary principals.
This is a good
Adam Megacz wrote:
The advent of public-key email security resulted in a network effect:
it took very little effort to get access to a very large pool of
people with whom you could communicate securely. This offset the cost
of having to maintain a ~/.pgp and a lot more people wound up with
11 matches
Mail list logo
