-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi!
As the other thread is more about limits, I switched to a new thread.
We need a distributed filestorage for 20-200 organizations EU wide.
I think about setting up a single OpenAFS cell with a central krb5
server and 3 db servers (managed by the
You may want to think through how you manage the pts entries, how you
add and subtract users / groups. If you need or have another
infrastructure for that anyway, you could easily push to that data
to pts. And then it does not matter if you push it to one or 20 cells.
(or not pushing but with a
Lars Schimmer wrote:
Right now I see the limit of 20 groups per ACL in a directory as a
problem - but thats a point we could work araound, somehow.
You should use as few ACL entries as possible and instead put users/groups
in groups on the directories. IMHO something is setup wrong if you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
*sry* send the first one only to harald.
Harald Barth wrote:
You may want to think through how you manage the pts entries, how you
add and subtract users / groups. If you need or have another
infrastructure for that anyway, you could easily push
On Wed, 27 Jan 2010 10:26:04 +0100
Lars Schimmer l.schim...@cgv.tugraz.at wrote:
You need to do some preconfigured shipping anyway, if you automate
the generate boot CD process it does not matter much if you need to
add a new cellname and security KeyFile in that process.
A complete
On Wed, 27 Jan 2010 09:22:38 +0100
Lars Schimmer l.schim...@cgv.tugraz.at wrote:
One cell per organization could be done, to - but it needs far more
admin overhead at the organizations (which are NOT technical
organizations and admin alike, which means lots of training and kinda
thats to much
Simon Wilkinson s...@inf.ed.ac.uk writes:
On 26 Jan 2010, at 17:11, Derrick Brashear wrote:
It's not without risk. You're probably ok (and assuming the symbol
versioning works correctly you shouldn't lose if the module does load)
but we don't want to rely on it.
RedHat already do this with
Hi Andrew (and all the other list members),
ok, first I like to admit that this is actually rather Kerberos- than
OpenAFS-related. Sorry for that, but I want to be able to issue cron
jobs as an OpenAFS user without having to create both new, dedicated
user_name/cron princs and the associated new
On Wed, Jan 27, 2010 at 04:27:59PM +0100, Holger Rauch wrote:
I tried to follow your suggestion. I had come accross this mail:
http://www.mail-archive.com/kerbe...@mit.edu/msg03229.html
However, when following the steps described in there, I get the
following error message after having
On Wed, 27 Jan 2010 16:27:59 +0100
Holger Rauch holger.ra...@empic.de wrote:
- Could it be that the kvno doesn't match?
- What's the default kvno for princs that are created interactively
from within kadmin using the addprinc command?
- In case I want to reuse a regular user princ from
Derrick Brashear sha...@gmail.com writes:
I might be able to try that, but it will take a few days.
if true, you should see output in cmdebug now
Okay, I just caught it red-handed. Can anybody help with reading the
tea leaves here?
meg...@quine:~$cmdebug localhost
Lock afs_xvcache
On Wed, Jan 27, 2010 at 12:10 PM, Adam Megacz a...@megacz.com wrote:
Derrick Brashear sha...@gmail.com writes:
I might be able to try that, but it will take a few days.
if true, you should see output in cmdebug now
Okay, I just caught it red-handed. Can anybody help with reading the
tea
Thomas Kula k...@tproa.net writes:
On Wed, Jan 27, 2010 at 04:27:59PM +0100, Holger Rauch wrote:
- What's the default kvno for princs that are created interactively
from within kadmin using the addprinc command?
When I just created one, I got a kvno of 1.
If you create a principal in MIT
Derrick Brashear sha...@gmail.com writes:
Lock afs_xvcache status: (none_waiting, write_locked(pid:11013
at:335))
Ah, so I am to interpret the thing after the comma as the name of a
function somewhere within the openafs source code. Knowing that helps a
lot!
assuming you're not running
On 27 Jan 2010, at 21:30, Adam Megacz wrote:
Derrick Brashear sha...@gmail.com writes:
Lock afs_xvcache status: (none_waiting, write_locked(pid:11013
at:335))
Ah, so I am to interpret the thing after the comma as the name of a
function somewhere within the openafs source code. Knowing
On Wed, Jan 27, 2010 at 4:30 PM, Adam Megacz a...@megacz.com wrote:
Derrick Brashear sha...@gmail.com writes:
Lock afs_xvcache status: (none_waiting, write_locked(pid:11013
at:335))
Ah, so I am to interpret the thing after the comma as the name of a
function somewhere within the openafs
Derrick Brashear sha...@gmail.com writes:
You don't. You can ask the vlserver, which is how the CM found out anyhow:
vos listaddrs -printuuid -noresolve
Yikes, that list is full of incorrect addresses. How on earth is the
list compiled?
- a
___
On Wed, Jan 27, 2010 at 5:22 PM, Adam Megacz a...@megacz.com wrote:
Derrick Brashear sha...@gmail.com writes:
You don't. You can ask the vlserver, which is how the CM found out anyhow:
vos listaddrs -printuuid -noresolve
Yikes, that list is full of incorrect addresses. How on earth is the
On Wed, Jan 27, 2010 at 5:22 PM, Adam Megacz a...@megacz.com wrote:
Derrick Brashear sha...@gmail.com writes:
You don't. You can ask the vlserver, which is how the CM found out anyhow:
vos listaddrs -printuuid -noresolve
Yikes, that list is full of incorrect addresses. How on earth is the
Steven Jenkins wrote:
On Wed, Jan 27, 2010 at 5:22 PM, Adam Megacz a...@megacz.com wrote:
Derrick Brashear sha...@gmail.com writes:
You don't. You can ask the vlserver, which is how the CM found out anyhow:
vos listaddrs -printuuid -noresolve
Yikes, that list is full of incorrect addresses.
Lars Schimmer wrote:
*sry* send the first one only to harald.
Harald Barth wrote:
You may want to think through how you manage the pts entries, how you
add and subtract users / groups. If you need or have another
infrastructure for that anyway, you could easily push to that data
to pts. And
On Wed, Jan 27, 2010 at 3:22 AM, Lars Schimmer l.schim...@cgv.tugraz.at wrote:
- -no single user (person) should be identified accessing that data by
sharing organization (to see which department is fine, but not the
single persons of the accessing department)
The AFS-3 security model
On Wed, Jan 27, 2010 at 11:17 PM, Tom Keiser tkei...@sinenomine.net wrote:
On Wed, Jan 27, 2010 at 3:22 AM, Lars Schimmer l.schim...@cgv.tugraz.at
wrote:
- -no single user (person) should be identified accessing that data by
sharing organization (to see which department is fine, but not the
23 matches
Mail list logo