[Infrastructures] user management (mixing afs,ldap,kerberos)

[Steve Traugott]

--TB36FDmn/VVEgNH/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Mar 10, 2005 at 07:47:56AM -0800, Carlson, Scott wrote:
> We decided to get rid of our AFS infrustructure, mainly because it was
> overkill for what we need.  We're currently relying on an unsupported
> version of IBM AFS and never did get enough people interested to do an
> OpenAFS migration.  Our AFS infrastructure has been rock solid for about 6
> years, but it's sorely unmaintained.  Also, with aproximately 2400 people
> who need a 'shell equivalent' account here, trying to manage that in AFS
> isn't quite what my engineering team signed up for.  Automounting NFS
> probably will be the best bet in the end since no more then 10 people wou=
ld
> ever log in concurrently to a single machine.

Scott, you might want to take a look at the description of Morgan
Stanley's AFS infrastructure in Campbell's AFS book.  I can't say too
much more because I'm there right now.  I can say that, having built
NFS-automounted trading floors at other firms, in hindsight I regret not
having embraced AFS earlier.  OpenAFS is well worth migrating to as
well. =20

My own thoughts include an opinion that Sarbanes-Oxley sections 404 and
802 are likely to make NFS even less appealing by comparison.
=20
Steve
--=20
Stephen G. Traugott  (KG6HDQ)
UNIX/Linux Infrastructure Architect, TerraLuna LLC
stevegt@TerraLuna.Org=20
http://www.stevegt.com -- http://Infrastructures.Org

--TB36FDmn/VVEgNH/
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCMM9M8rKIxO1Fc9MRAts/AJ41GJCL7vq3PDg+2apQaisCyGITlwCeKUaM
P9oZxyoaqjm3YWPlbTHWUd0=
=7DcG
-----END PGP SIGNATURE-----

--TB36FDmn/VVEgNH/--