File Serving
It is convenient for students and faculty to have access to their files
no matter what computer they're using, so many universities provide
some sort of network storage. Requirements for a network storage
system include:
- Scalability. It must be able to handle use by all members
of the university. (e.g. at MIT, it must be able to handle 15000 users.)
- Reliability and security
(it has to withstand use by a large number of highly intelligent,
curious computer science students with lots of time on their hands!)
- Compatibility with Windows, Linux, and Macintosh
- Low Cost. It is likely that only a free software solution will
be inexpensive enough to be used on every computer on campus.
- Support. It must already be deployed at many universities,
and books and other training materials must be readily available.
The building block services for a network storage system include:
- File Serving
- Authentication
- Time Synchronization
- User Directory
- Domain Name Service
Oddly enough, it seems there is currently only one choice for the File
Serving service that meets all the above requirements: AFS (in the form
of OpenAFS).
That dictates several other choices:
AFS requires Kerberos as its user authentication service,
and Kerberos requires NTP as its time synchronization service.
Both probably require DNS as their hostname lookup service.
The user directory service role can be played by several systems.
Fermilab uses a text file (yes, a text file), MIT uses Hesiod, and
Active Directory could be used. Jason Heiss' excellent document
"Replacing NIS with Kerberos and LDAP"
shows how to use OpenLDAP for this.
Likewise, there are many packages that can provide domain name service; I suspect most
organizations are using the standard DNS package from isc.org.
Filling in these choices in the above list of services, here are
the main packages needed to deploy network storage to the campus:
All of these are available for free download for all popular operating systems, and
offer excellent security, good performance, and low cost.
That said, setting up network storage with OpenLDAP, Kerberos 5, and OpenAFS
takes lots of learning, experimentation, and planning.
(NTP and ISC Bind are fairly easy by comparison, which should give you
some idea how complex setting up the others are!)
Related Pages
Overviews
-
Jim Carter's paper
A Critique of Kerberos and AFS
offers a brief overview of authentication and file serving software available as of May 2002.
- Evaluation of Network Filesystems at Swiss Federal Institute of Technology, Zurich
- OpenAFS, or Network file systems, righteous indignation and you by James Ervin. Compares AFS and NFS, picks AFS as the right choice for large deployments.
- AFS at CERN: Status, Plans, Benefits and Problems. June 2001.
- AFS Strategy Session, Fermilab, July 17th, 2002
- E-Berkeley Roadmap - a bit off-topic, but it does show
that UC Berkeley is moving towards campuswide use of LDAP and Kerberos
- Directory Services for Linux, a thesis by Norbert Klasen. Very thorough.
- Infrastructures.org - a very nicely presented overview of best practices for managing large numbers of computers
- Logging in from Anywhere: Distributed Authentication for Linux, by Bill von Hagen, Linux Magazine, January 2001
AFS Links
Note that AFS requires Kerberos, so many of these AFS links will
also cover Kerberos.
- OpenAFS Home Page
- OpenAFS Mailing Lists
- alt.filesystems.afs archives at Google
- AFS training from IBM
- Commercial Support for OpenAFS from Sinenomine.net
- LinuxBox.net - claim to support OpenAFS
- OpenAFS Success Stories
- AFS Workshops
- Notes from AFS Workshop at Usenix 2002
- AFS Integration with GenToo Linux at Clarkson - Stephen Evanchik, student, Clarkson University Open Source Institute
- RedHat 7.2 and AFS at UMBC
- Help Desk page for AFS users at the University of North Carolina Medical School
- Help Desk page for AFS users at Duke University
- Help Desk page for AFS users at Paul Scherrer Institut, Switzerland
- Help Desk page for AFS users Financial Information System, UC Davis
- Help Desk page for AFS users on Windows at The Royal Institute of Technology in Sweden
- Help Desk page for AFS users at University of Notre Dame
- Help Desk page for AFS users on Linux at TU Chemnitz, Germany
- Help Desk page for AFS users on Windows at TU Chemnitz, Germany
- Help Desk page for AFS users at SLAC at Stanford
- Help Desk page for AFS users at Arizona State University
- Help Desk page for AFS users at Dartmouth
- http://www.engin.umich.edu/caen/faqs/openafs.shtml
- System administration of CKM Debian Linux Cluster at Fermilab - how to add a Debian system to an AFS+Kerberos network
- How to set up AFS with Kerberos V, by Martin Schulz, University of Karlsruhe
- OpenAFS + Kerberos V (krb5) + Linux ok, Win2k bad post on OpenAFS mailing list by Noel Burton-Krahn, March 2002
- getting openafs credentials initiated on an ssh session - use pam_krb5.so and pam_openafs_session.so in /etc/pam.d/ssh
- AFS-Kerberos 5 Migration Kit
- LDAPv3-HOWTO by Turbo Fredriksson. How to build OpenLDP, OpenSSL, and Kerberos V from source on Debian. Also covers AFS. Not "professional" enough, but informative nonetheless.
Kerberos Links
Windows Clients authenticating against MIT Kerberos Servers
Linux Clients authenticating against Microsoft Active Directory Servers
MacOSX Clients authenticating against MIT Kerberos Servers
LDAP Links
File Serving Protocols / Packages
Besides AFS, that is.
Other Links
Found while searching for 'windows interoperability' and 'network file sharing windows linux' etc.
Sorted by URL for now - I'll categorize them later... apologies for the mess.