Top

AFSForTheDND

"AFS for the DND" -- the idea is to have a 'user account' space for each member of the DND. This will make it possible for people to log in to public linux computers with their DND account, and get access to their personal documents and stuff.

More Ideas/Requirements

• We want a system that can interface with Linux, Mac Classic, Mac OSX, Windows (it's going to be here for a while), other Unices, etc...
  • File system? : have an AFS mount point (more secure than NFS), that has the same file structure available via SAMBA and AppleShare?. (what protocol is OSX most happy using?)
• Drag-and-Drop functionality is available with Blitzmail, which people currently use to transfer files, so we need to have something that is at least as easy.
• We'd like to be able to mount the space as a user home directory on unix systems --> we can use AFS for that.
• Authentication and Security:
  • Authenticate off of the DND (use LDAP, probably).
  • How do we ensure that passwords are transmitted securely? -- with AFS logins on Unix, passwords are encrypted. What about Window Filesharing? What about AppleShare??
  • What if people want encrypted VS. unencrypted file transfer from local disk to the network disk? (can the protocols support this?)
• What about sharing files on your local computer? Can you set permissions easily using AFS, Windows Filesharing, AppleShare?, etc???
  • Although it will be fastest to have the files be transfered from computerA to computerB (not through the central machines), would it be possible for individual machines to use AFS (or whatever) to check what permissions are on a local file, and then grant/deny access based on those permissions?
• How Do I 'Send' files to someone else?
  • we could drop files, or grant permissions. I think that both options should be available.
    • By granting permissions, you can leave stuff on your account (say for a class or for a group of friends that you specify), and everyone can access it (to whatever extent that you allow).
    • By 'dropping' files, everyone can have a 'Public' folder (that anyone can write to) on which you could set a size limit (e.g. 10MB). Then, people can drop a file in there instead of blitzing it to you. Of course, because of this flexible system, you could set up a number of different folders such as Public_cs42, Public_Baseball_team, etc... where the permissions on those folders can be lists that you control or others control.
• Because of the power of this system, we might want to 'dumb things down' for many users. We could potentially give users less control over the file system, until they took a 30min seminar about how to properly administer their files. (for those geeks that already know about AFS, SAMBA, etc... we could have a more technical version available that would be a bit more interesting.... :-)

Why don't you use xxxxxxxx instead?

• Stongbox, Locker, and Vault provide a nice 30MB of networked storage, but we can't (easily) use that space for unix account.
• The NorthStar AFS cell has its own set of users and passwords separate from the DND. Making the two work together, I have been told, is not feasible. (UPDATE: it can be done, but would be messy. Unless sometime jumps out at us as being a better solution, I guess that we'll be rolling up our sleeves and taking a crack at making AFS + LDAP work....)

Are you really using AFS?

Yes. well, maybe. Actually we haven't decided yet, so I can't say for sure. AFS, NFS, and ??? are all prime competitors. We want to make this easy for now, but we also want to make it scalable in case half of the campus starts using it overnight (if that happens I'll jump up and down with joy!!!)

AFS is looking like the best idea right now. Anyone want to help me set it up ?

How do you get an account?

• Intially, the idea was to log in at a public machine, and an account will be created (at least that's the plan!). Now, if this is going to be a global campus network, then I guess that it would make sense to have everyone to have an account right off of the bat...

Quotas

• I'm thinking about 10 - 30MB initially:
  • we're getting a 100GB machine to play with for Linux stuff in general, and maybe 75GB will be gobbled up by OS + mirroring of RedHat and Debian
  • quick estimates if we have 20GB to hand out:
    • with 10MB per user, we can handle 2000 users.
    • with 20MB per user, 1000 users.
    • with 30MB per user, 666 users.
    • with 50MB per user, 400 users.
  • okay, so I'm thinking about 20MB or 30MB (to match how much space people get on strongbox/locker/vault.

How do i get to my stuff on AFS for the DND from my personal computer?

• from what I've heard, you can authenticate for multiple AFS cells really easily under linux -- so install it!
• we'll have a couple of machines available so that people can use them for file transfer to/from the AFS for the DND if they're in their dorm room or whatnot. But it would be nice to make this really easy for people running linux. Another incentive to take the plunge!

The public machines are mostly old, so we don't want people remotely logging into them. We might be able to stack up some of the older machines in a room and let people connect to them remotely via SSH.

RobinsonTryon - 26 Oct 2002