unified authentication

Thu Sep 25 09:50:17 PDT 2003

Robert Watson just mooed:
> > 
> >   http://www.fs.net/
> 
> And one of the very nice things about the SFS implementation is that it
> plugs into loop-back NFS on the client, so you don't need special kernel
> changes, which is what has made the OpenAFS and Arla stuff so difficult.
> On the other hand, there's presumably the expected observable performance
> difference...

It's suprisingly not bad.  The network and crypto are usually the limiting
factors.  From two machines in the same building going through one router:

SFS> /usr/bin/time dd if=/dev/zero of=foo bs=8k count=1k
8388608 bytes transferred in 1.677283 secs (5001308 bytes/sec)
        1.87 real         0.00 user         0.10 sys

>From a linux NFS client, same dd, same lan, no interposed router,
1.14 elapsed, 0.01 user, 0.02 system.  DM's eval suggests that
their performance for things like FreeBSD kernel compiles is 
is usually better than NFS over TCP, barely worse than NFS over
UDP, and 25%ish slower than the local filesystem.  In other words,
it's within the realm of the OK.  I don't like compiling with my
object trees over any remote filesystem, but I find keeping my
source tree on SFS to be about the same as keeping it on NFS.

The 'rex' authentication system they've built is pretty slick, but
has the downside that my fingers think "ssh" when I want to login...

  -Dave

-- 
work: dga at lcs.mit.edu                          me:  dga at pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/
      I do not accept unsolicited commercial email.  Do not spam me.