Introduction to KERBEROS/OpenAFS

LIONS was created with redundancy and fault tolerance as it's primary objective. It features fault tolerant servers, a fully mirrored Storage Area Network (SAN), fault tolerant routers for the SAN, a security master server with replica servers, a file system master server (with replica servers), an Enterprise Level backup/restore solution, and a uniform environment for all academic UNIX users.

LIONS also provides centralized services such as FTP, UNIX software license management, printing, Enterprise Level web and documentation servers, and features a web/e-mail based help request system.

To assist us with running such a large environment requires a world-class Enterprise Security and File systems.

The Building Blocks of LIONS - Kerberos, OpenAFS, OpenLDAP

The underlying structure which makes up the LIONS architecture are:

• Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. LIONS uses the free implementation of this protocol available from the Massachusetts Institute of Technology.
• OpenAFS is a distributed filesystem that enables co-operating hosts (clients and servers) to efficiently share filesystem resources across both local area and wide area networks. AFS is a distributed filesystem product, pioneered at Carnegie Mellon University and supported and developed as a product by Transarc Corporation (now IBM Pittsburgh Labs). It offers a client-server architecture for file sharing, providing location independence, scalability and transparent migration capabilities for data. IBM branched the source of the AFS product, and made a copy of the source available for community development and maintenance. They called the release OpenAFS.
• OpenLDAP is used as the naming services "glue" which binds the Kerberos and OpenAFS information together.