Next: User Experiences
Up: User and Administrator Experiences
Previous: User and Administrator Experiences
Administrators were happy to be relieved of dealing with users after
the initial setup. After an administrator granted a user access to a
desired directory with a signed credential, there was little reason
for any user to contact an administrator. Further files could be
created, and access could be delegated to other users without external
administrative intervention. However, initial setup of the system was
at times cumbersome. As our first DisCFS prototype was based on NFS,
administrators had to deal with setting up initial NFS mountpoints on
each client for each server that offered DisCFS services. In
hindsight, it would have been better to circumvent the mountd
protocol. Setting up DisCFS initially also required a good
understanding of IPsec configuration.
Administrators also pointed out some security concerns they had with
the first prototype. Currently, a KeyNote query is not performed for
every nfs call, only on getattr calls. While this improves
performance, it also means that we trust the client software to
enforce the returned UNIX permission bits, something that will change
in future releases of DisCFS.
Stefan Miltchev
4/8/2003