I think the point that the grandparent was trying to make was it isn't a problem when it doesn't work (just swap out and go). It is a major problem when it sort of works; i.e. when it works intermittently for a few hours/days/weeks then crashes. Now a reboot would fix that but do you have someone there 24x7 to do the reboots?
Hmm haven't looked at this in sometime, it is on my list of things to get back to.
Yes flat group file (the default/etc/groups and gshadow).
Redhat Enterprise ES, not sure about the IT/CRM/BZ number, this is our company account number with Redhat, right?
Redhat asked for debug output (which I provided) and haven't heard anything since.
I just checked the server and the most groups any given user is in is 5. Notable points.. a) 1000 students are in the primary "users" group and the g_student group with some students in "special groups" for course projects b) 200 staff and instructors are in primary "users" group and the g_staff group with each instructor in a departmental group as well. c) all students accounts are padded/truncated to 8characters (letters and digits only) d) all staff and instructor accounts are 8 or less char (letters only, no hyphens, etc) e) some UIDs are >65535 but all GIDs are 5000
Other than that pretty vanilla; did a manual check of../etc/group/etc/gshadow/etc/passwd to make sure the username and group names are all correct and there does not appear to be any visible corruption of the files.
OSX isn't UNIX, it has a cumbersome, hard-to-program, and non-standard administrative database, and it doesn't have UNIX file systems semantics, so these kinds of things may be a lot harder to do on OSX.
MacOSX has full bsd userland APIs and utilities; the kernel is a microkernel (mach) but it is all bsd on the commandline. Last I checked BSDs were consider Unix. a) The administrative database is by default openldap instead of local files although if you really want you can use local files. b) The filesystem is HFS+ or UFS (your choice) and on both unix file semantics are implemented.
Have you actually used MacOSX or are you a Linux bigot?
You (or, rather, someone who actually knows how to write simple programs--most IT departments have such people around) create a small setuid program that implements the constraints you want for your workflow needs and your quota system.
In the case of the quota example, all I need is simple file services for PC and Mac clients (no shell access to the server (artist type; they don't do commandline).
Good grief, how dense can you be? No, I don't want you to "setuid/setgid different utilities", I want you to either use an existing framework or create your own set of utilities that actually express the kinds of operations you actually want to delegate to students.
So I and any else that needs similar functionality should implement it ourselves instead of the OS providing this functionality?
Unix style permissions aren't great for network file services, which almost every organization needs.
FuhQuake is a really great opengl quakeworld client.
Much better than quakeforge because fuhquake has support for 32bit textures AND includes 32bit textures for many, many maps as well as many other small refinements that compare to today's games. I don't know if it compares to doom3 but it does compare to quake3arena (2 years old?).
Unlike parallel SCSI, though, Fibre Channel is full duplex, so with a good mix of reads and writes FC will move around 400 GB/s.
Try more like 10% on average. Why? a) the link may be full-duplexed but the spindles on the other end are not. b) Very few applications have sustained bursts of reads and writes. Most have periods of sustained bursts of reads or writes.
Only when one is talking about multiple terabytes does the affect of a) dissappear (if your SAN distributes data across all available spindles). For b) if you put ALL your applications on the SAN then you will see the affect of parallelism come into play. But for a particular host the full-duplex isn't that big a deal.
Many people understand the issue of latency and how bad it is for transactions. All layers of software are geared to hide/minimize latency by parallelizing transactions.
I wonder for each application/host, does one really need the blazing speed of a SAN? Is the higher latency of each transaction worth it?
As google has shown, you don't need a SAN to store a cache of the web. Many commodity PCs with simple IDE disks (lower latency) can do the job in parallel faster.
You seem to be missing a crucial fact about UNIX groups: every user can be in multiple groups. That gives you the same flexibility as ACLs.
How about a non-primary group of a thousand users? This does not work for me on Redhat Enterprise 3 update 3 release; utilities segfault around 100 users. I have asked redhat and they don't have an answer (its been 4 months).
Also, how about a directory where a large group of users have read/write access and the application is such that files are created and deleted frequently. On OSX 10.3.7, only owner can delete files, how does one go about allowing anyone in the group to delete files? Aside from making a completely separate share one can't do that.
Also, (on OSX same situtation as above) how about when the workflow is such that a file is created in a directory by one user and then another user works on it and then another user works on it and so on. Why should the files' ownership remain with the first user? How would you handle disk quotas? What if the first user isn't just one user but a subset of users that you don't know ahead of time (fluid workflow in dynamic teams).
Just configure the Apache web server to do what you want; it has an option to handle exactly that case.
Please elaborate.
Of course, the students can do it with their own accounts. If you want students to work on a project in a group, you create a UNIX group for that project and put all the students into it. You don't need a "project user".
For small course projects of 3 students for 2months (roughly 60 groups across multiple sections of the course), you want me to create unique groups and preconfigure a sub-directory for each group? Instead of delegating right assignment permission to each student; they manage access to their group and their own file structure?
You can: delegation of privileges in UNIX is handled via setuid/setgid. There are various existing tools to handle specific kinds of delegation (e.g., sudo). If none of those meet your needs, you have far more flexibility to create your own than if you were stuck with ACLs.
You want me to setuid/setgid different utilities on a server where students have shell access? What are you a noob or something? Sudo would be slightly more secure but still not much of an improvement.
Why should I create my own delegation tools when ACLs (which delegation of permissions support) is all I really need?
Windows style ACLs are n-way permissions (n = # of files + directories + users + groups) UNIX ugo/rwx is 3 way permissions
Both have pros and cons.
I don't like either.. Unix: - 3 way is limiting on systems where non-primary groups are limited to a few users (Redhat Enterprise 3, at least it is broken on 3 servers I have).
MS-ACLs: - Very hard to audit from a security prespective.
A better solution is what Novell Netware has.. + ownership of a directory or file does not give you rights to that dir/file. + file ownership only counts towards you diskquota. + a file can have rights assigned for an arbitrary number of users and/or groups (rarely needed). + a directory can have rights assigned to an arbitrary number of users and/or groups. + directory rights cascade down into the subtree. + if you want to block cascaded rights you can place an inherited rights filter on a sub-file or sub-directory. + Supervisor right: equivalent of root for the file or directory. + Read right: can read the file + FileScan right: can get file/directory listing + Write right: can write to file/directory + Erase right: can erase/delete a file/directory + Create right: can create a file in a directory + Modify right: can modify a file/directory + Access right: can assign permissions/rights to other users/groups (delegated administration)
IF you create usergroups for each set of users that need specific permissions, the set of rights assigned to the filesystem is minimized.
Yes you have many user groups but you would have at least the same number of groups with MS-Style ACLs and with UNIX (more groups).
I can give a concrete example of where UNIX style permissions fail..
A Linux server with students and instructors (college). Each user has a webspace (~/public_html) where they need to be able to run cgi, jsp, etc. How to set permissions such that.. a) apache user can read contents of ~/public_html b) no student can read contents of other students or staff's ~/public_html as cgi, jsp, which contain database connection information (should not be visible to anyone except owner).
Upto this point all staff and students should be in primary group "users" and user apache is NOT in users. public_html rwx---r-x "users"
Now what if some students need to work together in a group for a group project? You can't do it with one of the student's accounts, you have to create a special project group user for them to share. This is plain silly.. a) I should be able to assign rights for students in that group to one of the student's/public_html/group_project directory
OR if I am really lazy (or if there are thousands of students).. b) I should be able to delegate permission assignment to each student, i.e. each student can assign rights to other stuednts/groups to files under their own homedirectory.
Perhaps my opinion is coloured by memories of Solaris7 (on a 420R), where one had to have veritas filesystem to get decent journaling and mirroring.
Things have improved with Solaris9 (on V240) and havent played with 10 yet, but still software mirroring is *okay* but really, for the price one pays for a Sun server can't they include hardware RAID (not just mirroring)??
e.g. v240 can house 4 internal disks, why can't there be a integrated hardware RAID controller to do RAID5 on the internal disks?
"Formatted Int Transfer Rate (min) 85 MBytes/sec Formatted Int Transfer Rate (max) 142 MBytes/sec"
5 * 85MB/sec = 425MB/sec
This provides a rough estimate of how much sustained throughput 15K drives have. Throw in SCSI command overhead and 5 15K drives can saturate a Ultra320 channel.
1U server: 3U external RAID storage system. Holds 14 to 15 disks, fill as you need. RAID will allow expansion on the fly. SCSI DISKS: 14 * 146GB = 1.9TB IDE DISKS: 14 * 400GB = 5.2TB
If you really need to go to the next rack, fibre channel for the link (external fibrechannel RAID storage, no SAN/fc-switch) is still an option.
The only reason I don't like it is there are very few server platforms (apple XServe being the exception) that boot from fibre-channel storage systems. If I need two internal disks (have to be RAIDed and managed) to boot the OS to load the fibre-channel driver to access the external storage why bother?
Most server platforms suck for internal storage and RAID functionality.. 1. Sun Sparc: No HW RAID for internal disks, sw mirroring only. Most model's dont have support for booting from external disks.
2. Apple XServe: Good SW RAID for internal disks but if a disk fails.. a) backup b) recreate RAID c) restore
3. Dell PowerEdge: Internal HW RAID controllers allow on the fly expansion but controller driver doesn't expose RAID even alerts to OS. For that you need Dell's OpenManagement suite (not support on all OSes).
I prefer external RAID storage, where the storage system provides the management interface OS agnostic.
With disks so cheap just add another disk to ServerA.
There are many external SCSI storage systems with integrated RAID and management functions (everything from audible alarms to SNMP/email support). e.g. http://www.promise.com/product/externalstorage.htm
The cost of disks have fallen so much that the idea of a giga-SAN ($$$$) to master all storage is just plain silly. Local attached external RAID storage with management is all one really needs. Only when talking about multi-Terabytes of data should one consider a SAN.
Once 10Gb NICs become common, then iSCSI will have better link speed (doesn't mean it will be faster).
Many things affect the speed of storage systems. 1. raw disk speed 2. raw disk access time 3. interface (iSCSI or Fibre-Channel or UltraSCSI) latency: iSCSI latency > FC latency > SCSI latency 4. protocol overhead iSCSI latency > FC latency > SCSI latency and on and on...
Good yard stick.. If you have five or more 15K drives in a storage system the link speed will be the bottleneck. Reasoning: six * burst throughput of single drive > link speed.
apples to apples.. 1. Local attached storage will generally be faster than fibre-channel or iSCSI as long as the fibre-channel or iSCSI storage system doesn't have some really highend RAID/cache system.
If you have many small hosts, generally throughput should not be an issue except for some hosts, where a highend internal, multi-SCSI-channel RAID controller and SCSI storage systems will be the fastest.
As a Novell customer (my employer) let me say their marketing and packaging of their products is the worst (perhaps only 2nd to commodore).
Only in eDir8.7 (what is bundled in Netware6.5)do the have support for a "universal password".. + unicode characters in passwords + allows the password to be rehashed to the algorithm the client requests (SASL but only for the hashing of the password).
Now finally their CIFS emulation (present since NW6.0, circa 2002) has a single password store. Perviously, NDS/LDAP authentication used the NDS password and CIFS emulation used what they called the simple password.
Back on topic, I hope samba gets some sort of support for host based passwords in non-PDC/AD mode. Not every shop has PDC/AD and samba maintaining it's own password store is just silly. Yes I know the underlying reasons why but why not build in support for a password manager (ala Apple's OpenDirectory in Panther) where the password manager stores multiple hashes of the user's password and authenticates against the one appropriate for the service/protocol being used. As long as the password manager is supported by PAM most platforms will be supported.
Then we can be closer to a single password store nirvana.
Go for a Dell 2850.. + Dual P4 Xeons + 800MHz FSB + upto 6GB RAM + six hotswap drive bays (optional split backplane 2+4)
Go for.. Dual 3.2GHz (if u have money to throw 3.6s for $1100 extra) 4GB RAM (more is questionable benefit on x86's 32bit arch, some apps it may be worth it) six 36GB 15K drives addon PERC4/DC RAID controller All for $9012
A RAID 10 config would be the best.. + highest redundancy and + best performance.
RAID5 is faster for sustained continuous reads/write but slower for random/small read/writes.
So you talk about all that will be in Solaris 10. What about what is currently in Solaris 9?
Okay some of what you say is in Solaris 9, but most of those features are only of benefit (or are only available) if you have a really, really large Sun server (where partitioning is supported).
You and many others here are confusing the arguement..
Sun vs. Linux where.. Sun is Sun hardware (SPARC or x86) comparable to Linux is on x86 Server class hardware.
Component level redundancy, OS stability, etc are nice but it doesn't provide enough uptime for really critical apps, you have to have application level redundancy!!!
We replaced a >$250K IBM Power4+ with two Dell 6650s ( cheaper TCO (not just what the PHBs like but what the organization needs).
The only applications that still require Sun/Solaris are single system image apps that require mountains of CPU, memory, storage all in one system. e.g. SunFire 15K
To paraphrase someone else..
They are mostly dead, they just don't know it yet.
"A company I worked for once had a Dell RAID controller go"
I have seen this happen on AIX ($600,000 box, Quad Power4) and Sun ($200,000 box). In the case of the AIX box, production database, lost 7 business days of work: the corruption started happening slowly, 7days before it blew up. And, yes we had IBM/Oracle 7x24 maintenance, didnt help much:( The AIX box was replaced soon afterwards with a two $100,000 Dells ($35,000 Quad Xeon server, with 65,000 for duplicate RAID arrays) that was much faster than the AIX box as a database engine (Oracle failover).
Not saying RAID failures don't happen on Dell or other PC class hardware. Just that Sun/AIX/SGI being better hardware became a myth when Sun/IBM/SGI started using the same companies/tech/chipsets/manufacturing as Dell, i.e. Taiwanese.
The key business driver is uptime/availability of service.. A 4 times more expensive Sun/SGI/AIX box might give you 99.99% uptime (Versus a PC's 99%). But with properly designed software/application, replicated PC hardware will acheive 99.99% application availability for less than half the price.
So the only class of problems that PC hardware can't solve cheaper/faster/better are the hard ones that require one big machine. This class of problems make up 0.1% of the problems out there and that percentage is decreasing. Decreasing because there is a lot of good work that has been done and is being done in distributed systems.
Anytime information is destroyed its a bad thing, does not matter if its by a private corporation or the goverment (especially the government).
Instead of asking the libraries to make this information MORE SECURE*, they are asking that the information be destroied.
* security could be something as simple as..
a) stored in a reseved area
b) accessiable only after you have presented a drivers license or some other photoID.
Slashdot Mirror
I think the point that the grandparent was trying to make was it isn't a problem when it doesn't work (just swap out and go). It is a major problem when it sort of works; i.e. when it works intermittently for a few hours/days/weeks then crashes.
Now a reboot would fix that but do you have someone there 24x7 to do the reboots?
Hmm haven't looked at this in sometime, it is on my list of things to get back to.
/etc/groups and gshadow).
/etc/group /etc/gshadow /etc/passwd
Yes flat group file (the default
Redhat Enterprise ES, not sure about the IT/CRM/BZ number, this is our company account number with Redhat, right?
Redhat asked for debug output (which I provided) and haven't heard anything since.
I just checked the server and the most groups any given user is in is 5.
Notable points..
a) 1000 students are in the primary "users" group and the g_student group with some students in "special groups" for course projects
b) 200 staff and instructors are in primary "users" group and the g_staff group with each instructor in a departmental group as well.
c) all students accounts are padded/truncated to 8characters (letters and digits only)
d) all staff and instructor accounts are 8 or less char (letters only, no hyphens, etc)
e) some UIDs are >65535 but all GIDs are 5000
Other than that pretty vanilla; did a manual check of..
to make sure the username and group names are all correct and there does not appear to be any visible corruption of the files.
MacOSX has full bsd userland APIs and utilities; the kernel is a microkernel (mach) but it is all bsd on the commandline. Last I checked BSDs were consider Unix.
a) The administrative database is by default openldap instead of local files although if you really want you can use local files.
b) The filesystem is HFS+ or UFS (your choice) and on both unix file semantics are implemented.
Have you actually used MacOSX or are you a Linux bigot?
In the case of the quota example, all I need is simple file services for PC and Mac clients (no shell access to the server (artist type; they don't do commandline).
So I and any else that needs similar functionality should implement it ourselves instead of the OS providing this functionality?
Unix style permissions aren't great for network file services, which almost every organization needs.
http://www.fuhquake.net
FuhQuake is a really great opengl quakeworld client.
Much better than quakeforge because fuhquake has support for 32bit textures AND includes 32bit textures for many, many maps as well as many other small refinements that compare to today's games. I don't know if it compares to doom3 but it does compare to quake3arena (2 years old?).
Try more like 10% on average. Why?
a) the link may be full-duplexed but the spindles on the other end are not.
b) Very few applications have sustained bursts of reads and writes. Most have periods of sustained bursts of reads or writes.
Only when one is talking about multiple terabytes does the affect of a) dissappear (if your SAN distributes data across all available spindles).
For b) if you put ALL your applications on the SAN then you will see the affect of parallelism come into play. But for a particular host the full-duplex isn't that big a deal.
Many people understand the issue of latency and how bad it is for transactions. All layers of software are geared to hide/minimize latency by parallelizing transactions.
I wonder for each application/host, does one really need the blazing speed of a SAN? Is the higher latency of each transaction worth it?
As google has shown, you don't need a SAN to store a cache of the web. Many commodity PCs with simple IDE disks (lower latency) can do the job in parallel faster.
How about a non-primary group of a thousand users? This does not work for me on Redhat Enterprise 3 update 3 release; utilities segfault around 100 users. I have asked redhat and they don't have an answer (its been 4 months).
Also, how about a directory where a large group of users have read/write access and the application is such that files are created and deleted frequently. On OSX 10.3.7, only owner can delete files, how does one go about allowing anyone in the group to delete files? Aside from making a completely separate share one can't do that.
Also, (on OSX same situtation as above) how about when the workflow is such that a file is created in a directory by one user and then another user works on it and then another user works on it and so on. Why should the files' ownership remain with the first user? How would you handle disk quotas? What if the first user isn't just one user but a subset of users that you don't know ahead of time (fluid workflow in dynamic teams).
Please elaborate.
For small course projects of 3 students for 2months (roughly 60 groups across multiple sections of the course), you want me to create unique groups and preconfigure a sub-directory for each group? Instead of delegating right assignment permission to each student; they manage access to their group and their own file structure?
You want me to setuid/setgid different utilities on a server where students have shell access? What are you a noob or something? Sudo would be slightly more secure but still not much of an improvement.
Why should I create my own delegation tools when ACLs (which delegation of permissions support) is all I really need?
Windows style ACLs are n-way permissions (n = # of files + directories + users + groups)
/public_html/group_project directory
UNIX ugo/rwx is 3 way permissions
Both have pros and cons.
I don't like either..
Unix:
- 3 way is limiting on systems where non-primary groups are limited to a few users (Redhat Enterprise 3, at least it is broken on 3 servers I have).
MS-ACLs:
- Very hard to audit from a security prespective.
A better solution is what Novell Netware has..
+ ownership of a directory or file does not give you rights to that dir/file.
+ file ownership only counts towards you diskquota.
+ a file can have rights assigned for an arbitrary number of users and/or groups (rarely needed).
+ a directory can have rights assigned to an arbitrary number of users and/or groups.
+ directory rights cascade down into the subtree.
+ if you want to block cascaded rights you can place an inherited rights filter on a sub-file or sub-directory.
+ Supervisor right: equivalent of root for the file or directory.
+ Read right: can read the file
+ FileScan right: can get file/directory listing
+ Write right: can write to file/directory
+ Erase right: can erase/delete a file/directory
+ Create right: can create a file in a directory
+ Modify right: can modify a file/directory
+ Access right: can assign permissions/rights to other users/groups (delegated administration)
IF you create usergroups for each set of users that need specific permissions, the set of rights assigned to the filesystem is minimized.
Yes you have many user groups but you would have at least the same number of groups with MS-Style ACLs and with UNIX (more groups).
I can give a concrete example of where UNIX style permissions fail..
A Linux server with students and instructors (college). Each user has a webspace (~/public_html) where they need to be able to run cgi, jsp, etc. How to set permissions such that..
a) apache user can read contents of ~/public_html b) no student can read contents of other students or staff's ~/public_html as cgi, jsp, which contain database connection information (should not be visible to anyone except owner).
Upto this point all staff and students should be in primary group "users" and user apache is NOT in users.
public_html rwx---r-x "users"
Now what if some students need to work together in a group for a group project? You can't do it with one of the student's accounts, you have to create a special project group user for them to share. This is plain silly..
a) I should be able to assign rights for students in that group to one of the student's
OR if I am really lazy (or if there are thousands of students)..
b) I should be able to delegate permission assignment to each student, i.e. each student can assign rights to other stuednts/groups to files under their own homedirectory.
Perhaps my opinion is coloured by memories of Solaris7 (on a 420R), where one had to have veritas filesystem to get decent journaling and mirroring.
Things have improved with Solaris9 (on V240) and havent played with 10 yet, but still software mirroring is *okay* but really, for the price one pays for a Sun server can't they include hardware RAID (not just mirroring)??
e.g. v240 can house 4 internal disks, why can't there be a integrated hardware RAID controller to do RAID5 on the internal disks?
Have you estimated a $$$ cost for this wasted disk space?
Even if you factor whatever extra cost you want to associate managing DASD vs a SAN, do these extra costs justify the cost of a SAN?
Ok iSCSI *might* be cheaper but does it improve the way you manage storage or does it just abstract the problem away from your host OS(es)?
See...a les/ente rprise/tech/0,1084,656,00.html
http://www.seagate.com/cda/products/discs
"Formatted Int Transfer Rate (min) 85 MBytes/sec
Formatted Int Transfer Rate (max) 142 MBytes/sec"
5 * 85MB/sec = 425MB/sec
This provides a rough estimate of how much sustained throughput 15K drives have.
Throw in SCSI command overhead and 5 15K drives can saturate a Ultra320 channel.
1U server:
3U external RAID storage system.
Holds 14 to 15 disks, fill as you need.
RAID will allow expansion on the fly.
SCSI DISKS: 14 * 146GB = 1.9TB
IDE DISKS: 14 * 400GB = 5.2TB
If you really need to go to the next rack, fibre channel for the link (external fibrechannel RAID storage, no SAN/fc-switch) is still an option.
The only reason I don't like it is there are very few server platforms (apple XServe being the exception) that boot from fibre-channel storage systems. If I need two internal disks (have to be RAIDed and managed) to boot the OS to load the fibre-channel driver to access the external storage why bother?
Most server platforms suck for internal storage and RAID functionality..
1. Sun Sparc:
No HW RAID for internal disks, sw mirroring only. Most model's dont have support for booting from external disks.
2. Apple XServe:
Good SW RAID for internal disks but if a disk fails..
a) backup
b) recreate RAID
c) restore
3. Dell PowerEdge:
Internal HW RAID controllers allow on the fly expansion but controller driver doesn't expose RAID even alerts to OS. For that you need Dell's OpenManagement suite (not support on all OSes).
I prefer external RAID storage, where the storage system provides the management interface OS agnostic.
With disks so cheap just add another disk to ServerA.
m
There are many external SCSI storage systems with integrated RAID and management functions (everything from audible alarms to SNMP/email support). e.g. http://www.promise.com/product/externalstorage.ht
The cost of disks have fallen so much that the idea of a giga-SAN ($$$$) to master all storage is just plain silly. Local attached external RAID storage with management is all one really needs. Only when talking about multi-Terabytes of data should one consider a SAN.
Umm not exactly..
1. Fibre-channel:
Speed = 2Gigabits/sec = 2048 Megabits/sec =~ 256 Megabytes/sec
2. Ultra320 SCSI (direct attached storage)
Speed = 320Megabytes/sec
3. iSCSI (assuming gigabit network link)
Speed = 1Gigabits/sec =~ 100Megabytes/sec
Once 10Gb NICs become common, then iSCSI will have better link speed (doesn't mean it will be faster).
Many things affect the speed of storage systems.
1. raw disk speed
2. raw disk access time
3. interface (iSCSI or Fibre-Channel or UltraSCSI) latency:
iSCSI latency > FC latency > SCSI latency
4. protocol overhead
iSCSI latency > FC latency > SCSI latency
and on and on...
Good yard stick..
If you have five or more 15K drives in a storage system the link speed will be the bottleneck.
Reasoning: six * burst throughput of single drive > link speed.
apples to apples..
1. Local attached storage will generally be faster than fibre-channel or iSCSI as long as the fibre-channel or iSCSI storage system doesn't have some really highend RAID/cache system.
If you have many small hosts, generally throughput should not be an issue except for some hosts, where a highend internal, multi-SCSI-channel RAID controller and SCSI storage systems will be the fastest.
My 0.02cents (taxes extra)
Until the previous major ver, power archiver was free but with the latest release it is shareware :(
As a Novell customer (my employer) let me say their marketing and packaging of their products is the worst (perhaps only 2nd to commodore).
Only in eDir8.7 (what is bundled in Netware6.5)do the have support for a "universal password"..
+ unicode characters in passwords
+ allows the password to be rehashed to the algorithm the client requests (SASL but only for the hashing of the password).
Now finally their CIFS emulation (present since NW6.0, circa 2002) has a single password store. Perviously, NDS/LDAP authentication used the NDS password and CIFS emulation used what they called the simple password.
Back on topic, I hope samba gets some sort of support for host based passwords in non-PDC/AD mode. Not every shop has PDC/AD and samba maintaining it's own password store is just silly. Yes I know the underlying reasons why but why not build in support for a password manager (ala Apple's OpenDirectory in Panther) where the password manager stores multiple hashes of the user's password and authenticates against the one appropriate for the service/protocol being used. As long as the password manager is supported by PAM most platforms will be supported.
Then we can be closer to a single password store nirvana.
my 2cents.
Go for a Dell 2850..
+ Dual P4 Xeons
+ 800MHz FSB
+ upto 6GB RAM
+ six hotswap drive bays (optional split backplane 2+4)
Go for..
Dual 3.2GHz (if u have money to throw 3.6s for $1100 extra)
4GB RAM (more is questionable benefit on x86's 32bit arch, some apps it may be worth it)
six 36GB 15K drives
addon PERC4/DC RAID controller
All for $9012
A RAID 10 config would be the best..
+ highest redundancy and
+ best performance.
RAID5 is faster for sustained continuous reads/write but slower for random/small read/writes.
HTH
So you talk about all that will be in Solaris 10. What about what is currently in Solaris 9?
Okay some of what you say is in Solaris 9, but most of those features are only of benefit (or are only available) if you have a really, really large Sun server (where partitioning is supported).
You and many others here are confusing the arguement..
Sun vs. Linux where..
Sun is Sun hardware (SPARC or x86) comparable to
Linux is on x86 Server class hardware.
e.g. Dell PowerEdge 6650
Quad Xeon, upto 8GB of ECC-RAM (1 bit correction, 2bit detection, redundant banks), onboard hw-raid (128MB cache, RAID 0/1/3/5/10), onboard dual gigabit NICs, 5 hotswap SCSI bays (supports 15K drives).
Component level redundancy, OS stability, etc are nice but it doesn't provide enough uptime for really critical apps, you have to have application level redundancy!!!
We replaced a >$250K IBM Power4+ with two Dell 6650s ( cheaper TCO (not just what the PHBs like but what the organization needs).
The only applications that still require Sun/Solaris are single system image apps that require mountains of CPU, memory, storage all in one system. e.g. SunFire 15K
To paraphrase someone else..
They are mostly dead, they just don't know it yet.
That is still true for P4 Xeons, where upto 4 cpus share the same bus and north bridge.
"A company I worked for once had a Dell RAID controller go"
:( The AIX box was replaced soon afterwards with a two $100,000 Dells ($35,000 Quad Xeon server, with 65,000 for duplicate RAID arrays) that was much faster than the AIX box as a database engine (Oracle failover).
I have seen this happen on AIX ($600,000 box, Quad Power4) and Sun ($200,000 box). In the case of the AIX box, production database, lost 7 business days of work: the corruption started happening slowly, 7days before it blew up. And, yes we had IBM/Oracle 7x24 maintenance, didnt help much
Not saying RAID failures don't happen on Dell or other PC class hardware. Just that Sun/AIX/SGI being better hardware became a myth when Sun/IBM/SGI started using the same companies/tech/chipsets/manufacturing as Dell, i.e. Taiwanese.
The key business driver is uptime/availability of service..
A 4 times more expensive Sun/SGI/AIX box might give you 99.99% uptime (Versus a PC's 99%). But with properly designed software/application, replicated PC hardware will acheive 99.99% application availability for less than half the price.
So the only class of problems that PC hardware can't solve cheaper/faster/better are the hard ones that require one big machine. This class of problems make up 0.1% of the problems out there and that percentage is decreasing. Decreasing because there is a lot of good work that has been done and is being done in distributed systems.
> > This is really ironic when you consider that they are always getting on the case of the "Jewish conspirators" for charging "usery".
Minor Correction:
The distinction between "usery" and percentage charge for a service is the time factor and compounding.
This is why "usery" is consider "haram" (illegal) under islamic law.
whats wrong with my sig?
anonymous posts start a 0.
named posts start at 1 (unless the user changes it).
This is the 1st step in eroding whatever accountability that exists for big government.
Also, it makes it that much harder for scholars of economics, etc to access information that they need.
sorry you think so..
Anytime information is destroyed its a bad thing, does not matter if its by a private corporation or the goverment (especially the government).
Instead of asking the libraries to make this information MORE SECURE*, they are asking that the information be destroied.
* security could be something as simple as..
a) stored in a reseved area
b) accessiable only after you have presented a drivers license or some other photoID.
trust us you don't need to know this stuff.
welcome to the united police state of america