[plug] How-To Murder?

Bernd Felsche bernie at innovative.iinet.net.au
Thu Apr 22 00:07:33 WST 2004

On Wednesday 21 April 2004 15:26, Craig Ringer wrote:
> Bernd Felsche wrote:
> > I found a few vague hints at
> > http://asg.web.cmu.edu/andrew2/coverage/FAQ.coverage.html#cyrus-aggr

> > I'd rather not go on the bleeding edge of Cyrus for production
> > environments.

> Understandably. I thought the info I sent would be of interest for the
> future - I wasn't suggesting it for any immediate use.

> I take it that 'doc/install-murder.html' (present in at least 2.2.3)
> wasn't useful?

Useful, but a bit spotty in details. I think it assumes that I
already know a lot more about Cyrus. I don't have a sand-box lab to
test it so my level of confidence is very low.

Add to that the tiny matter of most of the back-end machines being
deployed more than 3000 km away...

> When it comes to authentication, I think most people run murders in
> combination with distributed authentication schemes like LDAP and
> Kerberos. I've heard good things about both, especially LDAP with
> replica LDAP servers on each backend and frontend in the murder.

SASL is mentioned.

> It's unfortunate that Cyrus Murder only provides scalability, not
> redundancy and failover - it'd be a killer service if it could do both.

> > Of
> > course, Samba broke and I had to install Smaba3 on Monday. Then they
> > decided, after another 20 point drop in IQ to enable RAS, DHCP, DNS
> > and "intranet" on the bloody thing... which "broke" Samba3. The
> > Samba server hadn't been listed in DNS.
> Let me guess - it's all Samba's fault to them?

OF course. But the geek who made the changes at least figured out
that it was a naming problem he created when changing the order of
name resolution after I asked him about the "few changes" he'd made
after I left the system running.

Eventually ended up resorting to WINS for get the Win95...WinXP all
working acceptably.

> > And Win2003 DHCP doles out addresses without first checking to see
> > if the address is in use.

> Doesn't every DHCP server? I could've sworn that most happily
> handed out addresses within their assigned range without any
> checks, leaving it up to the admin to make sure that range was
> clear for use by the DHCP server.

Erm no. ISC DHCP first pings the address before handing it out.
The extra delay is a worthwhile sacrifice compared to breaking a
network connection to an existing host; which with Windows can
easily result in file corruption.

More information about the plug mailing list