[plug] How-To Murder?
Bernd Felsche
bernie at innovative.iinet.net.au
Thu Apr 22 00:07:33 WST 2004
On Wednesday 21 April 2004 15:26, Craig Ringer wrote:
> Bernd Felsche wrote:
> > I found a few vague hints at
> > http://asg.web.cmu.edu/andrew2/coverage/FAQ.coverage.html#cyrus-aggr
> > I'd rather not go on the bleeding edge of Cyrus for production
> > environments.
> Understandably. I thought the info I sent would be of interest for the
> future - I wasn't suggesting it for any immediate use.
> I take it that 'doc/install-murder.html' (present in at least 2.2.3)
> wasn't useful?
Useful, but a bit spotty in details. I think it assumes that I
already know a lot more about Cyrus. I don't have a sand-box lab to
test it so my level of confidence is very low.
Add to that the tiny matter of most of the back-end machines being
deployed more than 3000 km away...
> When it comes to authentication, I think most people run murders in
> combination with distributed authentication schemes like LDAP and
> Kerberos. I've heard good things about both, especially LDAP with
> replica LDAP servers on each backend and frontend in the murder.
SASL is mentioned.
> It's unfortunate that Cyrus Murder only provides scalability, not
> redundancy and failover - it'd be a killer service if it could do both.
> > Of
> > course, Samba broke and I had to install Smaba3 on Monday. Then they
> > decided, after another 20 point drop in IQ to enable RAS, DHCP, DNS
> > and "intranet" on the bloody thing... which "broke" Samba3. The
> > Samba server hadn't been listed in DNS.
>
> Let me guess - it's all Samba's fault to them?
OF course. But the geek who made the changes at least figured out
that it was a naming problem he created when changing the order of
name resolution after I asked him about the "few changes" he'd made
after I left the system running.
Eventually ended up resorting to WINS for get the Win95...WinXP all
working acceptably.
> > And Win2003 DHCP doles out addresses without first checking to see
> > if the address is in use.
> Doesn't every DHCP server? I could've sworn that most happily
> handed out addresses within their assigned range without any
> checks, leaving it up to the admin to make sure that range was
> clear for use by the DHCP server.
Erm no. ISC DHCP first pings the address before handing it out.
The extra delay is a worthwhile sacrifice compared to breaking a
network connection to an existing host; which with Windows can
easily result in file corruption.
More information about the plug
mailing list