Scalable Authenticated File Service
for Ordinary Clients

Abstract

Organizations that provide a variety of file services to tens or hundreds of thousands of people use central authentication and distributed file systems to gain redundancy, integration and scalability that standalone file systems lack. The distributed approach also promotes collaboration, since the entire community enjoys a unified location-independent view of and controlled access to a shared aggregate file space.

In practice, services based on distributed file systems have reached a limited audience, since many client operating systems (e.g., Windows and MacOS) come with proprietary authentication and file sharing mechanisms that interoperate only with servers on the same platform. Many potential users won't install special client software on their personal computers to gain access to a "foreign" distributed file system, even if the organization buys the license.

An effective solution that retains scalability while promoting widespread use is to make the organization's scalable central authentication and distributed file system available to popular client operating systems through their native protocols. The idea is implemented by a three-tiered [authentication/file service] architecture in which the inner tiers support scalable distributed mechanisms (e.g., [Kerberos/AFS] or [DCE/DFS]), the outer tiers support popular mechanisms (e.g., [Microsoft Challenge and Response/SMB], [Apple Random Number Exchange/AFP] or [X.509/HTTPS]), and the middle tier acts as a gateway for both authentication and file service.