Hello everybody!

We are setting up a network where users should have remote access to their home dirs, located in a common server. Users should be able to login at any machine on the network and have the same home. The home dir will be used mainly for custom configuration of different applications - sensible data should not be stored there, what makes the risk of losing data not so serious (of course, we'd like to avoid it).

Normally we'd use NFS, with LDAP authentication for that. The problem is the latency. The same server has to be accessible by people on different continents. That makes NFS extremely slow.

Does anybody know any asynchronous protocol (or some other solution that deals with latency better) that allows us to mount remote home dirs as transparently as NFS does?

I've tried the unison file synchronizer, but it depends on ssh and I haven't found a transparent way of authenticating the user so he can download his home dir the first time he logs into a machine he has never logged before.

Thank you!

Well, I certainly can't think of any better protocol off the top of my head, not that one may not exist though. I have never heard of anyone trying to do a remote /home over WAN, I have always assumed that was the kind of thing you could really only conceivably do over a relatively high speed local network.

Have you tried pushing NFS through a compressed SSH tunnel? That might jump the speed a little (or not, depending on many factors).

Is there really no other way to handle this? Couldn't users just establish an NX connection whenever they are at a remote location, and leave the NFS /home directories for when they are local?

Hi! Thank you for the quick reply!

I haven't tried, that might help a little, but I fear the latency is the real problem, people have good bandwidths.
Anyway, wouldn't I still have an authentication issue to use SSH? During the first login of the user into a new machine (he has no home dir there yet, so no private key stored), how would I open the ssh tunnel to the server automatically? Could I do that with a dummy user with no access to the server's file system?

Sorry, I don't know what's NX... (this is the first time I try to set up a network environment, so more newbie questions may come...)

Yeah, the user you authenticate the tunnel with would just be to start up the connection, everything that you run through it (like NFS) would be authenticated through their own methods. You would use an account that has limited permissions and can simply forward the NFS ports on the server to the appropriate port on the client machine.

Now that I think of it, this may not be what you are looking for. But NX allows you to setup a remote desktop connection over slow-speed links. So the remote user can log into the server and would be able to use it like he was sitting right in front of it. This means that your remote users would be using X sessions on your central server though, which is going to be a problem with many users (and not great from a security standpoint).