import from sipb-afs-sync.html

diff --git a/projects/sipb-afs-sync.mdwn b/projects/sipb-afs-sync.mdwn
new file mode 100644 (file)
index 0000000..a7d141a
--- /dev/null
+++ b/projects/sipb-afs-sync.mdwn
@@ -0,0 +1,36 @@
+# SIPB AFS-Moira Synchronizer
+
+  The SIPB AFS-Moira Synchronizer allows SIPB cell AFS groups to be
+  automatically synchronized with a related Moira group by adding the
+  Moira list to the Moira list <tt>sipb-afs-sync</tt>.  In theory,
+  this should eliminate most of the need to contact
+  <tt>sipb-afsreq</tt> in order to control ACLs for SIPB project
+  lockers (requests to <tt>sipb-afsreq</tt> are still necessary to get
+  new lockers created).
+
+## Usage
+  Suppose you have a Moira list <tt>super-project</tt> that you
+  want synchronized with the <tt>sipb.mit.edu</tt> cell so that you
+  can use it as the ACL in the <tt>sipb.mit.edu</tt> AFS cell.  To set
+  it up to by synchronized, you first need to make sure that
+  <tt>super-project</tt> is flagged as an AFS group in Moira (so that
+  there is a corresponding <tt>athena.mit.edu</tt> cell group), and
+  add <tt>super-project</tt> to the <tt>sipb-afs-sync</tt> list, as
+  follows:
+
+    blanche super-project -G
+    blanche sipb-afs-sync -a super-project
+
+  The membership of the AFS group <tt>system:super-project</tt>
+  will then be copied from the <tt>athena.mit.edu</tt> cell into the
+  <tt>sipb.mit.edu</tt> cell, creating the group if necessary, and
+  creating sipb cell PTS entries for any Kerberos principals as
+  necessary.
+
+  Currently, the synchronization is run in a cron job that updates
+  every 15 minutes.  Certain special groups (like
+  system:administrators) are in a blacklist that will not be
+  synchronized.  If you want to change the blacklist status of a
+  group, contact <tt>sipb-afsreq</tt>.
+
+  Maintainers: <tt>tabbott</tt>, <tt>nelhage</tt>