On Sat, 5 Mar 2016, Karl-Philipp Richter wrote: > > Am 06.03.2016 um 00:46 schrieb Brandon Allbery: > > That documentation sounds out of date, or possibly just incomplete. > The sequence described in 2.24 doesn't correspond to what you mention... > and to make sense. > > > When the client is using an actual root.afs volume, the command you gave > > will only work before a read-only replica has been created and released > > (vos addsite / vos release); > I'm running the command on the first AFS machine where client > functionality is installed in order to minimize issues which might occur > due to client server communication. `vos addsite` and `vos release` > succeed, but don't change the behavior. > > It's very hard to figure this out without an explanation. Can the quick > start guide be updated, please?
It is certainly possible to update the quickstart guide. Concrete references to a section number or HTML url wherein you want the change to be made would help. Looking at http://docs.openafs.org/QuickStartUnix/HDRWQ80.html, I see: % The top-level AFS directory, typically /afs, is a special case: when the % client is configured to run in dynroot mode (e.g. afsd -dynroot, % attempts to set the ACL on this directory will return Connection timed % out. This is because the dynamically- generated root directory is not a % part of the global AFS space, and cannot have an access control list set % on it. Prior to that is a note about "When the root.afs volume is replicated, the Cache Manager is programmed to access its read-only version (root.afs.readonly) whenever possible.", and a note that mounting the read-write copy elsewhere is needed in order to make modifications. To me (as someone who already understands what's going on), that seems sufficient, so I really need more concrete input as to what should be improved before I can go about making useful changes. > In the meantime I found > https://lists.openafs.org/pipermail/openafs-info/2008-December/030553.html > which suggest to fix the kerberos key algorithms which I checked. That posting predates http://openafs.org/pages/security/OPENAFS-SA-2013-003.txt; you should not use des-cbc-crc (or des-cbc-md5 or other single-des enctypes) for the AFS cell-wide key. (If the Quick Start guide indicates to create a single-des key, please let me know -- I thought I had removed all such references.) -Ben _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
