[OpenAFS] OpenAFS Newsletter, Volume 3, Issue 3, March 2011

2011-03-17 Thread Jason Edgecombe 

The March 2011 OpenAFS newsletter is now available at
http://www.openafs.org/newsletter/newsletter-2011-03-volume003-issue03.html. 



Thanks,
Jason
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] pam_afs_session in Fedora?

2011-03-17 Thread Ken Dreyer 
On Thu, Mar 17, 2011 at 7:03 PM, Russ Allbery  wrote:
> Ken Dreyer  writes:
>> On Thu, Mar 17, 2011 at 6:48 PM, Russ Allbery  wrote:
>
>>>  If you build on a system without any aklog, you will have to specify
>>>  it via either the PAM options or krb5.conf.
>
>> Rats. There is no aklog in the path at compile time, because no
>> package in Fedora provides /usr/bin/aklog.
>
> Well, you can force the aklog path with --with-aklog=/usr/bin/aklog and
> then it will compile in that path regardless of whether one is installed
> on the system or not.  That's what I do with the Debian package builds.
> Does that help?

I was hesitant to hard-code the path to be /usr/bin (eg.
/usr/afsws/bin anyone? :-) But if it's good enough for Debian, it is
good enough for me! (Not to mention the FHS.) I'll build a new version
of the package. Thanks for the advice.

- Ken
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] pam_afs_session in Fedora?

2011-03-17 Thread Russ Allbery 
Ken Dreyer  writes:
> On Thu, Mar 17, 2011 at 6:48 PM, Russ Allbery  wrote:

>>  If you build on a system without any aklog, you will have to specify
>>  it via either the PAM options or krb5.conf.

> Rats. There is no aklog in the path at compile time, because no
> package in Fedora provides /usr/bin/aklog.

Well, you can force the aklog path with --with-aklog=/usr/bin/aklog and
then it will compile in that path regardless of whether one is installed
on the system or not.  That's what I do with the Debian package builds.
Does that help?

-- 
Russ Allbery (r...@stanford.edu) 
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] pam_afs_session in Fedora?

2011-03-17 Thread Ken Dreyer 
On Thu, Mar 17, 2011 at 6:48 PM, Russ Allbery  wrote:
>  If you build on a system without any aklog, you will have to specify
>  it via either the PAM options or krb5.conf.

Rats. There is no aklog in the path at compile time, because no
package in Fedora provides /usr/bin/aklog.

It sounds like if you want to use the Fedora packages, you'll have to
specify the path to your aklog.

- Ken
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] pam_afs_session in Fedora?

2011-03-17 Thread Russ Allbery 
Ken Dreyer  writes:

> Given what we've discussed about the dependencies available in Fedora,
> is there any way to avoid the requirement to specify the path to
> aklog? Eg.

> [appdefaults]
> pam-afs-session = {
> program = /usr/bin/aklog
> }

Avoid specifying it at build time, you mean?  You don't have to say where
aklog is; if you don't, it will pick it up from your PATH.  If you build
on a system without any aklog, you will have to specify it via either the
PAM options or krb5.conf.  You can force that state by passing
--without-aklog to configure.

I'm not sure if that answers your question.

-- 
Russ Allbery (r...@stanford.edu) 
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] pam_afs_session in Fedora?

2011-03-17 Thread Ken Dreyer 
On Fri, Feb 18, 2011 at 11:35 AM, Russ Allbery  wrote:
> Ken Dreyer  writes:
>
>> I would like to try to get Russ's pam_afs_session into Fedora/EPEL.
>> Since OpenAFS itself is not permitted for inclusion (I think it's
>> because "no kernel modules"?), I'm hoping that there will still be
>> utility to at least having pam_afs_session available. It won't be built
>> with openafs-devel, but I don't think that's a problem, right?  I've
>> tested building in mock without depending on AFS at all, and it seems to
>> work.
>
> Yes, you should be able to build the package without any AFS libraries or
> dependencies at all.  It can use its own embedded implementation of the
> kafs layer on Linux.  That's how I build it for Debian.
>
> It doesn't do anything unless AFS is installed and working on the system,
> so I don't know what Fedora's take will be on that, but building it
> shouldn't be an issue.

I was able to get pam-afs-session 2.2 into Fedora and EPEL. They
should be hitting updates-testing and epel-testing soon.

Given what we've discussed about the dependencies available in Fedora,
is there any way to avoid the requirement to specify the path to
aklog? Eg.

[appdefaults]
pam-afs-session = {
program = /usr/bin/aklog
}

- Ken
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] SNMP?

2011-03-17 Thread Jeff Blaine 

Is there anything queryable in OpenAFS via SNMP?  I can only
find ancient mailing list comments about it (1998) when
searching openafs.org ... and a sad note about Kevin McBride's
passing in 2008 when searching Google :(

And "No matches found" via

http://git.openafs.org/?p=openafs.git&a=search&h=HEAD&st=grep&s=SNMP
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Strange logs from a Windows Client

2011-03-17 Thread Steve Simmons 

On Mar 17, 2011, at 5:16 PM, Russ Allbery wrote:

>> We have occasionally seen these. Other folks here tell me it's usually
>> due to low-quality hacking tools doing UDP-based probes. When they
>> happen here, the source address is always from various places
>> off-campus.
> 
> That was my first thought as well, but it's a fairly huge coincidence for
> a generic hacking tool to connect to port 7000 from source port 7001.

Yah, that does look odd. Unfortunately all our old instances of it have expired 
from my email trash. Next time it occurs I'll see if ours are like 
that.___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Strange logs from a Windows Client

2011-03-17 Thread Russ Allbery 
Steve Simmons  writes:
> On Mar 10, 2011, at 10:46 AM, Claudio Prono wrote:

>> I have found some strange logs from a windows Client to my AFS:

>> Mar  9 14:52:22 afs kernel: [8648828.273271] UDP: short packet: From
>> xxx.xxx.xxx.68:7001 88/73 to xxx.xxx.xxx.xxx:7000
>> Mar  9 15:16:39 afs kernel: [8650285.187992] UDP: short packet: From
>> xxx.xxx.xxx.68:7001 78/73 to xxx.xxx.xxx.xxx:7000
>> Mar  9 16:28:58 afs kernel: [8654623.984326] UDP: short packet: From
>> xxx.xxx.xxx.68:7001 76/73 to xxx.xxx.xxx.xxx:7000

>> Any idea of what can be? I have looked at the Client, but all seems ok

> We have occasionally seen these. Other folks here tell me it's usually
> due to low-quality hacking tools doing UDP-based probes. When they
> happen here, the source address is always from various places
> off-campus.

That was my first thought as well, but it's a fairly huge coincidence for
a generic hacking tool to connect to port 7000 from source port 7001.

-- 
Russ Allbery (r...@stanford.edu) 
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Strange logs from a Windows Client

2011-03-17 Thread Steve Simmons 

On Mar 10, 2011, at 10:46 AM, Claudio Prono wrote:

> Hello all,
> 
> I have found some strange logs from a windows Client to my AFS:
> 
> Mar  9 14:52:22 afs kernel: [8648828.273271] UDP: short packet: From
> xxx.xxx.xxx.68:7001 88/73 to xxx.xxx.xxx.xxx:7000
> Mar  9 15:16:39 afs kernel: [8650285.187992] UDP: short packet: From
> xxx.xxx.xxx.68:7001 78/73 to xxx.xxx.xxx.xxx:7000
> Mar  9 16:28:58 afs kernel: [8654623.984326] UDP: short packet: From
> xxx.xxx.xxx.68:7001 76/73 to xxx.xxx.xxx.xxx:7000
> 
> Any idea of what can be? I have looked at the Client, but all seems ok

We have occasionally seen these. Other folks here tell me it's usually due to 
low-quality hacking tools doing UDP-based probes. When they happen here, the 
source address is always from various places 
off-campus.___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [Fwd: Re: [OpenAFS] OpenAFS Backups]

2011-03-17 Thread Thomas Smith 
On Thu, Mar 17, 2011 at 9:28 AM, Uee'o Ouihi  wrote:
> On Thu, 17 Mar 2011, Thomas Smith wrote:
>
>> Teradactyl is _very_ expensive, cost prohibitively so for many. (I
>> recently looked at it as a potential replacement [for consolidation]
>> for my current backup systems--BackupAFS and Zmanda.)
>
> Seconded. At ${previousJob}, we contacted Teradactyl regarding TiBs and it
> was outrageously expensive. ${previousBoss} said it amounted to "information
> super-highway robbery." :-)

I wouldn't go _that_ far. :-)

Teradactyl has its place. It is very nice and very functional
software. Their pricing structure is geared, as someone previously
stated, more towards enterprise (i.e. large) environments. So it may
be cost prohibitive for small- or even medium-sized environment.

It really just depends on your environment, your needs, and your budget.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [Fwd: Re: [OpenAFS] OpenAFS Backups]

2011-03-17 Thread Uee'o Ouihi 
On Thu, 17 Mar 2011, Thomas Smith wrote:

> Teradactyl is _very_ expensive, cost prohibitively so for many. (I
> recently looked at it as a potential replacement [for consolidation]
> for my current backup systems--BackupAFS and Zmanda.)

Seconded. At ${previousJob}, we contacted Teradactyl regarding TiBs and it
was outrageously expensive. ${previousBoss} said it amounted to "information
super-highway robbery." :-)

> I've been using BackupAFS for a few months now and it is working
> pretty well. The initial setup is a bit involved--but once it's up and
> running, it pretty much just works. Definitely worth a look.

Interesting. I'll be checking this out.

U.O.

Re: [Fwd: Re: [OpenAFS] OpenAFS Backups]

2011-03-17 Thread Gary Buhrmaster 
> Not sure why anyone would want to use anything other than Teradactyl.

As with all else, it depends on your requirements.

Teradactyl is clearly a solution targeting the enterprise
space with enterprise capability, support, overheads,
and pricing.  TSM and NetBackup target the same
space (although AFS support varies)

For those who either want, need, or are required to
have solid disaster recovery and business continuity
plans (demonstrable to competent auditors, not those
who want a "backup?, yes" check mark), enterprise
solutions (including their costs) are usually the only
ones that provide comfort to the C level execs, and
they are the ones who have to decide if they can
"risk the business" by not having a solid plan.

As with much else, it is possible for organizations to
build an enterprise class solution in house.  These
tend to be very house specific though (because of
the long term built-in presumptions).  They are often
better at solving the point needs of that particular
house than a generic solution.

At the other extreme, not everyone needs to be able
to recover their data in the event of a major disaster,
or even a bus event (the key system admin got run
over by a bus).

Gary
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [Fwd: Re: [OpenAFS] OpenAFS Backups]

2011-03-17 Thread Rich Sudlow 


On Mar 17, 2011, at 6:15 AM, Harald Barth wrote:




Not sure why anyone would want to use anything other than Teradactyl.


1. $$


I keep hearing this - but quite frankly find Teradactyl quite  
inexpensive.

I think much of this depends on the size of the cell.



2. Integration with existing system and tape robot lacking.

  At the time we were running TSM and DMF against the same
  tape robot and did not want a third system "fighting" for
  tape drives.


I'm not sure this has anything to do with the use of Teradactyl but
instead the complexity of your backup environment.  If you're using
TSM you'll find Teradactyl a real bargain ;-)

Rich




---

Another option is to use the software written by Anders Magnusson
 which does per file backups to TSM. We do only per
volume backups.




Harald.


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [Fwd: Re: [OpenAFS] OpenAFS Backups]

2011-03-17 Thread Harald Barth 

> Not sure why anyone would want to use anything other than Teradactyl.

1. $$

2. Integration with existing system and tape robot lacking.

   At the time we were running TSM and DMF against the same
   tape robot and did not want a third system "fighting" for
   tape drives.

---

Another option is to use the software written by Anders Magnusson
 which does per file backups to TSM. We do only per
volume backups.

Harald.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] OpenAFS Backups

2011-03-17 Thread Harald Barth 

> Over at UCSC we're evaluating our AFS backup options- to this point
> we've been using the native OpenAFS tape and backup tools, but we're
> wondering if anyone does it a different, better way?

We have some scripts that in the inside do something like

vos dump volname.backup | tsmpipe -c -f 
volname.baclup..

tsmpipe is a small program written by the nice guys in Umeå that uses
the TSM (IBM backup system) API to archive the volume dump (or
whatever is piped into it).

Harald.


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] OpenAFS Backups

2011-03-17 Thread Atro Tossavainen 
Bill,

> Over at UCSC we're evaluating our AFS backup options- to this point we've 
> been using the native OpenAFS tape and backup tools, but we're wondering if 
> anyone does it a different, better way?

Still using the scripts I got from Nathan Rawling on the old info-afs
list back in June 2000 to back up AFS using NetWorker by dumping volumes
to local files and from there to whatever NetWorker is configured to do.

-- 
Atro Tossavainen (Mr.)   / Working for Infinite Mho Oy in 2011
Techno-Amish & UNIX Dinosaur/ 
+358-40-529-4071, -44-5000-600 / and beyond? who knows
< URL : http : / / www . infinitemho . fi / >
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [Fwd: Re: [OpenAFS] OpenAFS Backups]

2011-03-17 Thread Thomas Smith 
On Wed, Mar 16, 2011 at 2:20 PM, Rich Sudlow  wrote:
>
> Here at Notre Dame (CRC) we use Teradactyl with a Sony
> Petasite -
> pro.sony.com/bbsccms/assets/files/cat/datastorage/articles/notredame.pdf
>
> Not sure why anyone would want to use anything other than Teradactyl.

Teradactyl is _very_ expensive, cost prohibitively so for many. (I
recently looked at it as a potential replacement [for consolidation]
for my current backup systems--BackupAFS and Zmanda.)

I've been using BackupAFS for a few months now and it is working
pretty well. The initial setup is a bit involved--but once it's up and
running, it pretty much just works. Definitely worth a look.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info