[OpenAFS] Re: modload failing, Sol10 SPARC, 1.4.14

2011-06-08 Thread Andrew Deason 
On Wed, 1 Jun 2011 09:20:51 -0400
Derrick Brashear  wrote:

> >> or, for now, just replace that with
> >> memset(dirHeader->hashTable, 0, NHASHENT*(unsigned short));
> >>
> >> and move along?
> >
> > Yeah but, I'd like to get a better solution for when this happens
> > again.  Prohibiting loops like that would be a bizarre requirement
> > :)
> 
> well, i assume oracle will fix their bug, eventually...

To follow up on this a bit... from what I got from a conversation with
Oracle (incident review ID 2050428), they're treating it as a bug that
-xvector=%none doesn't prevent this optimization, so that should
suppress it in the future. In the meantime there's an undocumented
option -W2,-Rbcopy that can suppress the optimization, or of course we
can remove the loop (gerrit 4829).

I don't really see why they're not going the route of an "hey I'm
building for the kernel" flag and making the compiler deal, but eh.

-- 
Andrew Deason
adea...@sinenomine.net
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Kindle Editions of OpenAFS documentation

2011-06-08 Thread Chas Williams (CONTRACTOR) 
i spent a little time this week trying to get the conversions to 'look
good' using the latest git doc xml sources.  the pdf's are there for
comparison so if you see something odd you can check to see if it is a
conversion artifact.  someone other than me should examine these things
closely to determine if they are 'good enough for general use'.

# adminguide

/afs/cmf/public/chas/auagd000.epub
/afs/cmf/public/chas/auagd000.mobi
/afs/cmf/public/chas/auagd000.pdf

# quick start for unix

/afs/cmf/public/chas/auqbg000.epub
/afs/cmf/public/chas/auqbg000.mobi
/afs/cmf/public/chas/auqbg000.pdf

# user guide

/afs/cmf/public/chas/auusg000.epub
/afs/cmf/public/chas/auusg000.mobi
/afs/cmf/public/chas/auusg000.pdf

you can almost access these files if you dont have afs access via

https://www.secure-endpoints.com/public/afs/cmf/public/chas/

but the web server is missing a mimetype to map the extensions.
(hint hint to the owner of secure-endpoints.com)
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] rhel6 64bit pam_afs_session

2011-06-08 Thread Jonathan Nilsson 

Turns out I just needed some more coffee...


That means pam_afs_session is not running, which probably means that
something else in your PAM configuration is causing PAM to finish before
getting to the lines that you excerpted above.


Well, this is embarrassing... turns out that RHEL6 isn't using 
/etc/pam.d/system-auth any more for sshd. The correct file is 
/etc/pam.d/password-auth (though system-auth is still used for other services... 
grr... more config files to manage!)


Everything works now! Thanks for pointing me in the right direction!


I found that I had to configure pam_afs_session with --libdir=/lib64
otherwise I would get "file not found" errors in /var/log/secure.



./configure --prefix=/usr --libdir=/lib64


That should not have been required.  Could you show the make install
output from the package when you just use --prefix=/usr?


It did install to /lib64/security this time without using --libdir! Sorry about 
that. I bet what happened was that I typed "--libdir=/lib" the first time I 
tried it (we used to use only 32-bit systems so I could see myself typing that 
out of habit).


--
jonathan.nils...@uci.edu
Computing Services
School of Social Sciences
SSPA 4110 | 949.824.1536
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Re: Fedora 15 bugs

2011-06-08 Thread Andrew Deason 
On Wed, 8 Jun 2011 13:11:08 -0500
Andrew Deason  wrote:

> > I've gathered all the debug information, core dumps, and the packages
> > I'm using here:
> > 
> > http://callandor.unity.ncsu.edu/~slack/openafs/20110608/
> 
> `ls -l /etc/mtab` ?
> 
> Also, could you provide the RPM for glibc and its debuginfo? (or tell
> me where I can get them) I think this is just when trying to set the
> mtab information, but without the libc symbols it's a little annoying
> to look through.

Nevermind, I'm pretty sure that's it. It looks like Fedora 15 changed
/etc/mtab to be a symlink to /proc/mounts, which isn't going to be
writable. Gerrit 4825 should fix it; in the meantime, the segfault
should be harmless, as that's the last thing that afsd process will do
before exiting.

-- 
Andrew Deason
adea...@sinenomine.net

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] rhel6 64bit pam_afs_session

2011-06-08 Thread Russ Allbery 
Jonathan Nilsson  writes:

> I configured pam_sss and pam_afs_session essentially the same way as on
> RHEL5. Here is the snip from /etc/pam.d/system-auth:

> auth [success=ok default=1] pam_sss.so use_first_pass
> auth [default=done] pam_afs_sessino.so
> ...
> session optional pam_sss.so
> session required pam_afs_session.so

> And even if I add the "debug" option to pam_afs_session.so, there is never
> any mention of it in /var/log/secure when I try to login.

That means pam_afs_session is not running, which probably means that
something else in your PAM configuration is causing PAM to finish before
getting to the lines that you excerpted above.  Either that, or you're not
logging syslog debug output, I suppose.  pam_afs_session with the debug
option added will never not log something with log-level debug.

> I found that I had to configure pam_afs_session with --libdir=/lib64
> otherwise I would get "file not found" errors in /var/log/secure.

> ./configure --prefix=/usr --libdir=/lib64

That should not have been required.  Could you show the make install
output from the package when you just use --prefix=/usr?

What version of pam-afs-session are you using?

-- 
Russ Allbery (r...@stanford.edu) 
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] rhel6 64bit pam_afs_session

2011-06-08 Thread Dave B 
Hi.

I am in testing on exactly that platform. The pam module is working without a 
hitch. Sounds like the main difference is how you and i are doing user 
directory lookup. I am using nscld which is the replacement for nss ldap. I had 
other issues with sssd and our active directory ldap server, which red hat has 
suggested a fix for. But since the other way works, I do not care.  Find me in 
the irc channel. I go by Red there.

Sent from my Samsung Captivate(tm) on AT&T

Jonathan Nilsson  wrote:

>Hello list,
>
>RHEL6 has been out for a while now so I thought it about time to start testing 
>AFS there and plan upgrading our servers. All the AFS server and client bits 
>(1.4.14) work just fine. The one missing piece is pam_afs_session.
>
>A bit of background: the main hurdle to overcome was that nss-ldap doesn't 
>seem 
>to be available in any default repositories for RHEL6. So instead I am using 
>SSSD for both LDAP user info and Kerberos authentication. All the underlying 
>pieces seem to be working - id , kinit, aklog - all those work and I 
>can then access AFS correctly.
>
>However, when I login via SSH as a user with a home directory on AFS, 
>pam_afs_session does not seem to be working. I get permission denied on my 
>home 
>directory. But klist shows that I have a kerberos ticket, aklog works to get 
>tokens, and then I can access AFS just fine.
>
>I configured pam_sss and pam_afs_session essentially the same way as on RHEL5. 
>Here is the snip from /etc/pam.d/system-auth:
>
>auth [success=ok default=1] pam_sss.so use_first_pass
>auth [default=done] pam_afs_sessino.so
>...
>session optional pam_sss.so
>session required pam_afs_session.so
>
>And even if I add the "debug" option to pam_afs_session.so, there is never any 
>mention of it in /var/log/secure when I try to login.
>
>Does anyone have experience with 64-bit RHEL6? I found that I had to configure 
>pam_afs_session with --libdir=/lib64 otherwise I would get "file not found" 
>errors in /var/log/secure.
>
>./configure --prefix=/usr --libdir=/lib64
>
>At this point, I'm not sure how to determine which piece of the puzzle is 
>broken/missing.
>
>Thanks in advance for any tips!
>
>-- 
>jonathan.nils...@uci.edu
>Computing Services
>School of Social Sciences
>SSPA 4110 | 949.824.1536
>___
>OpenAFS-info mailing list
>OpenAFS-info@openafs.org
>https://lists.openafs.org/mailman/listinfo/openafs-info
>
:��T���&j)b�   b�өzpJ)ߢ�^��좸!��l��b��(���~�+Y���b�ا~�~ȧ~

[OpenAFS] Re: rhel6 64bit pam_afs_session

2011-06-08 Thread Jonathan Nilsson 

Please excuse my typo:


Here is the snip from /etc/pam.d/system-auth:

auth [success=ok default=1] pam_sss.so use_first_pass
auth [default=done] pam_afs_sessino.so


It is spelled correctly in the /etc/pam.d/system-auth file:

auth [default=done] pam_afs_session.so


...
session optional pam_sss.so
session required pam_afs_session.so


--
Jonathan
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] rhel6 64bit pam_afs_session

2011-06-08 Thread Jonathan Nilsson 

Hello list,

RHEL6 has been out for a while now so I thought it about time to start testing 
AFS there and plan upgrading our servers. All the AFS server and client bits 
(1.4.14) work just fine. The one missing piece is pam_afs_session.


A bit of background: the main hurdle to overcome was that nss-ldap doesn't seem 
to be available in any default repositories for RHEL6. So instead I am using 
SSSD for both LDAP user info and Kerberos authentication. All the underlying 
pieces seem to be working - id , kinit, aklog - all those work and I 
can then access AFS correctly.


However, when I login via SSH as a user with a home directory on AFS, 
pam_afs_session does not seem to be working. I get permission denied on my home 
directory. But klist shows that I have a kerberos ticket, aklog works to get 
tokens, and then I can access AFS just fine.


I configured pam_sss and pam_afs_session essentially the same way as on RHEL5. 
Here is the snip from /etc/pam.d/system-auth:


auth [success=ok default=1] pam_sss.so use_first_pass
auth [default=done] pam_afs_sessino.so
...
session optional pam_sss.so
session required pam_afs_session.so

And even if I add the "debug" option to pam_afs_session.so, there is never any 
mention of it in /var/log/secure when I try to login.


Does anyone have experience with 64-bit RHEL6? I found that I had to configure 
pam_afs_session with --libdir=/lib64 otherwise I would get "file not found" 
errors in /var/log/secure.


./configure --prefix=/usr --libdir=/lib64

At this point, I'm not sure how to determine which piece of the puzzle is 
broken/missing.


Thanks in advance for any tips!

--
jonathan.nils...@uci.edu
Computing Services
School of Social Sciences
SSPA 4110 | 949.824.1536
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Re: Fedora 15 bugs

2011-06-08 Thread Andrew Deason 
On Wed, 8 Jun 2011 13:22:33 -0400
Jack Neely  wrote:

> Folks,
> 
> I'm building OpenAFS packages on Fedora 15 and having some trouble
> getting 1.6.0-pre6 working well.  Consistently, afsd is segfaulting to
> some degree.  Dmesg reveals:
> 
> afsd[1319]: segfault at 0 ip 4e4476de sp bf912864 error 4 in 
> libc-2.14.so[4e3df000+185000]
> 
> Although the AFS service seems to start.
> 
> I've gathered all the debug information, core dumps, and the packages
> I'm using here:
> 
> http://callandor.unity.ncsu.edu/~slack/openafs/20110608/

`ls -l /etc/mtab` ?

Also, could you provide the RPM for glibc and its debuginfo? (or tell me
where I can get them) I think this is just when trying to set the mtab
information, but without the libc symbols it's a little annoying to look
through.

-- 
Andrew Deason
adea...@sinenomine.net

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Fedora 15 bugs

2011-06-08 Thread Dan Scott 
Hi,

I have Fedora 15 running with OpenAFS and SELinux enabled - it seems
to be working OK.

I saw this message in the client logs a couple of times:
Jun  8 03:32:02 pc35 systemd[1]: [/etc/rc.d/init.d/openafs:12] PID
file not absolute. Ignoring.

It does appear to segfault occasionally, but only when I start the afsd process.

I'm also getting errors (which appear to be caused by my client) on
the AFS fileserver (Running Fedora 14, OpenAFS 1.4):

Mon Jun  6 14:44:43 2011 BreakDelayedCallbacks FAILED for host
192.168.1.35:42128 which IS UP.  Connection from 192.168.1.35:42128.
Possible network or routing failure.
Mon Jun  6 14:44:43 2011 MultiProbe failed to find new address for
host 192.168.1.35:42128
Mon Jun  6 16:48:00 2011 CB: RCallBackConnectBack (host.c) failed for
host 192.168.1.35:42128
Mon Jun  6 20:03:56 2011 CheckHost_r: Probing all interfaces of host
192.168.1.160:7001 failed, code -01
Mon Jun  6 22:24:52 2011 CB: RCallBackConnectBack (host.c) failed for
host 192.168.1.35:7001
Tue Jun  7 04:46:46 2011 CB: RCallBackConnectBack failed for host
3e2e14f0 (192.168.1.35:7001)
Tue Jun  7 04:46:46 2011 CB: new identity for host 192.168.1.35:7001,
deleting(1 0 0076fe4f-0c37-1de9-bf-2d-aa77 )
Tue Jun  7 04:46:46 2011 CB: new identity for host 192.168.1.35:7001,
deleting(1 0 0076fe4f-0c37-1de9-bf-2d-aa77 )
Tue Jun  7 04:46:46 2011 CallPreamble: Couldn't get CPS. Too many lockers
Tue Jun  7 04:47:46 2011 CB: RCallBackConnectBack failed for host
3e2e1148 (192.168.1.35:7001)
Tue Jun  7 04:47:46 2011 CB: new identity for host 192.168.1.35:7001,
deleting(1 0 0076fe4f-0c37-1de9-bf-2d-aa77 )
Tue Jun  7 04:47:46 2011 CB: new identity for host 192.168.1.35:7001,
deleting(1 0 0076fe4f-0c37-1de9-bf-2d-aa77 )
Tue Jun  7 04:47:46 2011 CB: new identity for host 192.168.1.35:7001,
deleting(1 0 0076fe4f-0c37-1de9-bf-2d-aa77 )
Tue Jun  7 04:47:46 2011 CallPreamble: Couldn't get CPS. Too many lockers
Tue Jun  7 04:48:46 2011 CB: RCallBackConnectBack failed for host
3e2e14f0 (192.168.1.35:7001)
Tue Jun  7 04:48:46 2011 CB: new identity for host 192.168.1.35:7001,
deleting(1 0 0076fe4f-0c37-1de9-bf-2d-aa77 )
Tue Jun  7 04:48:46 2011 CB: new identity for host 192.168.1.35:7001,
deleting(1 0 0076fe4f-0c37-1de9-bf-2d-aa77 )
Tue Jun  7 04:48:46 2011 CB: new identity for host 192.168.1.35:7001,
deleting(1 0 0076fe4f-0c37-1de9-bf-2d-aa77 )
Tue Jun  7 04:48:46 2011 CallPreamble: Couldn't get CPS. Too many lockers
Tue Jun  7 04:49:05 2011 CallPostamble: null ahost for thost
192.168.1.35:7001 (3e2e1148)
Tue Jun  7 04:49:05 2011 FindClient: stillborn client
30022550(482c2a58); conn f401f780 (host 192.168.1.35:7001) had client
30022480(482c2a58)
Tue Jun  7 04:49:05 2011 CallPostamble: null ahost for thost
192.168.1.35:7001 (3e2e1148)
Tue Jun  7 04:49:05 2011 FindClient: stillborn client
300226f0(482c2a58); conn f401f780 (host 192.168.1.35:7001) had client
30022480(482c2a58)
Tue Jun  7 04:49:05 2011 FindClient: stillborn client
30021ed0(482c2a58); conn f401f780 (host 192.168.1.35:7001) had client
30022480(482c2a58)
Tue Jun  7 04:49:05 2011 CallPostamble: null ahost for thost
192.168.1.35:7001 (3e2e1148)
Tue Jun  7 06:50:46 2011 CB: RCallBackConnectBack (host.c) failed for
host 192.168.1.35:7001
Tue Jun  7 13:46:42 2011 CB: RCallBackConnectBack (host.c) failed for
host 192.168.1.36:7001
Tue Jun  7 15:37:38 2011 CB: RCallBackConnectBack (host.c) failed for
host 192.168.1.150:7001
Tue Jun  7 18:13:34 2011 CB: RCallBackConnectBack (host.c) failed for
host 192.168.1.35:7001

I filed a few bugs with Fedora about some SELinux problems that I had
initially - I believe that they have been fixed now.

Thanks,

Dan Scott

On Wed, Jun 8, 2011 at 13:34,   wrote:
> I assume no, but I will ask anyway. Do you have selinux enabled?
>
> Quoting Jack Neely :
>
>> Folks,
>>
>> I'm building OpenAFS packages on Fedora 15 and having some trouble
>> getting 1.6.0-pre6 working well.  Consistently, afsd is segfaulting to
>> some degree.  Dmesg reveals:
>>
>>    afsd[1319]: segfault at 0 ip 4e4476de sp bf912864 error 4 in
>> libc-2.14.so[4e3df000+185000]
>>
>> Although the AFS service seems to start.
>>
>> I've gathered all the debug information, core dumps, and the packages
>> I'm using here:
>>
>>    http://callandor.unity.ncsu.edu/~slack/openafs/20110608/
>>
>> The coredump-abrt-1301.tar.bz2 contains the coredump and other
>> information recorded by ABRT.
>>
>> Jack
>>
>> --
>> Jack Neely 
>> Linux Czar, OIT Campus Linux Services
>> Office of Information Technology, NC State University
>> GPG Fingerprint: 1917 5AC1 E828 9337 7AA4  EA6B 213B 765F 3B6A 5B89
>> ___
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://l

Re: [OpenAFS] Fedora 15 bugs

2011-06-08 Thread Jack Neely 
I do.  I'd very much like the package to work equally with and without
SELinux.  Indeed, things do behave much better without SELinux enabled.

I do not see any avc denials so this doesn't appear to be a SELinux
policy related matter.

Jack

On Wed, Jun 08, 2011 at 01:34:40PM -0400, omall...@msu.edu wrote:
> I assume no, but I will ask anyway. Do you have selinux enabled?
>
> Quoting Jack Neely :
>
>> Folks,
>>
>> I'm building OpenAFS packages on Fedora 15 and having some trouble
>> getting 1.6.0-pre6 working well.  Consistently, afsd is segfaulting to
>> some degree.  Dmesg reveals:
>>
>> afsd[1319]: segfault at 0 ip 4e4476de sp bf912864 error 4 in  
>> libc-2.14.so[4e3df000+185000]
>>
>> Although the AFS service seems to start.
>>
>> I've gathered all the debug information, core dumps, and the packages
>> I'm using here:
>>
>> http://callandor.unity.ncsu.edu/~slack/openafs/20110608/
>>
>> The coredump-abrt-1301.tar.bz2 contains the coredump and other
>> information recorded by ABRT.
>>
>> Jack
>>
>> --
>> Jack Neely 
>> Linux Czar, OIT Campus Linux Services
>> Office of Information Technology, NC State University
>> GPG Fingerprint: 1917 5AC1 E828 9337 7AA4  EA6B 213B 765F 3B6A 5B89
>> ___
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-info
>>
>
>
>
> -- 
> "The information in this email, and attachment(s) thereto, is strictly  
> confidential and may be legally privileged. It is intended solely for  
> the named recipient(s), and access to this e-mail, or any attachment(s) 
> thereto, by anyone else is unauthorized. Violations hereof may result in 
> legal actions. Any attachment(s) to this e-mail have been checked for 
> viruses, but please rely on your own virus-checker and procedures. If you 
> contact us by e-mail, we will store your name and address to facilitate 
> communications in the matter concerned. If you do not consent to us 
> storing your name and address for above stated purpose, please notify the 
> sender promptly. Also, if you are not the intended recipient please 
> inform the sender by replying to this transmission, and delete the 
> e-mail, its attachment(s), and any copies of it without, disclosing it."
>
>

-- 
Jack Neely 
Linux Czar, OIT Campus Linux Services
Office of Information Technology, NC State University
GPG Fingerprint: 1917 5AC1 E828 9337 7AA4  EA6B 213B 765F 3B6A 5B89
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Fedora 15 bugs

2011-06-08 Thread omalleys 

I assume no, but I will ask anyway. Do you have selinux enabled?

Quoting Jack Neely :


Folks,

I'm building OpenAFS packages on Fedora 15 and having some trouble
getting 1.6.0-pre6 working well.  Consistently, afsd is segfaulting to
some degree.  Dmesg reveals:

afsd[1319]: segfault at 0 ip 4e4476de sp bf912864 error 4 in  
libc-2.14.so[4e3df000+185000]


Although the AFS service seems to start.

I've gathered all the debug information, core dumps, and the packages
I'm using here:

http://callandor.unity.ncsu.edu/~slack/openafs/20110608/

The coredump-abrt-1301.tar.bz2 contains the coredump and other
information recorded by ABRT.

Jack

--
Jack Neely 
Linux Czar, OIT Campus Linux Services
Office of Information Technology, NC State University
GPG Fingerprint: 1917 5AC1 E828 9337 7AA4  EA6B 213B 765F 3B6A 5B89
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info





--
"The information in this email, and attachment(s) thereto, is strictly  
confidential and may be legally privileged. It is intended solely for  
the named recipient(s), and access to this e-mail, or any  
attachment(s) thereto, by anyone else is unauthorized. Violations  
hereof may result in legal actions. Any attachment(s) to this e-mail  
have been checked for viruses, but please rely on your own  
virus-checker and procedures. If you contact us by e-mail, we will  
store your name and address to facilitate communications in the matter  
concerned. If you do not consent to us storing your name and address  
for above stated purpose, please notify the sender promptly. Also, if  
you are not the intended recipient please inform the sender by  
replying to this transmission, and delete the e-mail, its  
attachment(s), and any copies of it without, disclosing it."



___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Fedora 15 bugs

2011-06-08 Thread Jack Neely 
Folks,

I'm building OpenAFS packages on Fedora 15 and having some trouble
getting 1.6.0-pre6 working well.  Consistently, afsd is segfaulting to
some degree.  Dmesg reveals:

afsd[1319]: segfault at 0 ip 4e4476de sp bf912864 error 4 in 
libc-2.14.so[4e3df000+185000]

Although the AFS service seems to start.

I've gathered all the debug information, core dumps, and the packages
I'm using here:

http://callandor.unity.ncsu.edu/~slack/openafs/20110608/

The coredump-abrt-1301.tar.bz2 contains the coredump and other
information recorded by ABRT.

Jack

-- 
Jack Neely 
Linux Czar, OIT Campus Linux Services
Office of Information Technology, NC State University
GPG Fingerprint: 1917 5AC1 E828 9337 7AA4  EA6B 213B 765F 3B6A 5B89
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info