On Sat, 17 Mar 2007, Marcus Watts wrote:
Folks that have an opinion on how this should be organized should
feel free to speak up. Documentation and web pages don't get better
if people don't complain or better yet, offer improvements.
We actually are working on a whole new format for the web
On Fri, 16 Mar 2007, Paul Johnson wrote:
In the website http://www.openafs.org, I do not find any package 1.4.3rc3.
Where is it?? In there, it looks like 1.4.2 is the end of the line.
I go to www.openafs.org
I see
2-Mar-2007 - OpenAFS 1.4.3 release candidate 3 available
OpenAFS 1.4.3rc3
"Paul Johnson" <[EMAIL PROTECTED]> writes:
> Message-ID: <[EMAIL PROTECTED]>
> From: "Paul Johnson" <[EMAIL PROTECTED]>
> To: openafs-info@openafs.org
> In-Reply-To: <[EMAIL PROTECTED]>
> Subject: Re: [OpenAFS] Trouble compiling openafs with new FC5 and FC6 kernels
> Date: Fri, 16 Mar 2007 22:55:40
In the website http://www.openafs.org, I do not find any package 1.4.3rc3.
Where is it?? In there, it looks like 1.4.2 is the end of the line.
I did find a development version 1.5.16 and it does compile and install.
However, when I try to start the openafs-client service, I get the
incredibly h
Not currently
On Fri, 16 Mar 2007, Adam Megacz wrote:
Is there any option for the OpenAFS client that will cause it to
refuse to associate tokens with a userid (rather than a PAG)?
This is the default behavior when aklog is invoked outside of a PAG --
any tokens get associated with all proces
Is there any option for the OpenAFS client that will cause it to
refuse to associate tokens with a userid (rather than a PAG)?
This is the default behavior when aklog is invoked outside of a PAG --
any tokens get associated with all processes under that userid which
do not have a PAG. I'm wonder
I don't suppose you tried 1.4.3rc3?
On Fri, 16 Mar 2007, Paul Johnson wrote:
I've been using the stable openafs-1.4.2 for some time and have not
had so much difficulty compiling it. For about 2 months, I've been
using a patch that stops openafs from looking for config.h in the
linux source, an
Robert Banz <[EMAIL PROTECTED]> writes:
>> What is required is functionality in the KDC that says "generate a new
>> key for service X but don't use it yet".
>>
>> Then you could distribute the key to your servers and after they were
>> all updated, you could activate the use of the new key.
> T
>
> Hello everybody,
>
> We have an afs cell (atc.unican.es) installed in a HP Proliand DL380 G3
> and Linux (Debian 3.0 r2) server. The afs partitions (vicepxx) for this
> cell are located in a HP MSA20 (SATA disk drive storage enclosure with
> 12 SATA disks with Ultra320 SCSI host connectivity a
* Steve Simmons [2007-03-15 13:03:44 -0400]:
> On Mar 15, 2007, at 9:03 AM, Jose Angel Herrero wrote:
>
> >We have an afs cell (atc.unican.es) installed in a HP Proliand
> >DL380 G3 and Linux (Debian 3.0 r2) server. The afs partitions
> >(vicepxx) for this cell are located in a HP MSA20 (SATA
I've been using the stable openafs-1.4.2 for some time and have not
had so much difficulty compiling it. For about 2 months, I've been
using a patch that stops openafs from looking for config.h in the
linux source, and that was the only change needed.
Today, security updates for fc5 AND fc6 were
What is required is functionality in the KDC that says "generate a new
key for service X but don't use it yet".
Then you could distribute the key to your servers and after they were
all updated, you could activate the use of the new key.
That functionality could be simulated with a script ge
Robert Banz wrote:
>
> Wouldn't a better key-update-transition plan be:
>
> * create a new key
> * stash it in the KeyFile in the next kvno slot
> * wait until the servers pick it up
> * update the afs key on the kdc to match the new value (make sure it
> matches the kvno that you used before)
>
Wouldn't a better key-update-transition plan be:
* create a new key
* stash it in the KeyFile in the next kvno slot
* wait until the servers pick it up
* update the afs key on the kdc to match the new value (make sure it
matches the kvno that you used before)
* profit.
From what I understand
A V Le Blanc <[EMAIL PROTECTED]> writes:
> On a test cell, I've been able to change the encryption key as follows:
> I change the afs password using kadmin and export it to the KeyFile. I
> then have to kill the bos process and all server processes on all
> servers, since my old admin tokens don'
in addition to the well known rlidwka, there are also some extra,
"reserved" acl bits: ABCDEFGH (PRSFS_USR0-7)
AFS currently uses none of these. I know of a site which used G for a
while to encode that group rather than owner mode bits would apply to
people with that bit applied to them. Is an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I am looking for an expert in AFS who does consulting in the NY city area.
Please contact me ASAP.
- --
David Sonenberg
Director, Information Technology
Stroz Friedberg, LLC
15 Maiden Lane
Suite 1208
New York, N10038
Tel 212.981.6527
Fax 212.981.654
The old Transarc documents recommend changing your server encryption
key every month. We've done it about 9 times in 16 years, and did
it last before we migrated to Kerberos V. The explanation of how
to change the encryption key assumes that you are using kaserver
and kas, so it's out of date any
18 matches
Mail list logo
