> Translation: Derrick will piss and moan about it for a few years, but
> eventually stop ... or you will learn to ignore it, I can't really
> tell the difference anymore :-)
>
> I am not particularly in love with the idea of exec'ing translate_et just
> to translate errors for asetkey ... the peo
>> This probably isn't good in the general case, but can't asetkey simply
>> exec translate_et itself when an AFS error is encountered? Or is that a
>> really bad idea?
>
>Ask Ken what I think of the exec method.
Translation: Derrick will piss and moan about it for a few years, but
eventually sto
On Mon, 9 Apr 2007, Christopher D. Clausen wrote:
Derrick J Brashear <[EMAIL PROTECTED]> wrote:
On Mon, 9 Apr 2007, Ken Hornstein wrote:
In this particular case (asetkey), since the interesting thing is to
get ACFG errors out, and it's all on the AFS side of things, getting
the right thing to
Derrick J Brashear <[EMAIL PROTECTED]> wrote:
> On Mon, 9 Apr 2007, Ken Hornstein wrote:
>
>>> In this particular case (asetkey), since the interesting thing is to
>>> get ACFG errors out, and it's all on the AFS side of things, getting
>>> the right thing to happen is doable.
>>
>> Sure, _this_ ti
Ken Hornstein <[EMAIL PROTECTED]> writes:
> To:
> In-Reply-To: <[EMAIL PROTECTED]>
> From: Ken Hornstein <[EMAIL PROTECTED]>
> Subject: Re: [OpenAFS] asetkey: failed to set key, code 70354694
> Date: Mon, 09 Apr 2007 22:09:16 -0400
>
> >In this particular case (asetkey), since the interesting t
On Mon, 9 Apr 2007, Ken Hornstein wrote:
In this particular case (asetkey), since the interesting thing is to
get ACFG errors out, and it's all on the AFS side of things, getting
the right thing to happen is doable.
Sure, _this_ time you want the AFS errors ... what happens next time
when you
>In this particular case (asetkey), since the interesting thing is to
>get ACFG errors out, and it's all on the AFS side of things, getting
>the right thing to happen is doable.
Sure, _this_ time you want the AFS errors ... what happens next time
when you want the Kerberos error out?
--Ken
__
dotmatt <[EMAIL PROTECTED]> writes:
> Subject: [OpenAFS] Maximum # of users
> Sender: [EMAIL PROTECTED]
> Errors-To: [EMAIL PROTECTED]
> Date: Mon, 9 Apr 2007 18:27:33 -0400
>
> Hello-
> I have a .edu environment with a single Kerberos realm (MIT Krb5, no
> Krb4) with ~70,000 principals. I'm no
Hello-
I have a .edu environment with a single Kerberos realm (MIT Krb5, no
Krb4) with ~70,000 principals. I'm not sure I have my terminology
right, but what is the maximum number of pts user entries I can
allocate in a single AFS cell?
I'm thinking about deploying a single AFS cell, where each
Ken Hornstein <[EMAIL PROTECTED]> writes:
> >>
> >> "com_err sucks"
> >>
> >> Well, more precisely "no 2 com_errs are alike"
> >>
> >
> >Ok, so there is the whole com_err mess. But openafs has
> >its own com_err so that "shouldn't" matter.
>
> asetkey is one of those programs that has to link
Jim Rees <[EMAIL PROTECTED]> writes:
> Date: Mon, 9 Apr 2007 14:58:41 -0500
> From: Jim Rees <[EMAIL PROTECTED]>
> To: Marcus Watts <[EMAIL PROTECTED]>
> Cc: openafs-info
> Subject: Re: [OpenAFS] asetkey: failed to set key, code 70354694
> Message-ID: <[EMAIL PROTECTED]>
>
> Marcus Watts wrote:
>
Doesn't seem to be in the sources... Is it in the cvs tree?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of chas williams - CONTRACTOR
Sent: Monday, April 09, 2007 12:35 PM
To: Jim Rees
Cc: OpenAFS-Info
Subject: Re: [OpenAFS] How to volunteer?
In message
>>
>> "com_err sucks"
>>
>> Well, more precisely "no 2 com_errs are alike"
>>
>
>Ok, so there is the whole com_err mess. But openafs has
>its own com_err so that "shouldn't" matter.
asetkey is one of those programs that has to link against Kerberos 5
as well as OpenAFS libraries. So, which co
Marcus Watts wrote:
Ok, so there is the whole com_err mess. But openafs has
its own com_err so that "shouldn't" matter.
Isn't the problem here that asetkey needs both the OpenAFS and the Kerberos
com_errs, but you can't have both in a single program? I'll admit I'm not
an expert on this sub
Jason Edgecombe wrote:
> Hi,
>
> We run an AFS cell with a kerberos 5 kdc and still have krb5/kas
> authentication in parallel. I'm looking to upgrade the kerberos server
> to version 1.6. This works well in my test setup. My question is "how
> does adding supporting encryption types interact with
"chas williams <- CONTRACTOR" <[EMAIL PROTECTED]>> writes:
> i am not the doc guru, but
> doc/htmloriginal ibm html doc
> doc/man-pages pod sources for man pages (converted from
> original ibm html source).
> doc/xml xml sources for manu
Jim Rees <[EMAIL PROTECTED]> writes:
> This information should be in the tree somewhere, probably either
> README.DOC or doc/README. Right now if you look in the doc subdir it's
> not clear what you're looking at. There should also be something about
> doc/man-pages.
> I'll create the file if w
Christopher D Clausen <[EMAIL PROTECTED]> writes:
> Is the openafs-doc list being actively used? There don't seem to have
> been any posts since Feb 2006.
> https://lists.openafs.org/mailman/listinfo/openafs-doc
> I would imagine that anyone working on documentation should be on this
> list.
Ken Hornstein wrote:
>> No, this is the /usr/afs/etc/krb.conf trick.
>
> I see some stuff under #ifdef AFS_KERBREALM_ENV, but I can't possibly
> see how it would work like it's supposed to ... afs_krb_get_lrealm()
> reads the _first_ line of /usr/afs/etc/krb.conf and returns that. There
> is a lo
Derrick J Brashear <[EMAIL PROTECTED]> writes:
>
> "com_err sucks"
>
> Well, more precisely "no 2 com_errs are alike"
>
Ok, so there is the whole com_err mess. But openafs has
its own com_err so that "shouldn't" matter.
...
adogslife-root# ./asetkey add 9 /tmp/afs.foo.kt afs/foo7
adogslife-ro
In message <[EMAIL PROTECTED]>,Jim Rees writes:
>This information should be in the tree somewhere, probably either README.DOC
>or doc/README. Right now if you look in the doc subdir it's not clear what
>you're looking at. There should also be something about doc/man-pages.
i am not the doc guru,
Christopher D. Clausen wrote:
> What is the current realm limit in 1.5?
Currently Four.
src/config/afs_sysnames.h
/* Specifies the number of equivalent local realm names */
#define AFS_NUM_LREALMS 4
> I am using 2 realms now with 1.4. Using an MIT realm and an Active
> Directory realm
chas williams - CONTRACTOR wrote:
the ibm html documentation has been converted to xml (the preferred
format). its in the cvs repository. its a straight conversion with
little editing so the documentation still says 'AFS 3.6'. i didnt
proof every single page so there might be a few erro
On Mon, 9 Apr 2007, Ken Hornstein wrote:
No, this is the /usr/afs/etc/krb.conf trick.
I see some stuff under #ifdef AFS_KERBREALM_ENV, but I can't possibly
see how it would work like it's supposed to ... afs_krb_get_lrealm()
reads the _first_ line of /usr/afs/etc/krb.conf and returns that. Th
>In 1.5, you can use as many Kerberos realms as you want. It's extremely
>useful when you want to have multiple local realms that are already
>synchronized and should be treated as local rather than as cross-realm
>realms.
Ah, I see what I missed. There's that extra argument to afs_krb_lrealm().
On Mon, 9 Apr 2007, Russ Allbery wrote:
Ken Hornstein <[EMAIL PROTECTED]> writes:
I think you've got it backwards. You can only use one Kerberos realm
per AFS cell (well, I guess maybe you could use two ... I don't know if
you can simultaneously have a realm with the same name as your cell an
On Mon, 9 Apr 2007, Marcus Watts wrote:
You can have at most AFSCONF_MAXKEYS (= 8) keys.
Of course you could recompile with a larger number,
it's "just" RAM. Better yet, the cellservdb code could
be altered to do more dynamic allocation here, but that
would likely involve api changes.
If you w
>It's a shame asetkey can't just print the error message directly.
Another victim of com_err. Sigh.
--Ken
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Jason Edgecombe <[EMAIL PROTECTED]> wrote:
> Russ Allbery wrote:
>> Russ Allbery <[EMAIL PROTECTED]> writes:
>>> Basically, please feel free to pick any of the documentation and
>>> just let me know what you're working on. As you finish
>>> modifications, the easiest way for me to process those ch
Derrick J Brashear <[EMAIL PROTECTED]> wrote:
> On Mon, 9 Apr 2007, Christopher D. Clausen wrote:
>> That is assuming you don't have more than X Kerberos realms that you
>> want to use for an afs service principal. And if you want to change
>> the afs service principal in all trusted realms, you c
>No, this is the /usr/afs/etc/krb.conf trick.
I see some stuff under #ifdef AFS_KERBREALM_ENV, but I can't possibly
see how it would work like it's supposed to ... afs_krb_get_lrealm()
reads the _first_ line of /usr/afs/etc/krb.conf and returns that. There
is a loop in afs_is_foreign_ticket_name(
Derrick J Brashear <[EMAIL PROTECTED]> writes:
> Linear search. Otherwise no. The current realm limit is lower than that
> anyway in 1.5 and is basically 2 in 1.4, unless they all have the same
> realm name, unless you're being really tricky anyway.
Oh, okay, maybe you can't have as many as you w
Ken Hornstein <[EMAIL PROTECTED]> writes:
> I think you've got it backwards. You can only use one Kerberos realm
> per AFS cell (well, I guess maybe you could use two ... I don't know if
> you can simultaneously have a realm with the same name as your cell and
> the single "alternate" you are all
You can have at most AFSCONF_MAXKEYS (= 8) keys.
Of course you could recompile with a larger number,
it's "just" RAM. Better yet, the cellservdb code could
be altered to do more dynamic allocation here, but that
would likely involve api changes.
If you were wild & crazy about having multiple othe
On Mon, 9 Apr 2007, Ken Hornstein wrote:
That is assuming you don't have more than X Kerberos realms that you
want to use for an afs service principal. And if you want to change the
afs service principal in all trusted realms, you could end up needing 2X
"slots" in the KeyFile.
I think you've
Russ Allbery wrote:
Russ Allbery <[EMAIL PROTECTED]> writes:
Basically, please feel free to pick any of the documentation and just
let me know what you're working on. As you finish modifications, the
easiest way for me to process those changes is as unified diffs, but if
you want to send a
On Mon, 9 Apr 2007, Christopher D. Clausen wrote:
Ken Hornstein <[EMAIL PROTECTED]> wrote:
# ./asetkey add 10 /tmp/afs.tab [EMAIL PROTECTED]
./asetkey: failed to set key, code 70354694.
% translate_et 70354694
70354694 (acfg).6 = no more entries
Man, I had no _idea_ that was an error. Liv
>That is assuming you don't have more than X Kerberos realms that you
>want to use for an afs service principal. And if you want to change the
>afs service principal in all trusted realms, you could end up needing 2X
>"slots" in the KeyFile.
I think you've got it backwards. You can only use o
Ken Hornstein <[EMAIL PROTECTED]> wrote:
>> # ./asetkey add 10 /tmp/afs.tab [EMAIL PROTECTED]
>> ./asetkey: failed to set key, code 70354694.
>
> % translate_et 70354694
> 70354694 (acfg).6 = no more entries
>
> Man, I had no _idea_ that was an error. Live and learn. I will echo
> Derrick's comme
I know that this discussion was beaten 7 ways from Sunday in the
recent past, but I thought it worth asking. Did someone ever get
around to committing a patch that enabled switching behavior between
"implicit a" for directory creators versus "no implicit a" for
directory creators?
There
># ./asetkey add 10 /tmp/afs.tab [EMAIL PROTECTED]
>./asetkey: failed to set key, code 70354694.
% translate_et 70354694
70354694 (acfg).6 = no more entries
Man, I had no _idea_ that was an error. Live and learn. I will echo
Derrick's comment: get rid of some of those keys in your KeyFile. At
Jeff Blaine wrote:
Russ Allbery wrote:
Derrick J Brashear <[EMAIL PROTECTED]> writes:
On Mon, 9 Apr 2007, Jeff Blaine wrote:
% ./configure --enable-transarc-paths
--with-krb5-conf=/usr/rcf-krb5/bin/krb5-config
...
% make dest
...
/opt/SUNWspro/bin/cc -G -dy -Wl,-M./mapfile -Bsymbol
On Mon, 9 Apr 2007, Jeff Blaine wrote:
NOW what am I doing wrong?
# ./asetkey list
kvno0: key is: stuffhereDFGDEDD
kvno1: key is: stuffhere2323e32
kvno4: key is: stuffhere1231212
kvno5: key is: stuffhereUIUIUII
kvno6: key is: stuffhereIOUIYUI
kvno7: key is: stuffhereSTYA
NOW what am I doing wrong?
# ./asetkey list
kvno0: key is: stuffhereDFGDEDD
kvno1: key is: stuffhere2323e32
kvno4: key is: stuffhere1231212
kvno5: key is: stuffhereUIUIUII
kvno6: key is: stuffhereIOUIYUI
kvno7: key is: stuffhereSTYARTR
kvno8: key is: stuffherePOPCHCH
k
On Mon, 9 Apr 2007, Jeff Blaine wrote:
FWIW, building on a box with 112963-25 (pretty old) worked. Building
on a box with 112963-10 (ancient) did not.
Ok. Well, I guess that's a good answer. "keep your toolchain vaguely in
the last few years" :)
Russ Allbery wrote:
Derrick J Brashear <[EMAIL PROTECTED]> writes:
On Mon, 9 Apr 2007, Jeff Blaine wrote:
% ./configure --enable-transarc-paths
--with-krb5-conf=/usr/rcf-krb5/bin/krb5-config
...
% make dest
...
/opt/SUNWspro/bin/cc -G -dy -Wl,-M./mapfile -Bsymbolic -z text -o
which
On Mon, 9 Apr 2007, Russ Allbery wrote:
Derrick J Brashear <[EMAIL PROTECTED]> writes:
On Mon, 9 Apr 2007, Jeff Blaine wrote:
% ./configure --enable-transarc-paths
--with-krb5-conf=/usr/rcf-krb5/bin/krb5-config
...
% make dest
...
/opt/SUNWspro/bin/cc -G -dy -Wl,-M./mapfile -Bsymboli
Russ Allbery <[EMAIL PROTECTED]> writes:
> Basically, please feel free to pick any of the documentation and just
> let me know what you're working on. As you finish modifications, the
> easiest way for me to process those changes is as unified diffs, but if
> you want to send a complete replaceme
Jeff Blaine <[EMAIL PROTECTED]> writes:
> I'm lost as to the current means of doing this conversion.
> Could someone enlighten me?
There is a utility that comes with the AFS Migration Toolkit that takes a
kaserver database and converts it to a Kerberos v5 dump file. The simple
instructions are:
Derrick J Brashear <[EMAIL PROTECTED]> writes:
> On Mon, 9 Apr 2007, Jeff Blaine wrote:
>> % ./configure --enable-transarc-paths
>> --with-krb5-conf=/usr/rcf-krb5/bin/krb5-config
>> ...
>> % make dest
>>
>> ...
>>/opt/SUNWspro/bin/cc -G -dy -Wl,-M./mapfile -Bsymbolic -z text -o
> which v
Derrick J Brashear <[EMAIL PROTECTED]> writes:
> Russ Allbery has been coordinating documentation work. Please talk to
> him before you start on something if you'd like to avoid duplicating
> effort.
Hi Jason,
I'm sorry about the delay. I was on vacation.
Here's where we're currently at:
The
Derrick J Brashear wrote:
On Mon, 9 Apr 2007, Jeff Blaine wrote:
% ./configure --enable-transarc-paths
--with-krb5-conf=/usr/rcf-krb5/bin/krb5-config
...
% make dest
...
/opt/SUNWspro/bin/cc -G -dy -Wl,-M./mapfile -Bsymbolic -z text -o
which version of sunpro c?
Sun Studio 11
cc:
On Mon, 9 Apr 2007, Jeff Blaine wrote:
% ./configure --enable-transarc-paths
--with-krb5-conf=/usr/rcf-krb5/bin/krb5-config
...
% make dest
...
/opt/SUNWspro/bin/cc -G -dy -Wl,-M./mapfile -Bsymbolic -z text -o
which version of sunpro c?
ld: fatal: relocation error: file rx_event.o: s
Jeff Blaine wrote:
I'm lost as to the current means of doing this
conversion.
Could someone enlighten me?
I see. Point taken :)
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
% ./configure --enable-transarc-paths
--with-krb5-conf=/usr/rcf-krb5/bin/krb5-config
...
% make dest
...
/opt/SUNWspro/bin/cc -G -dy -Wl,-M./mapfile -Bsymbolic -z text
-o libafsrpc.so.1.1 rx_event.o rx_user.o rx_pthread.o rx.o rx_null.o
rx_conncache.o rx_globals.o rx_getaddr.o
xml is complete markup language. the ibm html source was fairly
consistent in its usage so it was easy to identify the html'ized
conversions of the original source (probably script).
indexing (with the exception of the adminreference), table of contents
(generated automatically from section/appen
Indexing, table of contents, and appendicies, and hyperlinks to specific
page numbers. How about the footnotes and the different fonts used? Is all
this preserved?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of chas williams - CONTRACTOR
Sent: Monday, Apr
the ibm html documentation has been converted to xml (the preferred
format). its in the cvs repository. its a straight conversion with
little editing so the documentation still says 'AFS 3.6'. i didnt
proof every single page so there might be a few errors (mostly in
tables, and command syntaxes
On Mon, 9 Apr 2007, Steve Devine wrote:
You create a volume (vos create) on the server you want to use and then
you mount that somewhere (fs mkm). I suggest you create one volume for
each user, one for each project etc. And make sure replicate all volumes
that need not be updated too often l
Alexander Boström wrote:
sön 2007-04-08 klockan 17:33 +0800 skrev Melvin Wong:
But I'm a bit lost on how should I further expand to afs2, afs3 and so
on. If I create a home directory for my users on afs1, do I need to
create the exact directory on my afs2?
You create a volume (vos crea
sön 2007-04-08 klockan 17:33 +0800 skrev Melvin Wong:
> But I'm a bit lost on how should I further expand to afs2, afs3 and so
> on. If I create a home directory for my users on afs1, do I need to
> create the exact directory on my afs2?
You create a volume (vos create) on the server you want to u
61 matches
Mail list logo