[EMAIL PROTECTED] wrote:
Lars Schimmer wrote:
Hi!
I setup grml 1.0 to a desktop system.
It uses a 2.6.20 kernel and OpenAFS 1.4.4.dfsg1-3.
Kernel Module is 1.4.4.dfsg1-2.
I set the system up and while kinit/aklog or logging in I obtain a
ticket and a token.
Klist shows the
In a recent discussion of clone and shadow volumes, Derrick Brashear
mentioned that the FAQ now contains some information about these.
My impression is that clone and shadow volumes give us an additional
possibility to do certain types of backup or quasi-backup operations.
But they are new enough
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
Lars Schimmer wrote:
...
The ThisCell file is set and it is the correct cellname.
Here the shell output as root:
kinit admin
Password for [EMAIL PROTECTED]:
[EMAIL PROTECTED] /etc/openafs # aklog -d
Authenticating to cell
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thomas Sesselmann wrote:
Hello,
Lars Schimmer wrote:
...
The ThisCell file is set and it is the correct cellname.
Here the shell output as root:
kinit admin
Password for [EMAIL PROTECTED]:
[EMAIL PROTECTED] /etc/openafs # aklog -d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Lars Schimmer wrote:
Thomas Sesselmann wrote:
Hello,
Lars Schimmer wrote:
...
The ThisCell file is set and it is the correct cellname.
Here the shell output as root:
kinit admin
Password for [EMAIL PROTECTED]:
[EMAIL PROTECTED] /etc/openafs
Am Dienstag, 26. Juni 2007 schrieb ext Lars Schimmer:
But now gdm/kdm hits me again...
kdm doesn´t obtain me tokens while logging in (on debian sid).
and gdm tells me on login, it can´t access .dmrc
This is a known problem with kdm. wdm works fine for me. Plain old xdm
should also do.
Lars Schimmer wrote:
Authenticating to cell cgv.tugraz.at (server phobos.cgv.tugraz.at).
We've deduced that we need to authenticate using referrals.
Getting tickets: afs/cgv.tugraz.at@
In other words, you are using MIT Kerberos version 1.6 and there is no
domain to realm mapping so we must
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeffrey Altman wrote:
Lars Schimmer wrote:
Authenticating to cell cgv.tugraz.at (server phobos.cgv.tugraz.at).
We've deduced that we need to authenticate using referrals.
Getting tickets: afs/cgv.tugraz.at@
In other words, you are using MIT
Hi,
I'm trying to find some details about the traffic encryption between an AFS
client and server (fs setcrypt on/off), but this seems to be very difficult.I
would like to know about such things as keylength, mode of operation, key
generation/distribution etc. Does anybody have a good source
I have opened a ticket in RT for this problem. Fixing it is going to
require changes to both the ptserver and aklog. For the time being
adding domain realm mappings to the krb5.ini is going to be the only
method of addressing the issue.
http://rt.central.org/rt/Ticket/Display.html?id=64147
Katrine Svendsen [EMAIL PROTECTED] writes:
I'm trying to find some details about the traffic encryption between an
AFS client and server (fs setcrypt on/off), but this seems to be very
difficult.I would like to know about such things as keylength, mode of
operation, key
Date:Tue, 26 Jun 2007 09:39:13 PDT
To: Katrine Svendsen [EMAIL PROTECTED]
cc: openafs-info@openafs.org
From:Russ Allbery [EMAIL PROTECTED]
Subject: Re: [OpenAFS] Encryption of traffic
Katrine Svendsen [EMAIL PROTECTED] writes:
I'm trying to find some details about the
Marcus Watts [EMAIL PROTECTED] writes:
A patch for rxk5 is here:
/afs/umich.edu/group/itd/build/mdw/openafs/patches/afs-rxk5-r1518-m50.patch.bz2
it adds in support for kerberos 5 with mit or heimdal, and supports current
kerberos 5 encryption types.
Thanks for posting this, Marcus.
Do you
On 6/26/07, Adam Megacz [EMAIL PROTECTED] wrote:
Can anybody help me figure out what happened here? How can an Rx call
failure during a volume dump result in the volume-being-dumped
becoming unattachable?
Needing salvage is not the same as unattachable. Did you salvage it?
The real issue
On Tue, 26 Jun 2007, Adam Megacz wrote:
Robert Banz [EMAIL PROTECTED] writes:
Don't try to use Cyrus on AFS. It's a losing proposition from a
performance and data integrity standpoint.
Sorry to resurrect an old thread here, but I recently got grilled on
this point and was embarrassed at
Derrick J Brashear [EMAIL PROTECTED] writes:
Robert Banz [EMAIL PROTECTED] writes:
Don't try to use Cyrus on AFS. It's a losing proposition from a
performance and data integrity standpoint.
Sorry to resurrect an old thread here, but I recently got grilled on
this point and was embarrassed
On Tue, 26 Jun 2007, Adam Megacz wrote:
are you going to have multiple front ends accessing the data, or just
one machine?
For argument's sake, let's assume only a single front-end (imapd)
machine.
That's not especially dangerous, then. the worst risk is screwing with
Cyrus' idea of the
On Tue, 26 Jun 2007, Derrick J Brashear wrote:
On Tue, 26 Jun 2007, Adam Megacz wrote:
are you going to have multiple front ends accessing the data, or just
one machine?
For argument's sake, let's assume only a single front-end (imapd)
machine.
That's not especially dangerous, then. the
I personally wouldn't want my mail storage on AFS. I say that
because, right now, it is, and I can't wait to get it off of it.
It's caused me nothing but problems, because the AFS fileserver
doesn't just seem to be made to handle the transactional intensity
of mail-land. We got
On Tue, 26 Jun 2007, Robert Banz wrote:
I personally wouldn't want my mail storage on AFS. I say that because, right
now, it is, and I can't wait to get it off of it. It's caused me nothing but
problems, because the AFS fileserver doesn't just seem to be made to handle
the transactional
On Jun 26, 2007, at 15:08, Derrick J Brashear wrote:
On Tue, 26 Jun 2007, Robert Banz wrote:
I personally wouldn't want my mail storage on AFS. I say that
because, right now, it is, and I can't wait to get it off of it.
It's caused me nothing but problems, because the AFS fileserver
Derrick J Brashear [EMAIL PROTECTED] writes:
For argument's sake, let's assume only a single front-end (imapd)
machine.
That's not especially dangerous, then. the worst risk is screwing with
Cyrus' idea of the universe if a volume goes away under it, like, in
particular i'm uncertain we
On 6/26/07, Adam Megacz [EMAIL PROTECTED] wrote:
Derrick J Brashear [EMAIL PROTECTED] writes:
For argument's sake, let's assume only a single front-end (imapd)
machine.
That's not especially dangerous, then. the worst risk is screwing with
Cyrus' idea of the universe if a volume goes away
Date:Tue, 26 Jun 2007 11:18:06 PDT
To: openafs-info@openafs.org
From:Adam Megacz [EMAIL PROTECTED]
Subject: [OpenAFS] Re: Encryption of traffic
Marcus Watts [EMAIL PROTECTED] writes:
A patch for rxk5 is here:
On Jun 26, 2007, at 4:37 AM, Dr A V Le Blanc wrote:
According to the FAQ, shadow volumes which are not live do not appear
in the VLDB. Clones created by 'vos clone' are in the VLDB, but
they will be removed from the VLDB if a volume is deleted by
'vos remove'.
I thought that was what would
On Tue, 26 Jun 2007, Steve Simmons wrote:
On Jun 26, 2007, at 4:37 AM, Dr A V Le Blanc wrote:
According to the FAQ, shadow volumes which are not live do not appear
in the VLDB. Clones created by 'vos clone' are in the VLDB, but
they will be removed from the VLDB if a volume is deleted by
Derrick J Brashear [EMAIL PROTECTED] writes:
the problem is it lives in the volume group of its parent, so it's a
halfling. parent's gone, but... yeah, like you say
While we're on the topic, what is the reason for having volume groups
in the first place rather than just having a reference in
I've updated the FAQ with the contents of this thread.
What if you create a shadow volume which has the same name as a
volume which exists elsewhere? I assume that this would normally
work, since the shadow doesn't get into the VLDB. If then you
made the shadow volume live, would it delete
On Jun 26, 2007, at 5:50 PM, Adam Megacz wrote:
I've updated the FAQ with the contents of this thread.
What if you create a shadow volume which has the same name as a
volume which exists elsewhere? I assume that this would normally
work, since the shadow doesn't get into the VLDB. If then
On Jun 26, 2007, at 5:41 PM, Adam Megacz wrote:
Derrick J Brashear [EMAIL PROTECTED] writes:
the problem is it lives in the volume group of its parent, so it's a
halfling. parent's gone, but... yeah, like you say
While we're on the topic, what is the reason for having volume groups
in the
Adam Megacz [EMAIL PROTECTED] writes:
Date:Tue, 26 Jun 2007 14:41:12 PDT
To: openafs-info@openafs.org
From:Adam Megacz [EMAIL PROTECTED]
Subject: [OpenAFS] Re: Vos functions and clones and shadows
Derrick J Brashear [EMAIL PROTECTED] writes:
the problem is it lives in the
Russ Allbery wrote:
On the contrary, this is our top development priority apart from keeping
things generally working, and is the focus of both the rxk5 and rxgk
work. The difficulty is that replacing the encryption algorithm in AFS
requires substantial protocol changes and ideally one wants to
Marcus Watts [EMAIL PROTECTED] writes:
Is the volume numbers share all but the last three bits criterion
visible to the cache manager, or is this something that could be
altered just on the servers and admin clients (vos, bos, etc)?
Cow. They aren't really 3 separate discrete volumes. They
Jason Edgecombe [EMAIL PROTECTED] writes:
ok, dumb question time.
Would using ASN.1 be more of a pain than helpful? I only say this
because I read in the O'Reilly kerberos book that Krb5 uses ASN.1 to
future-proof the encryption stuff and the protocol in general. I know
nothing about ASN.1
Sorry to keep nagging you on this issue...
Robert Banz [EMAIL PROTECTED] writes:
i wouldn't expect corruption issues here, in spite of the question
of whether *performance* sucks because you're imposing another
network round trip (minimum) in an already-network protocol
No corruption
Adam Megacz wrote:
And does it also mean that the sole purpose of volume groups is to
know what volumes to get rid of when an RW is removed?
The VL_GetEntryByName?() RPCs returns the IDs and server locations of
all of the volumes in the requested group. The Windows cache manager
tracks all of
Adam Megacz wrote:
Sorry to keep nagging you on this issue...
Robert Banz [EMAIL PROTECTED] writes:
i wouldn't expect corruption issues here, in spite of the question
of whether *performance* sucks because you're imposing another
network round trip (minimum) in an already-network protocol
For the purposes below, does the backup need to be part of the volume
group? Or does the CM just assume that a volume group encompasses the
RW and all of its ROs?
- a
Jeffrey Altman [EMAIL PROTECTED] writes:
Adam Megacz wrote:
And does it also mean that the sole purpose of volume groups is
Adam Megacz wrote:
For the purposes below, does the backup need to be part of the volume
group? Or does the CM just assume that a volume group encompasses the
RW and all of its ROs?
- a
The .backup volume is reported by the VL_GetEntryByNameX RPCs.
smime.p7s
Description: S/MIME
On Tue, 26 Jun 2007, Adam Megacz wrote:
Derrick J Brashear [EMAIL PROTECTED] writes:
the problem is it lives in the volume group of its parent, so it's a
halfling. parent's gone, but... yeah, like you say
While we're on the topic, what is the reason for having volume groups
in the first
Jeffrey Altman [EMAIL PROTECTED] writes:
The .backup volume is reported by the VL_GetEntryByNameX RPCs.
Ok, but would any functionality break if it stopped reporting it?
- a
--
PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380
___
On Tue, 26 Jun 2007, Adam Megacz wrote:
Sorry to keep nagging you on this issue...
But not sorry enough not to.
Specifically, is it that the fileserver gets bogged down by having to
keep track of too many outstanding callbacks?
No, by having to deal with the results of breaking them and
On Tue, 26 Jun 2007, Adam Megacz wrote:
Jeffrey Altman [EMAIL PROTECTED] writes:
The .backup volume is reported by the VL_GetEntryByNameX RPCs.
Ok, but would any functionality break if it stopped reporting it?
vos examine foo would stop showing it had a backup volume.
- When the fileserver wants to enumerate the set of volumes that
share blocks with a given volume, it checks all other numerical
volume ids which could possibly be in its volume group.
that would be all possible volume ids. so, no.
because i remember the issue from a bug, well,
Adam Megacz wrote:
Jeffrey Altman [EMAIL PROTECTED] writes:
The .backup volume is reported by the VL_GetEntryByNameX RPCs.
Ok, but would any functionality break if it stopped reporting it?
The CM does treat the .backup volume different from a normal volume or a
.readonly.
The CM knows that
45 matches
Mail list logo