Re: [OpenAFS] permission issue when trying to switch kerberos realms.

Is that literally all you did as setup? If so, you would indeed be able to get tokens, but the servers would not recognize their keys and would reject the tokens. It sounds like the correct extra steps for your case are to make the following changes on the AFS database servers: (1) create a

Re: [OpenAFS] Setting affinity for fileservers on afs-clients

Take a look at "fs setserverprefs". On October 25, 2015 9:38:32 PM EDT, Garance A Drosehn wrote: >We have some AFS volumes which hold data for various web servers on >campus. These volumes are replicated on multiple file servers, >because that's an intelligent thing to do with

Re: [OpenAFS] Re: 1.6.2 compilation notes, Sol10

. This tells me that heimdal was built with gcc and indicating parameters accordingly. Perhaps it should be rebuilt with Sun Studio so it reports the appropriate Sun Studio options. -- brandon s allbery kf8nh ballb...@sinenomine.net ___ OpenAFS-info mailing

Re: [OpenAFS] pam_afs_session in Fedora?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2/18/11 14:14 , Andy Cobaugh wrote: Just curious why you're not just using the stock pam_krb5? At least in a plain jane krb5 environment, pam_krb5 has worked fine for us (though I haven't tried very recent Fedora). There are programs which

Re: [OpenAFS] Status of OS X 10.6 64bit kernel support ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2/1/11 00:26 , Derrick Brashear wrote: On Fri, Jan 21, 2011 at 9:41 AM, Chris Jones jon...@hep.phy.cam.ac.uk wrote: I need to run the 64bit kernel, as have updated my MacBook Pro to 8GB ram, and I need to run the 64 bit kernel to properly

Re: [OpenAFS] Ubuntu 10.04 Login Issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/10/10 09:58 , Stephen Joyce wrote: I gave up gnome back around RedHat 8.x days due to issues with AFS homedirs. Has gnome with afs homedirs improved any since then? Nope. I've switched to KDE almost exclusively, although I do poke at GNOME

Re: [OpenAFS] Building AFS-2.6.2 perl module with OpenAFS 1.5.77

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/20/10 12:18 , Phillip Moore wrote: gcc -c -I/efs/test/openafs/core/1.5.77/.exec/x86-64.rhel.5/include -D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -fstack-protector -D_\ LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2

Re: [OpenAFS] Re: MacOS AppleDouble excretions

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/13/10 00:18 , Adam Megacz wrote: Brandon S Allbery KF8NH allb...@ece.cmu.edu writes: (And apparently his use case is to be considered the common one.) I'm having trouble parsing this. Notwithstanding the latest message, what you said came

Re: [OpenAFS] MacOS AppleDouble excretions

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/12/10 17:23 , Steve Simmons wrote: It sounds like you're suggesting we modify afs so it understands resource forks properly and generate an error message if someone attempts to create a file whose name might be mistaken for a resource fork.

Re: [OpenAFS] MacOS AppleDouble excretions

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/10/10 15:24 , Adam Megacz wrote: Unfortunately it seems like there is no way to get MacOS to refrain from writing the second kind of file, and it seems like Apple deliberately doesn't want there to be one. ...because if OSX wants a resource

Re: [OpenAFS] Re: OpenAFS failing rmdir performance

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/8/10 17:43 , Simon Wilkinson wrote: I do wonder if the abort threshold is too aggressive when applied to authenticated clients. Whilst a denial of service attack is possible from authenticated clients, it's also more likely that there will

Re: [OpenAFS] bos killed fileserver before it was shut down cleanly.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/9/10 10:37 , Anders Magnusson wrote: fileserver fails to handle SIGKILL correctly and segfaults as a side effect). No process gets to handle SIGKILL at all, so a segfault must have some other cause. Or did you mean SIGTERM? - -- brandon s.

Re: [OpenAFS] Overview? Linux filesystem choices

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/1/10 14:44 , Steve Simmons wrote: On Sep 30, 2010, at 4:09 PM, Robert Milkowski wrote: Why does it matter for you if ZFS is being developed in open or not? Can't speak for anybody else, but w/r/t umich and AFS it's likely a matter of

Re: [OpenAFS] Openafs Client with pam krb5 and ldap

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/1/10 13:04 , Russ Allbery wrote: Andy Cobaugh phale...@gmail.com writes: Two, I'm guessing this is debian? No, it's not Debian, although the common-* stuff made it look that way. But that's the Red Hat pam_krb5. SuSE has been using the

Re: [OpenAFS] Quick Start Kerberos problem: can acquire tokens, but they don't work

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9/30/10 17:58 , Phillip Moore wrote: If that's the case, then do Heimdal users need to bother with the openafs-krb5 rpm at all? If this is going into a quick start guide, I would be tempted to say that because asetkey will work with Heimdal

Re: [OpenAFS] Overview? Linux filesystem choices

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9/30/10 12:53 , Vincent Fox wrote: It makes me sad that Oracle bought Sun, where it will probably wither. If IBM had bought Sun I would have more hope of a good filesystem for MacOS, Linux, etc. in the near term. ZFS has been stable and in

Re: [OpenAFS] Re: user home directory replication

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/18/10 16:47 , Andrew Deason wrote: On Fri, 16 Jul 2010 20:00:39 -0400 Brandon S Allbery KF8NH allb...@ece.cmu.edu wrote: It occurs to me... is it possible to vos clone a backup volume? No, you can only clone RW volumes. Clones are also

Re: [OpenAFS] Re: user home directory replication

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/22/10 17:12 , Andrew Deason wrote: I think Brandon was talking about using clones to have 'yesterday', 'last week', and 'last month' (et al) volumes all available to users all the time. It's an interesting idea, but it has limitations as you

Re: [OpenAFS] Re: user home directory replication

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/16/10 00:35 , Andrew Deason wrote: On Thu, 15 Jul 2010 02:06:36 -0400 Brandon S Allbery KF8NH allb...@ece.cmu.edu wrote: It occurs to me... is it possible to vos clone a backup volume? No, you can only clone RW volumes. Clones are also

Re: [OpenAFS] user home directory replication

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/14/10 13:59 , Russ Allbery wrote: Jonathan Nilsson jnils...@uci.edu writes: I can't think of any reason NOT to proceed with this... so if anyone who has tried this has any advice, it'd be much appreciated! Various people have done this sort

Re: [OpenAFS] Re: [OpenAFS-devel] 1.6 and post-1.6 OpenAFS branch management and schedule

On Jun 16, 2010, at 22:29 , Jeffrey Altman wrote: On 6/16/2010 9:50 PM, Russ Allbery wrote: Jason Edgecombe ja...@rampaginggeek.com writes: We're using uss in a non-kaserver environment. I know that we could do without it, but it's nice to have. If uss weren't available, an equivalent tool

Re: [OpenAFS] Strange backup volume behavior

On May 20, 2010, at 17:36 , Rick Cochran wrote: I'm having trouble understanding the following. (elided) I've seen that when Linux gets its dcache confuzzled; flushing the dcache in various ways --- or, sometimes, the path, but I think that's actually triggering the garbage dcache entries

Re: [OpenAFS] AFS version of du

On May 3, 2010, at 11:38 , Steve Simmons wrote: On May 1, 2010, at 1:35 AM, Brandon S. Allbery KF8NH wrote: On Apr 30, 2010, at 14:32 , Richard Brittain wrote: This solves my immediate need, and I'll probably use your mount point database too, but begs the question of why perl's File::Find

Re: [OpenAFS] Low load on multi core fileserver

On May 3, 2010, at 09:09 , Frank Burkhardt wrote: is the openafs-fileserver supposed to take advantage of multiple cpu cores? Last I heard, only the database servers were capable of true threaded operation (and that possibly only in 1.5); the fileserver still uses the old userspace

Re: [OpenAFS] Re: experience of SQLite on AFS

On Apr 30, 2010, at 18:07 , Andrew Deason wrote: After some offline discussion, this appears to probably be the case. sqlite opens the db file O_RDONLY, and attempts to acquire an fcntl F_WRLCK on it, to which it gets EROFS back. Trying to acquire a writelock on a file opened readonly doesn't

Re: [OpenAFS] Re: experience of SQLite on AFS

On May 1, 2010, at 02:25 , Brandon S. Allbery KF8NH wrote: EACCES is the POSIX-specified errno. My bad; it is indeed EBADF, EACCES is only returned if the region is already locked. -- brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allb...@kf8nh.com system administrator [openafs

Re: [OpenAFS] AFS version of du

On Apr 30, 2010, at 14:32 , Richard Brittain wrote: This solves my immediate need, and I'll probably use your mount point database too, but begs the question of why perl's File::Find module works fine, while 'find' breaks. Underneath they are presumably making very similar system calls.

Re: [OpenAFS] Re: experience of SQLite on AFS

On Apr 25, 2010, at 23:00 , Andrew Deason wrote: On Sun, 25 Apr 2010 21:19:24 -0400 Jeffrey Altman jalt...@secure-endpoints.com wrote: When a whole file lock is write-held, all of the dirty data in the cache must be written back to the file server before the lock is released. This is currently

Re: [OpenAFS] BosConfig restarttime

On Mar 1, 2010, at 20:44 , Stephen Repetski wrote: My question is this: how relevant is this restart with the current stable (1.4.11) release of OpenAFS? Apparently this dates back to the 1.2.x days (correct me if I'm wrong), and the code base has definitely It actually goes back to the

Re: [OpenAFS] Windows AD Kerberos - bad ticket error

On Feb 26, 2010, at 13:24 , Jonathan Nilsson wrote: [09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0 afs a...@ss2k-devel.uci.edu: kvno = 2 [09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0 afs/mycell.edu afs/mycell@mycell.edu: kvno = 2 You put both of these in the KeyFile? With the same kvno? This

Re: [OpenAFS] Windows AD Kerberos - bad ticket error

On Feb 26, 2010, at 14:03 , Jonathan Nilsson wrote: On Fri, Feb 26, 2010 at 10:44, Brandon S. Allbery KF8NH allb...@ece.cmu.edu wrote: On Feb 26, 2010, at 13:24 , Jonathan Nilsson wrote: [09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0 afs a...@ss2k-devel.uci.edu: kvno = 2 [09:57 r...@afs1 ~]# kvno

Re: [OpenAFS] Windows AD Kerberos - bad ticket error

I'm speculating, but that would be a problem with how Windows implements the ktpass mapuser function and then returns tickets for a mapped user with the same kvno as the principal. So both the user afs and the principal afs/mycell.edu are returning tickets with the same kvno. And I don't

Re: [OpenAFS] Nat Ports Question

On Feb 12, 2010, at 17:41 , J wrote: Also, I see that I need port 88 open to authenticate, which on one hand makes sense since this is a Kerberos port. But most of the documentation I've read about AFS says I only need ports open in the 7000 range (specifically 7001) for minimal file

Re: [OpenAFS] klog doesn't work on snow leopard

On Sep 9, 2009, at 05:38 , Enzo Vitale wrote: I have installed Mac OS X 10.6 (Snow Leopard) on my mac. Then I have installed the 10.4.11 version of OpenAFS (the version for snow leopard), but when I type the klog command I get the following message: Unable to authenticate to AFS because

Re: [OpenAFS] ADS and MIT Kerberos transition auth continued

On Jul 17, 2009, at 15:01 , Eric Chris Garrison wrote: [r...@rufus2 etc]# klist -e Ticket cache: FILE:/tmp/krb5cc_0 Default principal: afs/afstest.iu@ads.iu.edu Valid starting ExpiresService principal 07/17/09 14:34:44 07/18/09 00:34:44 krbtgt/ads.iu@ads.iu.edu

Re: [OpenAFS] openafs.org timing out

On Jun 18, 2009, at 17:37 , David Bear wrote: Anyone else having trouble getting to the web site? Looks like it's another victim of the flooding on the CMU campus last night. -- brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allb...@kf8nh.com system administrator

Re: [OpenAFS] how to install Kerberos AFS Principal??

On 2009 Apr 7, at 2:01, TIARA System Man wrote: i only had a...@realm. should i create another afs/c...@realm? It's not necessary. Current practice is to use afs/c...@realm but you don't have to change unless you're planning to have the same Kerberos realm host multiple cells at some

Re: [OpenAFS] how to install Kerberos AFS Principal??

On 2009 Apr 6, at 23:12, TIARA System Man wrote: on the april fools' day, i installed another afs file server. it was disaster i made some thing wrong. i added another kerberos afs Don't do that. There should be a single AFS principal across an entire cell (you could have two (a...@realm

Re: [OpenAFS] AFS without Kerberos headache

On 2008 Dec 21, at 12:13, Georg P. Israel wrote: AFS seems to do this in a good way, but Kerberos is a constant annoyance to it. I do have machines that generate simulation data and have to work for weeks. If I like to do this with the current OpenAFS setup, I'll have to log in once a day

Re: Linux tmpfs (Was: [OpenAFS] Solaris 10u6: ZFS cache?)

On 2008 Nov 14, at 7:18, Chas Williams (CONTRACTOR) wrote: In message 5FB03AFA-8CA1-4B39- [EMAIL PROTECTED],Brandon S. Allbe ry KF8NH writes: It used to be said (back when warlord was maintaining linux-afs and Transarc 3.4a was the main release) that the memcache was much less efficient than

Re: Linux tmpfs (Was: [OpenAFS] Solaris 10u6: ZFS cache?)

On Nov 13, 2008, at 09:39 , Jason Edgecombe wrote: Harald Barth wrote: On Linux, if you're using tmpfs as the cache, what's the difference between letting the memcache swap out vs a disk cache in tmpfs? Does memcache swap out? I was convinced it did not. I don't believe that it does, but I

Re: [OpenAFS] Bosserver exits openafs-1.4.8pre3

On 2008 Nov 11, at 11:24, Ted Creedon wrote: Is it the .0.0.0.0 address? Somehow I got it running, blew it away, did a reinstall and I'm back to square 1. No, the address is a wildcard. It's the port (7007) that is in use. -- brandon s. allbery [solaris,freebsd,perl,pugs,haskell] [EMAIL

Re: [OpenAFS] Solaris 10u6: ZFS cache?

On 2008 Nov 1, at 14:56, Vincent Fox wrote: Solaris 10 u6 is now out, supporting ZFS root disks. So is there any way to use a ZFS filesystem for client cache? I tried Solaris 10 version 1.4.7 both the namei binary and the inode binary and both panic the system. ZFS can't be used directly,

Re: [OpenAFS] Propagating admin flag into Kerberos 5

On Sep 26, 2008, at 13:11 , Daniel Debertin wrote: I'm doing this for my AFS admin, as described in the documentation: ka setfields admin -flags admin Which works fine using OpenAFS's kaserver. What is the equivalent in Kerberos 5/Heimdal? Adding admin all to /var/heimdal/kadm5.acl (or

Re: [OpenAFS] Fileserver doesn't recognise host-principals

On 2008 Sep 4, at 17:48, Russ Allbery wrote: Frank Burkhardt [EMAIL PROTECTED] writes: Is it possible to disable it? Not without source code modifications. Also, the change would likely need to be made to both OpenAFS and to your Kerberos server; although with Heimdal it would be a

Re: [OpenAFS] File ownership oddness

On 2008 Aug 30, at 14:13, Tom Cocagne wrote: I recently noticed a problem where all files in OpenAFS appear to be owned by most recently added user. An ls -l in user A's home directory will show all files being owned by user B, immediately after creating user B's account and home

Re: [OpenAFS] File ownership oddness

On 2008 Aug 30, at 15:11, Tom Cocagne wrote: Hmmm. That sounds reasonable. Any idea what settings I might want to look at? So far I've left all the nss-ldap stuff on the default settings Gentoo provides (minus adding ldap to the nsswitch.conf, of course). Not really. We have yet to

Re: [OpenAFS] Serious trouble, mounting /afs, ptserver, database rebuilding

On 2008 Jul 29, at 3:44, Stephan Wonczak wrote: While more redundancy (i.e. a third database server) is always a good idea, it is not strictly necessary, much less 'a bad idea to run with two database servers'. Christof probably was thinking about the 'split brain' problem, which does

Re: [OpenAFS] OpenAFS Keberos Security Issues

On 2008 Jul 20, at 19:00, Loren M. Lang wrote: 1. Currently, there is no support for anything besides DES encryption between the Kerberos 5 servers and OpenAFS with make that that will be weakest link in our network. 2. All OpenAFS file and/or database servers all use the same KeyFile which

Re: [OpenAFS] kerberos 5 and afs server

On 2008 May 22, at 7:31, Lara Lloret Iglesias wrote: I installed a kerberos server in both machines, but maybe I just have to install it in one of the machines and copy somehow the configuration to the other servers...I don't know what do I have to do actually. Each server on the cell

Re: [OpenAFS] rumored inclusion in OS X.5?

On 2008 Apr 24, at 20:24, David Bear wrote: okay -- I just bought an iMac .. it has an openafs on it (or what looks like it).. I didn't put it there. I have no clue how to get it configured. Errr, I just bought an iMac and it definitely does not have OpenAFS on it. What makes you

Re: [OpenAFS] Re: coreutils-6.11 released

On Apr 21, 2008, at 4:23 , Didi wrote: If by unknown you mean nameless, that's not what the patch does. Such a patch would not even have been considered. I agree that hiding this information in some cases might not be optimal, but the main problem is that through this the 'groups' command

Re: [OpenAFS] Re: coreutils-6.11 released

On Apr 20, 2008, at 14:37 , Russ Allbery wrote: Jim Meyering [EMAIL PROTECTED] writes: Knowing that, I expect to revert that patch -- unless someone can come up with a very good argument for the new behavior. Out of curiosity, how have you used it? Usually to tell whether two shells are in

Re: [OpenAFS] afs and cron download jobs (will there be a glitch)?

On Apr 16, 2008, at 9:34 , Vladimir Konrad wrote: I am thinking of running several data downloads to AFS (scheduled from cron) and using the same keytab for all jobs. The jobs can be scheduled at the same time (on the same server). Will there be a window when 2nd download job (while

Re: [OpenAFS] Is anyone else seeing this:

On Mar 1, 2008, at 11:35 , Jeffrey Altman wrote: Steve Devine wrote: http://www.msu.edu/~elizald2/viagra/order-viagra-overnight- delivery.html I have disabled it but you get the idea,. This dir is chock-o- block full of crap. I believe this is the work of a bot that arrives initially to the

Re: [OpenAFS] strange authentication issue

On Jan 31, 2008, at 17:24 , David Bear wrote: pts members somegroup libprot: no such entry Could not get afs tokens, running unauthenticated. pts: User or group doesn't exist so couldn't look up id for somegroup What does fs wscell say? I suspect it'll return openafs.org instead of

Re: [OpenAFS] create mountpoint for user in afs

On Jan 7, 2008, at 8:45 , Matthias Teege wrote: Then I checked the setup with fs lsmount. % fs lsmount /afs/mteege.de/user fs : Invalid argument; it is possible that /afs/mteege.de/user is not in AFS. % fs lsmount /afs/mteege.de/user/matthias '/afs/mteege.de/user/matthias' is a mount point

Re: [OpenAFS] openafs partition - how to increase

On Nov 29, 2007, at 10:38 , Derrick Brashear wrote: On Nov 29, 2007 10:31 AM, Helmut Jarausch [EMAIL PROTECTED] aachen.de wrote: I'd like to resize (enlarge) the ext2-partition on which e.g. /vicepa is mounted. It doesn't care, and won't use it unless you increase the number in the

Re: [OpenAFS] Password transition to krb5 - your methods?

On Oct 25, 2007, at 12:36 , Ken Hornstein wrote: would be reasonable to ship this program with OpenAFS. But the problem here is I don't see who is going to do the work; obviously I transitioned our cell years ago, and I have no motivation or time to do work on fixing up afs2k5db. I think

Re: [OpenAFS] Automatic move of volumes

On Oct 24, 2007, at 9:54 , Steven Jenkins wrote: On 10/24/07, Derrick Brashear [EMAIL PROTECTED] wrote: ... the interesting case is where the RW has unreleased changes and you want to recreate the ROs as they are now. i don't know of distributed tools to do this. I hadn't really thought

Re: [OpenAFS] Automatic move of volumes

On Oct 24, 2007, at 10:15 , Steven Jenkins wrote: - there is no error checking in here, so there are potential issues (I realize your script is generating the commands, not actually doing them, but it still needs to address error checking -- if nothing else stick a '|| exit 1' at the end of

Re: [OpenAFS] Automatic move of volumes

On Oct 24, 2007, at 10:25 , Steven Jenkins wrote: I sort of understand this need, but I suggest that it's caused by poor namespace management, and that the solution should be to improve that rather than try to keep your RWs and ROs out of sync with each other. I think you're

Re: [OpenAFS] Automatic move of volumes

On Oct 24, 2007, at 10:15 , Steven Jenkins wrote: - the RO handling is not good -- what happens if the _only_ RO is on the old server and the remsite happens? Clients with existing remsite is irrelevant: it just informs the vlserver of where an R/O replica will be stored in the future,

Re: [OpenAFS] file timestamp difference

On Oct 24, 2007, at 11:33 , Lars Richter wrote: Harald Barth schrieb: I also can reproduce this behavior. Do all clients but the one you created the files on show identical file dates? Harald. No. All clients have different dates in the nanoseconds. All other values are identical! I

Re: [OpenAFS] Automatic move of volumes

On Oct 24, 2007, at 12:21 , Steven Jenkins wrote: I think it would be very useful if someone had the time/energy to build a 'vms-lite' that people could adopt at their sites. That seems a more strategic direction than trying to extend RO capabilities. I have to admit I've thought about what

Re: [OpenAFS] AFS always readonly?

On Oct 18, 2007, at 15:26 , Tim OBrien wrote: machine. However, from the other machine, I can't create a mountpoint in afs or do much of anything, since it states that /afs is mounted read only. I used the Normally if a read only replica exists it will be mounted by preference. The

Re: [OpenAFS] afs callbacks

On Sep 6, 2007, at 13:06 , Steve Devine wrote: Another group in our department mounts web folders out of users home afs space. I recently moved several thousand user vols from one afs server to another using vos move. The folks running the web server reported that several of these

Re: [OpenAFS] afs callbacks

On Sep 6, 2007, at 15:07 , Steve Devine wrote: Jim Rees wrote: I think ten minutes is enough, because that's how often the client pings servers it cares about. I could be wrong. Hmm what if the server is blocking ping / icmp ? Blocking arbitrary ICMP is always bad juju. But the ping

Re: [OpenAFS] Bad System Call On FreeBSD

On May 29, 2007, at 6:41 , El Barto wrote: But when I want to setacl I get these error : kdc# /usr/afs/bin/fs setacl /afs system:anyuser rl Bad system call (core dumped) (...) Anyone got an idee of what I do wrong ? What you did wrong is run a command that requires the AFS client,

Re: [OpenAFS] Need help decoding kaserver debugging info

On May 23, 2007, at 20:21 , Brian Sebby wrote: Wed May 23 18:55:01 2007 account name,krbtgt.ANL.GOV:auth from hex IP I understand that the IP address is given in hex, but could someone explain the difference between afs:gtck, afs:auth, and krbtgt.ANL.GOV:auth? The last one almost makes

Re: [OpenAFS] refresh initial tokens

On Feb 2, 2007, at 8:16 , Ronny Blomme wrote: I am setting up openafs-1.4.2 client and server on FC4 with heimdal-0.7.2. I replaced the kas-server with kdc. When I login to this server with ssh, I get tickets/tokens (via / etc/pam.d/sshd). These initial tokens can be refreshed once with

Re: [OpenAFS] env vars being ignored - 1.4.2 building aklog

On Jan 3, 2007, at 16:30 , Jeffrey Altman wrote: Jim Rees wrote: To build aklog you need configure --with-krb5. This is not currently the default but I'm sure it will be soon. Note that if you are using heimdal you don't need aklog, use heimdal's afslog instead. Again, if this isn't

Re: [OpenAFS] AFS rsh token passing

On Oct 30, 2006, at 19:15 , Rich Sudlow wrote: What's the best replacement for the old AFS rsh and Transarc inetd which does token passing? openssh with the hpn patches. The final release of kth-krb4 has an rsh / rshd which forwards Kerberos 4 tickets and can generate tokens from them.

Re: [OpenAFS] access control lists

On Aug 22, 2006, at 15:37 , Jeffrey Hutzelman wrote: These options are specific to the GNU versions of find and xargs, respectively. What they do is make find separate filenames it outputs with NUL's rather than newlines, and make xargs expect that behavior. If you don't have GNU find

Re: [OpenAFS] DB servers seperate from fileservers

On Aug 7, 2006, at 9:03 , Christopher D. Clausen wrote: John Hascall [EMAIL PROTECTED] wrote: This means that, during about 10 days, DB servers with 2 different versions of OpenAFS will have to cohabit (1 x 1.4.1 and 2 x 1.2.13, then 2 x 1.4.1 and 1 x 1.2.13, before the final 3 x 1.4.1). I

Re: [OpenAFS] Migration from Transarc to OpenAFS

On Aug 3, 2006, at 2:53 PM, Roel Flora wrote: I was wondering if anyone has done a migration from Transarc to OpenAFS recently and can provide some suggestions on how to do the migration smoothly. We have a large number of existing users and around 1 Terabyte of data to move. I expect that

Re: [OpenAFS] Bogus volumes after RAID rebuild and fsck

On Jul 17, 2006, at 21:18 , Esther Filderman wrote: On 7/14/06, Daniel Miller [EMAIL PROTECTED] wrote: I'm also trying to do salvage again using 'bos salvage -server keizan -partition vicepa -noauth' and I get: bos: shutting down fs. bos: can't stop 'fs' (you are not authorized for this

Re: [OpenAFS] You cannot continue. There is nothing to install.

I'd previously replied privately (from my cellphone, ug); this is for public archival... On May 1, 2006, at 9:55 AM, John Madden wrote: So I trashed 1.5.0 install by deleting the folders (mistake?), downloaded 1.4.1 binary package, and tried to install it. But the 1.4.1 installer balks

Re: [OpenAFS] Changes for Mosaic's AFS cell...

On Apr 6, 2006, at 2:19 , Marcus Watts wrote: For the file servers, it's usually possible to upgrade fileserver software without moving volumes. I haven't found many production sites willing to risk this with real data. There have been and We do this somewhat regularly --- sort of. The

Re: [OpenAFS] bad token

On Mar 20, 2006, at 3:25 , Sergey S. Kleymenov wrote: Following by OpenAFS Administration Guide and Heimdal documentation, on step of setting acl of root.afs: # fs setacl /afs system:anyuser rl fs: You don't have the required access rigthts on '/afs' Is this before or after you released

Re: [OpenAFS] Re: ktadd -k anywhere afs/[EMAIL PROTECTED] breaks AFS instantly?

On Feb 14, 2006, at 3:27 , Juha Jäykkä wrote: Keytabs are normally not supposed to be shared between multiple machines, and this approach means that kadmind doesn't need to have the capability of retrieving keys from the KDC, which is an additional separation of capability and an additional

Re: [OpenAFS] Re: ktadd -k anywhere afs/[EMAIL PROTECTED] breaks AFS instantly?

-Original Message- From: Juha =?ISO-8859-1?B?SuR5a2vk?= [EMAIL PROTECTED] Date: Tuesday, Feb 14, 2006 9:06 am Subject: Re: [OpenAFS] Re: ktadd -k anywhere afs/[EMAIL PROTECTED] breaks AFS instantly? Or the Heimdal commands like Brandon Allbery noted. Indeed, there is no program

Re: [OpenAFS] AFS and libtool

On Feb 2, 2006, at 3:36 , Juha Jäykkä wrote: causes linking error: /usr/lib/gcc-lib/alpha-linux/3.3.5/../../../crt1.o(.text+0x10):../ sysdeps /alpha/elf/start.S:37: undefined reference to `main' As you can see, this happens on alpha and I cannot reproduce this on any x86 machines. (I

Re: [OpenAFS] AFS and libtool

On Feb 1, 2006, at 2:34 PM, Russ Allbery wrote: Juha Jäykkä [EMAIL PROTECTED] writes: I ran into problems building things that use libtool on afs, little googling produced this: http://lists.gnu.org/archive/html/bug-libtool/2002-12/msg00017.html Does anyone know if they have since fixed

Re: [OpenAFS] Can OpenAFS be the only authenticating entity

On Feb 1, 2006, at 5:41 , Leroy Tennison wrote: I know about integrated login but is it possible to create a Linux and/or Windows configuration where OpenAFS is the only authenticator meaning that there is no need for IDs/passwords in local files or another authentication service like

Re: [OpenAFS] the notion of site is not always well-defined / project cells

On Jan 29, 2006, at 6:19 , Adam Megacz wrote: I think the confusion comes from the fact that AFS was originally a commercial software program that you had to pay a huge amount of money for. Therefore, every user had exactly one site -- the organization that paid for his/her copy. It was

Re: [OpenAFS] Kerberos Ticket Sizes when using AD as the KDC and OpenAFS

On Jan 27, 2006, at 11:59 AM, Douglas E. Engert wrote: and update the /usr/afs/etc/UserList on the servers. I believe the kaserver admin is still required to use the k4 with the kaserver. But then again if you are using all Krb5 you don't need the kasrver. If you're using kaserver, you

Re: [OpenAFS] Re: [possibly dumb question] volume must occupy entire OS-level filesystem?

On Dec 18, 2005, at 8:47 , zeroguy wrote: On Sun, 18 Dec 2005 17:02:10 -0800 Adam Megacz [EMAIL PROTECTED] wrote: Regarding the paragraph above, I know what inodes are and the point of the namei() system call, but I wasn't aware that AFS fileserver instances came in two flavors with these

Re: [OpenAFS] afs tokens local mail delivery

On Nov 21, 2005, at 6:40 , ph rhole oper wrote: On Sun, 20 Nov 2005 22:26:24 +0100, Lars Schimmer [EMAIL PROTECTED] said: ph rhole oper wrote: lmtp daemon of Cyrus IMAP, is supposed to deliver mail localy. 1) Does it support getting afs tokens, and delivering mail in user's home directory?

Re: [OpenAFS] afs tokens local mail delivery

On Nov 20, 2005, at 4:12 , ph rhole oper wrote: lmtp daemon of Cyrus IMAP, is supposed to deliver mail localy. 1) Does it support getting afs tokens, and delivering mail in user's home directory? Cyrus delivers to its own mail store, which is designed to be stored on local disk. --

Re: [OpenAFS] aklog and PAM for Solaris

On Sat, 2005-08-20 at 17:06 -0500, John Tang Boyland wrote: (1) How do other sites handle this? Is pam_aklog passe ? (2) If not, how can I get it for Solaris ? (2b) Is there some reason why it isn't integrated with aklog in the src tree ? (or in the PAM directory.) The pam_krb5

Re: [OpenAFS] [1.3.86] heimdal/krb5 auth for BOS requests fails during initial cell setup

On Tue, 2005-08-09 at 01:39 +0200, scorch wrote: -r /on my heimdal install. doing a klist -T hangs though. This wouldn't happen to be Solaris, would it? The kafs library needs to be compiled without optimization for some reason, at least with gcc, or the attempt to read and parse tokens from

Re: [OpenAFS] [1.3.86] heimdal/krb5 auth for BOS requests fails during initial cell setup

On Mon, 2005-08-08 at 19:07 -0500, Tracy Di Marco White wrote: On 8/8/05, Brandon S. Allbery KF8NH [EMAIL PROTECTED] wrote: On Tue, 2005-08-09 at 01:39 +0200, scorch wrote: -r /on my heimdal install. doing a klist -T hangs though. You can't get tokens without afs/arla kernel module

Re: [OpenAFS] One realm and two cells

On Tue, 2005-08-02 at 14:20 -0400, Ken Hornstein wrote: tokens for those cells as well. This isn't automatic, but you could modify this code to do what you want all of the time. The same concept could be applied to something else, like pam_krb5afs, but you'd probably have to write your own

Re: [OpenAFS] FSFS Subversion repository on OpenAFS 1.3.84 problems

On Wed, 2005-06-22 at 18:42 +0200, Christof Hanke wrote: Hmmm, just a quote from the subversion-book: Other options can be listed with svnadmin help. As opposed to CVS, subversion is not based on RCS, but rather on the Berkeley Database. Make sure not to install a repository on remote file

Re: [OpenAFS] FSFS Subversion repository on OpenAFS 1.3.84 problems

On Wed, 2005-06-22 at 13:11 -0400, Mitch Collinsworth wrote: On Wed, 22 Jun 2005, Blake Atkins wrote: Though I have not been able to locate it, I recall reading a post to this list about a similar problem with CVS + AFS. I believe the solution was a patch to the client source.

Re: [OpenAFS] inherent reasons why other distributed filesystems don't have unified-mount/dynroot?

On Fri, 2005-05-06 at 21:40 -0500, Michael Norwick wrote: I'm toying with the idea of an AFS-to-{SMB,NFS,AppleShare,FTP,SFS} translator as part of my project to implement an extremely minimal afs client/fileserver in Java. The idea is to make it easier to experiment with AFS hacks by trading

RE: [OpenAFS] Commercial use of OpenAFS ?

On Thu, 2004-08-26 at 10:34, EC wrote: Hmm... What do *you* think of it (since you seem to be related to MIT which uses it as far as I know) ? BTW : I'm playing around with it for almost two weeks now and have my Linux (LFS 5.1.1 based, 2.4.27 kernel, 1.2.11 OpenAFS) crashed more than once

RE: [OpenAFS] ICMP packets

On Thu, 2004-03-18 at 14:45, ted creedon wrote: Yes it is ethereal. Use a program other than ethereal. That error message is from ethereal itself, complaining that it expected to see a KerberosV packet but found something else instead (namely a KerberosIV packet). -- brandon s. allbery

Re: Re[2]: [OpenAFS] - release operation is meaningless!

On Fri, 2003-09-19 at 12:31, Ron Croonenberg wrote: at a machine that mounts the cell : Could not chdir to home directory /home/cowboy: Permission denied At a guess, you haven't granted l access to system:anyuser on the home directory or some directory leading to it; login needs to be able to

  1   2   >