You could also try a shorter server probe interval to workaround your
connectivity problems. Try "fs checkservers -interval 30".
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
It seems the most
universal and safe way to deal with it would be to have some utility
to drop the PAG, if that is at all possible.
Why not acquire a new pag with no tokens when you start a service? That's
what I do.
___
OpenAFS-info mailing list
If you turn it on, it will be on for all file content traffic on that
client.
But only if you have a token. No token, no encryption.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Is anyone using openafs on ubuntu 5.04?
I am, but I'm not using the ubuntu kernel. I'm using 2.6.12-rc3 from
kernel.org with nfs4 patches from citi (that shouldn't make any difference).
I build by pulling source from OpenAFS cvs head:
./configure --with-afs-sysname=i386_linux26
--with-linux
The default afsd options (for AIX machines at least) end up
producing a /afs directory that is mode 777. This causes
sshd to refuse to use public key files stored in .ssh
directories somewhere under /afs.
You need "StrictModes no" in sshd_config.
My question is, where does the mode 777
> You need "StrictModes no" in sshd_config.
This seems like a bad idea for security reasons...
Why?
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Also, msu should be a link to msu.edu, not the other way around.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Hummingbird has a NFSv4 client for Microsoft Windows.
NFSv4 is probably not yet ready for deployment but it will be eventually.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Hummingbird does not give it away for free nor does it come integrated
as part of the operating system.
Microsoft Windows is not free, and OpenAFS is not part of the Microsoft
Windows operating system.
___
OpenAFS-info mailing list
OpenAFS-info@opena
Read carefully. I attended an NFSv4 presentation at a technical conference,
and found out that some of the NFSv4 features were added specifically to
compete with afs; however, the implementation is in the spec as "optional",
and, in fact, none of the existing NFSv4 implementations have
Those of you who are running apache authenticated to afs, I'm just
curious... why?
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
(1) It won't allow a user whose home directory is in AFS to
authenticate using ssh keys, even if he has Kerberos
tickets to transfer.
You can fix this by setting "StrictModes no" in your sshd_config.
What bothers me is that you can't delegate credentials unless you have used
thos
Im using afs-sysname "amd64_fbsd53" but im running FreeBSD-6.0-RELEASE.
Will it work?
I don't think so, but you are welcome to try. I suggest you write a param
file for amd64_fbsd60 and use that instead. Let me know if it works.
___
OpenAFS-info ma
At the very least you should change the SYS_NAME and add AFS_FBSD60_ENV to
src/config/param.amd64_fbsd_53.h.
And I would suggest adding the configure flags from the README.
Why did you add -fPIC to the CFLAGS?
I doubt very much that any linux binaries will work, because the afs
syscalls are not
In file included from ../sys/vnode.h:547,
from /usr/local/src/openafs-1.4.0/src/afs/sysincludes.h:257,
from /usr/local/src/openafs-1.4.0/src/afs/afs_analyze.c:20:
./vnode_if.h:9:30: vnode_if_typedef.h: No such file or directory
./vnode_if.h:10:31: vnode
Again, I'm not sure at what stage the kernel build generates those files.
I'll bet you can make them without doing a full kernel compile. Did you try
that?
I build my kernels the old-fashioned way, so that's what the default is for
--with-bsd-kernel-build. I'm open to suggestions.
__
We still support OpenAFS on previous versions of FreeBSD and I don't feel
like making the default depend on the OS version. But if you want to send
me a patch I'll be happy to look at it.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lis
I thought the "new way" was more recent than that. But I could be wrong.
Like I said, if you want to send a patch I'll look at it.
There is already some code in the libafs Makefile to generate the vnode_if.h
file. Maybe this could be extended to also generate the files it depends on.
___
I just went through this same thing on OpenBSD. In my case it was a matter
of adding -lcrypto to KRB5LIBS. As Ken said, check config.log to find out
what the problem is, then adjust KRB5CFLAGS and KRB5LIBS.
You didn't say how you configured, but if you have a working krb5-config the
easiest thin
When /i/ first
started playing with it I assumed that when I used --enable-krb5 it would
perform an AM_PATH_PROG(KRB5_CONFIG, krb5-config) and search in my path..
That wouldn't work for me. I've got a /usr/local/bin/krb5-config for MIT,
but I normally use Heimdal and it has no krb5-config.
Configure generates src/aklog/Makefile even if you don't specify
--with-krb5. That's ok because the top-level Makefile doesn't try to
descend into src/aklog. But you run into trouble if someone tries to do the
make manually, because the correct flags won't be set.
This is really user error but w
I don't know. It's whatever came with OpenBSD 3.6, so it would be at least
a year old.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
krb5-config is not needed on OpenBSD because Heimdal is installed in a
standard place. All that's needed is to avoid running the MIT krb5-config.
Do you really need aklog when you have Heimdal's afslog?
Not really, but I do like to run the same software on all platforms when I
can.
___
I was speaking of OpenAFS, not OpenBSD/Heimdal in general. It would be nice
to have krb5-config on OpenBSD, but it's not necessary for OpenAFS.
As a distributor of software other than OpenAFS, yes you have a problem.
___
OpenAFS-info mailing list
OpenAF
Where can I get your param.amd64_fbsd_60.h?
Can you confirm that -mpreferred-stack-boundary=2 is only used when building
the kernel module, in src/libafs? If not, where else?
Can you find out whether the kernel build uses -mpreferred-stack-boundary
and if so what it is set to? If possible, buil
Any distributed file system has the same problem, if files in the home
directory need to be accessed during login. NFSv4 may have to address the
same problems.
The problem with afs is that you can't put an acl on a file. NFSv4 doesn't
have this problem.
_
authentication identities to AFS ID's), the AFS directory format (to
support unicode filenames and >64K files per directory),
Does the directory format have to change for unicode? I'm pretty sure it
will hold utf-8 with no changes. Other things would have to change of
course.
__
Therefore, for a Unicode
directory entry there must be two strings stored: the normalized string
that is used for directory searches and a display string that is the
string the user entered.
Is there precedent for this? Do any other unicode based file systems do it
this way?
Are you sure your afsd matches your kernel module?
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Why --disable-afsdb?
Can you look in the configure log and figure out why it failed?
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
There should never be any reason to build with --disable-afsdb. If you
don't want afsdb, don't turn it on. Even if you do turn it on, I think the
CellServDB still takes precedence.
If you can't build without --disable-afsdb because of build problems, I
think we'd like to hear about that.
___
NAT UDP Timeouts. The firewall/NAT gateway loses the UDP mapping
between the client and the server.. The server can no longer talk
to the client.. Callbacks fail.. The server marks the client as
"Bad" because it can't talk back to the client.
It's not widely known, but the workaround fo
I seem to remember a problem where the Mac Finder would not just stat every
directory, but open it and look for a .DS_Store file. Is that still true?
I also remember there being some command you could run on the Mac that would
prevent the finder from creating .DS_Store files, but I don't know if
It's not well documented, but "fs checks -interval 0" will return the
current interval.
Also, I'm not sure this does what I thought it did. There is an interval
for down servers and a different one for up servers. It looks like this
sets the one for down servers, which probably won't help for NA
Maybe we should invoke some configure magic to allow building the user space
components with gcc on Solaris. I'm not enough of a configure expert to
know how to do this.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mai
thus you won't gain anything by compiling the userland parts with
gcc. You still need the 'native' compilers.
I could imagine some cases where this would be useful. For example, you
might be using the pre-compiled package for your platform, but want to
recompile some userland tool so you ca
The afsdb record points to a cname. I don't know if that's allowed but I
suspect not. I know you can't have a cname point to a cname.
That may or may not be your problem.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/
There is a big difference between "it works here" and "it works everywhere."
I don't know enough about dns to say that this is a problem, but I haven't
seen anything that suggests it's not.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://li
That's standard behavior. That's why it's called "ANY" and not "ALL." If
you do a query for "A" on your local caching dns, you'll get back the A
record.
ref: rfc1034, step 4.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.
Dates in the form xx/yy/ are ambiguous and should probably be avoided.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
It looks like this is the only format vos -time understands. Can anyone
think of a reason not to fix this?
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
I'm opposed to nested includes because it makes it difficult to diagnose
include ordering violations but I realize that's a losing battle.
I actually wonder why hardly anybody uses the '%I' format instead
which util/snprintf.c understands - perhaps because a move to IPv6 (if
ever) would be
How widely is strptime implemented? If all our supported platforms have it,
that would make things easier. It's in all the BSDs.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Yes, I think someone should code this up. There is no need for
afs_strptime, just put our own strptime inside of #ifndef HAVE_STRPTIME
(with appropriate configure code). See util/strl*.c.
The OpenBSD version of strptime still has the dreaded advertising clause, so
I have not imported it. Maybe
That won't help. Theo already went on a quest to remove the licensing
clause wherever possible. The strptime license is from Powerdog Industries,
not Berkeley. It originally had a much more restrictive license that didn't
even allow modification, and Powerdog reluctantly removed that restriction
When you say "it's wrong" what are you talking about? The missing include,
the proposed fix, the fix that was applied, or my statement about nested
includes?
Your patch went in exactly as you wanted. It didn't work on bsd and other
traditional unix platforms but I fixed it. Does my fix not work
I suspect we need a configure test for which curses.h to include, instead of
using AFS_LINUX20_ENV.
By the way, you are not likely to get much help at all until you provide
better information. At the very least give us the entire compilation line
and all error messages, instead of just the last l
Unfortunately, switching to tcp will not solve your NAT problems.
NATs drop their mappings from internal addr/port to external port
equally for both both udp and tcp.
I don't believe that's true for most nats. The one I use at home has a one
day timeout for tcp, and 60 seconds for udp. Lin
I have not seen the spec and I do not know how feasible it would be to
implement it as part of the application when the OS is already
supporting it directly.
I know nothing about upnp but if, for example, it's simply a matter of afsd
making a single call to the OS to register the service, th
Are you talking tcp or udp? If we had afs running over tcp, the ten-minute
ping would keep the connection alive unless your nat was really broken.
For the current udp implementation, I recently dropped in some code that
will reduce the ping interval to one minute. We have discussed this on
opena
In the future only tcp on port 80 will work. Some time after that only http
over tcp on port 80 will work. It's already happening in some places.
I think recent versions of ssh have the ability to tunnel udp. You could
try that. There might even be a way to tunnel a vpn through port 80
althoug
It actually tunnels ip, not udp, but you can obviously use it to set up a
vpn and forward all your udp traffic over it. I don't think it will forward
udp ports the way it forwards tcp ports, so I may have misremembered that.
More info here:
http://www.securityfocus.com/columnists/375
___
The openafs client is not to blame. Something is blocking the callbacks.
It's not a nat, because the client is at port 7001. My guess is the Windows
firewall. If not, then some other firewall.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
http
Right, but if it started out on port 7001 it is unlikely to have moved after
that. If there were a nat involved I would expect the client would start on
some port other than 7001, then move.
But as Jeffrey says, your best bet is to upgrade the server.
_
Your primary problem is the firewalled client. This is not an afs bug, it's
a problem with your network. You must fix this. If you don't you will have
file system delays and cache inconsistency. There is also a secondary
problem, that this one misbehaving client can bring down your entire cell.
There is a firewall somewhere. You're not looking hard enough. Try
traceroute, and tcpdump along the path.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Should the "latest release" link on the web site be updated to point to
1.4.1 now that it's out?
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
A few of us have worked on it in the past but no one is working on the
FreeBSD client now.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Sigh. Groan. Didn't we just discuss this last week for the hundredth time?
The consensus was that it's a bad idea to allow ordinary users to pound on
the servers that way. I did put code in cvs head that will check up and
down servers every 30 seconds, but right now there is no convenient way t
I've been told it's crucial to increase both rxpck and udpsize. Maybe we
should change the defaults, or auto-tune them somehow?
Our production servers run with
fileserver -L -p 92 -rxpck 2400 -udpsize 524288 -l 1000 -s 1000 -vc 1000
-nojumbo
___
OpenAF
It's at the Michigan Union:
http://www.google.com/maps?f=q&hl=en&q=530+S.+State+St.+Ann+Arbor,+MI&om=1
I don't drive there myself and I don't recommend you try it. There is a
parking structure on Maynard between William and Liberty.
___
OpenAFS-info ma
That's pretty much what disconnected afs does. It took a grad student a
year or two to write and is thousands of lines of code. A readonly version
would be easier but it's still far from trivial.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
ht
Shuttle buses will run Monday and Tuesday between the Holiday Inn and the
Michigan Union. The first bus in the morning will leave the Holiday Inn at
7:30 and the last around 9:45. The first bus in the afternoon will leave
the Michigan Union at 4:30 and the last around 6:30.
If you need to travel
The server should work fine. If not please file a bug report.
Several of us have worked on the client but it's not useful right now,
mostly because of the locking changes that went in to FreeBSD for SMP
support. We would welcome any contributions of code to get the client
working.
__
Yes, but what you'd really like is to find out why gnome can't see the
files. I didn't catch what OS this was but I would suggest trying ktrace or
similar to trace the system calls and find out what's failing.
___
OpenAFS-info mailing list
OpenAFS-info@o
At one time we had a list of the 11 files that must be present on the local
disk to bring up afs on at RT. Our "minimal" install is now 1700 files.
I would not want to put hosts or resolv.conf in afs. I think you could, if
you're not using afsdb, but I still wouldn't want to.
___
I put a fix in to cvs head yesterdy for the missing ubik_client declaration,
but it's not really the right fix.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
I'm still running Transarc 3.1a on my Apollo, and it works fine against
OpenAFS servers. Even klog works, although I'm not sure how that's
possible.
Should we have an "oldest client" contest?
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https:
There's also the issue of accessing in-kernel crypto if you want to use
something other than des. I suspect rxk5 will probably work in the linux
cache manager to begin with, and require some help to work on other
platforms.
___
OpenAFS-info mailing list
The client doesn't really work any more. I suppose I should fix the README
and the web site.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Although I think you'll make better progress if you load the kernel module.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
A few of us have worked on the FreeBSD client in the past, but no one is
working on it now. To complete it, you would have to find someone willing
and able to do the work. The remaining problems mostly have to do with
locking, vnode refcounting, and of course packaging.
If you are determined to
You might try arla. It's been reported to work on FreeBSD.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
This should go in an FAQ somewhere.
You can set a probe interval with "fs checks -interval" but that's not quite
what you want because it only sets the interval for down servers.
There is a "fs discon" command that will put you in to "nat mode," where all
servers will be probed at 60 second inter
I did have kernel-source installed. The problem was that I had
left off "--with-linux-kernel-headers=/usr/src/linux" when I ran
configure. I am somewhat embarassed that it was so simple.
That shouldn't be necessary. Do you know why it failed? Did it find a
different set of kernel sources
It sounds like what you are looking for is a new command that flushes
the server list without restarting the afs client.
That would be useful for the case where you have decommissioned a file
server, and "fs checks" still checks for it every time.
__
If everything is working right, you don't have to disable it, because afsd
won't set the clock unless it's more than two seconds off. If you are
seeing the "setting clock" message, something is wrong with your client or
server. Newer versions of OpenAFS have clock setting turned off by default.
I used to run the Transarc client over a 9600 bps Qblazer. With almost
everything in afs, including almost all of /usr (not /usr/vice obviously).
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-in
If you're moving to newer hardware, why bother upgrading the old hardware to
new software at all?
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Haven't the gnu people been on a rampage recently to discourage the use of
cpp? I seem to remember running into this recently trying to preprocess
.xresources on ubuntu.
I have to agree with Derrick and Jeffrey that if you don't have /lib/cpp,
then it isn't installed, and installing it is your so
At one time we were trying to get afsd to auto-tune so that the various
options for different cache sizes would not be needed. If the current
auto-tuning isn't good enough, maybe someone should work on it some more.
Or maybe that didn't make it in to 1.4.x, I don't remember.
_
How about stock openssh, no patches, set up for gss (kerberos)
authentication and ticket passing? That's what I use. Then you can aklog
(or afslog) in your .cshrc (or whatever). No k4 required.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
htt
However, that doesn't help you if you insist on passing explicit values on
the command line, as is done by the startup scripts included with several
of the binary packages.
Yes, that's exactly my point. I would like to see the platform maintainers
remove these overrides. I have done so f
So just be be 100% clear, to turn autotune on, all you need to do is
start up "afsd" without any of these options: "-stat, -dcache,
-daemons, -volumes, -chucksize"?
That's right. You can find out what the values got auto-tuned to with
"cmdebug -cache".
Does auto-tuning work only for disk
Isn't undelete an application function? I don't think it belongs in the
file system. Are there any other file systems that implement it?
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Jeff Blaine wrote:
CC and CPPFLAGS being ignored (I am using GNU make of course)
when building aklog. Also, isn't this supposed to build by
default, what with kaserver's deprecation and all... ?
You want KRB5CFLAGS and KRB5LIBS. These are options to configure, not to
make. If this isn't
Jeff Blaine wrote:
If I'm not misunderstanding the current configure output, these
are set by configure these days (when one runs configure properly).
That's only if you have krb5-config. I thought you didn't, because a) you
have Solaris and I thought Solaris didn't come with anything, and b
How big is your working set? If it won't fit in your afs cache, you will
not be happy.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Beagle may be triggering the bug, but if you are running out of vcaches and
don't have 4000 files open, there is a leak in afs somewhere. Can you try
"lsof" (or equivalent, I don't remember if this is linux) and find out
whether the files are really open?
__
Ken Aaker wrote:
There is an lsof command available, Are there some options for lsof that
would be useful?
I don't use it myself, but "lsof |wc" should give you a few hundred files,
at least on a personal workstation. If it's over 4000 you may have to play
with the options to get an accurate
Alexander Al wrote:
I'll tell the user : "can't" (because he is connecting from outside.)
That's the wrong answer. This should go in a FAQ somewhere. You just need
to make the public key world readable. That's difficult because ssh wants
to put public and private keys both in the same direct
I think it's probably confused by the over-quota. The error message could
be improved. Try increasing the quota, then do the move.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Walter Lamagna wrote:
pam_afs[25129]: AFS Won't use illegal password for user walter
How could i resolve it ?
I don't know. I thought you wanted to use ssh public key authentication. I
don't know anything about pam.
___
OpenAFS-info mailing list
O
Chris Huebsch wrote:
There is no command "give me all the available space on all of my afs
servers". You need to write a little script for that.
Here's mine:
% which rdf
rdf: aliased to fs df /afs/citi.umich.edu/partitions/*
To make this work you have to remember to create a tiny volume
chas williams - CONTRACTOR wrote:
the ibm html documentation has been converted to xml (the preferred
format). its in the cvs repository. its a straight conversion with
little editing so the documentation still says 'AFS 3.6'. i didnt
proof every single page so there might be a few erro
Marcus Watts wrote:
Ok, so there is the whole com_err mess. But openafs has
its own com_err so that "shouldn't" matter.
Isn't the problem here that asetkey needs both the OpenAFS and the Kerberos
com_errs, but you can't have both in a single program? I'll admit I'm not
an expert on this sub
I just committed doc/README to the source tree. I'm sure it's incomplete
and maybe even wrong, so please send corrections. I prefer actual text to
vague statements.
===
What's in the "doc" subdirectory
** doc/html
original ibm html doc, no longer used
** doc/man-pages
pod sources for man pages
Adam Megacz wrote:
This patch adds a configure-time "--disable-volume-owner-a" which
has the desired effect.
Shouldn't this be a run-time switch?
___
OpenAFS-info mailing list
[EMAIL PROTECTED]
https://lists.openafs.org/mailman/listinfo/openafs-info
It's in Check_PermissionRights():
if (CallingRoutine & CHK_FETCH) {
/* must have read access, or be owner and have insert access */
if (!(rights & PRSFS_READ)
&& !(OWNSp(client, targetptr) && (rights & PRSFS_INSERT)))
retu
Aren't you trying to build asetkey?
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
1 - 100 of 193 matches
Mail list logo