Is that literally all you did as setup? If so, you would indeed be able to get
tokens, but the servers would not recognize their keys and would reject the
tokens.
It sounds like the correct extra steps for your case are to make the following
changes on the AFS database servers:
(1) create a fi
Take a look at "fs setserverprefs".
On October 25, 2015 9:38:32 PM EDT, Garance A Drosehn wrote:
>We have some AFS volumes which hold data for various web servers on
>campus. These volumes are replicated on multiple file servers,
>because that's an intelligent thing to do with important data.
>
his tells me that heimdal was built with gcc and indicating parameters
accordingly. Perhaps it should be rebuilt with Sun Studio so it reports the
appropriate Sun Studio options.
--
brandon s allbery kf8nh
___
OpenAFS-info mailing list
OpenAFS-info@
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2/18/11 14:14 , Andy Cobaugh wrote:
> Just curious why you're not just using the stock pam_krb5? At least in a
> plain jane krb5 environment, pam_krb5 has worked fine for us (though I
> haven't tried very recent Fedora).
There are programs which do
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2/1/11 00:26 , Derrick Brashear wrote:
> On Fri, Jan 21, 2011 at 9:41 AM, Chris Jones wrote:
>> I need to run the 64bit kernel, as have updated my MacBook Pro to 8GB ram,
>> and I need to run the 64 bit kernel to properly support this. AFS is so sl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/10/10 09:58 , Stephen Joyce wrote:
> I gave up gnome back around RedHat 8.x days due to issues with AFS homedirs.
> Has gnome with afs homedirs improved any since then?
Nope. I've switched to KDE almost exclusively, although I do poke at GNOME
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/20/10 12:18 , Phillip Moore wrote:
> gcc -c -I/efs/test/openafs/core/1.5.77/.exec/x86-64.rhel.5/include
> -D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -fstack-protector -D_\
> LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -DVERSION=\"v2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/13/10 00:18 , Adam Megacz wrote:
> Brandon S Allbery KF8NH writes:
>> (And apparently his use case is to be considered the common one.)
>
> I'm having trouble parsing this.
Notwithstanding the latest message, what you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/12/10 17:23 , Steve Simmons wrote:
> It sounds like you're suggesting we modify afs so it understands resource
> forks properly and generate an error message if someone attempts to create a
> file whose name might be mistaken for a resource for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/10/10 15:24 , Adam Megacz wrote:
> Unfortunately it seems like there is no way to get MacOS to refrain from
> writing the second kind of file, and it seems like Apple deliberately
> doesn't want there to be one.
...because if OSX wants a resourc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/9/10 10:37 , Anders Magnusson wrote:
> fileserver fails to handle SIGKILL correctly and segfaults as a side effect).
No process gets to handle SIGKILL at all, so a segfault must have some other
cause. Or did you mean SIGTERM?
- --
brandon s.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/8/10 17:43 , Simon Wilkinson wrote:
> I do wonder if the abort threshold is too aggressive when applied to
> authenticated clients. Whilst a denial of service attack is possible from
> authenticated clients, it's also more likely that there wil
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/1/10 13:04 , Russ Allbery wrote:
> Andy Cobaugh writes:
>> Two, I'm guessing this is debian?
>
> No, it's not Debian, although the common-* stuff made it look that way.
> But that's the Red Hat pam_krb5.
SuSE has been using the common-* stuff
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/1/10 14:44 , Steve Simmons wrote:
> On Sep 30, 2010, at 4:09 PM, Robert Milkowski wrote:
>> Why does it matter for you if ZFS is being developed in open or not?
>
> Can't speak for anybody else, but w/r/t umich and AFS it's likely a matter of
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 9/30/10 12:53 , Vincent Fox wrote:
> It makes me sad that Oracle bought Sun, where it will probably wither.
> If IBM had bought Sun I would have more hope of a good filesystem
> for MacOS, Linux, etc. in the near term. ZFS has been stable and
> in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 9/30/10 17:58 , Phillip Moore wrote:
> If that's the case, then do Heimdal users need to bother with the
> openafs-krb5 rpm at all?
If this is going into a quick start guide, I would be tempted to say that
because asetkey will work with Heimdal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 7/22/10 17:12 , Andrew Deason wrote:
> I think Brandon was talking about using clones to have 'yesterday',
> 'last week', and 'last month' (et al) volumes all available to users all
> the time. It's an interesting idea, but it has limitations as you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 7/18/10 16:47 , Andrew Deason wrote:
> On Fri, 16 Jul 2010 20:00:39 -0400
> Brandon S Allbery KF8NH wrote:
>
>>>> It occurs to me... is it possible to "vos clone" a backup volume?
>>>
>>> No, you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 7/16/10 00:35 , Andrew Deason wrote:
> On Thu, 15 Jul 2010 02:06:36 -0400
> Brandon S Allbery KF8NH wrote:
>
>> It occurs to me... is it possible to "vos clone" a backup volume?
>
> No, you can only clone RW vol
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 7/14/10 13:59 , Russ Allbery wrote:
> Jonathan Nilsson writes:
>> I can't think of any reason NOT to proceed with this... so if anyone who
>> has tried this has any advice, it'd be much appreciated!
>
> Various people have done this sort of thing
On Jun 16, 2010, at 22:29 , Jeffrey Altman wrote:
On 6/16/2010 9:50 PM, Russ Allbery wrote:
Jason Edgecombe writes:
We're using uss in a non-kaserver environment. I know that we
could do
without it, but it's nice to have. If uss weren't available, an
equivalent tool would need to be availabl
On May 20, 2010, at 17:36 , Rick Cochran wrote:
I'm having trouble understanding the following.
(elided)
I've seen that when Linux gets its dcache confuzzled; flushing the
dcache in various ways --- or, sometimes, the path, but I think that's
actually triggering the garbage dcache entries g
On May 3, 2010, at 11:38 , Steve Simmons wrote:
On May 1, 2010, at 1:35 AM, Brandon S. Allbery KF8NH wrote:
On Apr 30, 2010, at 14:32 , Richard Brittain wrote:
This solves my immediate need, and I'll probably use your mount
point database too, but begs the question of why perl's
On May 3, 2010, at 09:09 , Frank Burkhardt wrote:
is the openafs-fileserver supposed to take advantage of multiple cpu
cores?
Last I heard, only the database servers were capable of true threaded
operation (and that possibly only in 1.5); the fileserver still uses
the old userspace "thread
On May 1, 2010, at 02:25 , Brandon S. Allbery KF8NH wrote:
EACCES is the POSIX-specified errno.
My bad; it is indeed EBADF, EACCES is only returned if the region is
already locked.
--
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allb...@kf8nh.com
system administrator [openafs
On Apr 30, 2010, at 18:07 , Andrew Deason wrote:
After some offline discussion, this appears to probably be the case.
sqlite opens the db file O_RDONLY, and attempts to acquire an fcntl
F_WRLCK on it, to which it gets EROFS back. Trying to acquire a
writelock on a file opened readonly doesn't mak
On Apr 30, 2010, at 14:32 , Richard Brittain wrote:
This solves my immediate need, and I'll probably use your mount
point database too, but begs the question of why perl's
File::Find module works fine, while 'find' breaks. Underneath they
are presumably making very similar system calls.
Si
On Apr 25, 2010, at 23:00 , Andrew Deason wrote:
On Sun, 25 Apr 2010 21:19:24 -0400
Jeffrey Altman wrote:
When a whole file lock is write-held, all of the dirty data in the
cache must be written back to the file server before the lock is
released. This is currently not being done and as a resul
On Mar 1, 2010, at 20:44 , Stephen Repetski wrote:
My question is this: how relevant is this restart with the current
stable (1.4.11) release of OpenAFS? Apparently this dates back to the
1.2.x days (correct me if I'm wrong), and the code base has definitely
It actually goes back to the origin
I'm speculating, but that would be a problem with how Windows
implements the "ktpass mapuser" function and then returns tickets
for a mapped user with the same kvno as the principal. So both the
user "afs" and the principal "afs/mycell.edu" are returning tickets
with the same kvno. And I
On Feb 26, 2010, at 14:03 , Jonathan Nilsson wrote:
On Fri, Feb 26, 2010 at 10:44, Brandon S. Allbery KF8NH > wrote:
On Feb 26, 2010, at 13:24 , Jonathan Nilsson wrote:
[09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0 afs
a...@ss2k-devel.uci.edu: kvno = 2
[09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0
On Feb 26, 2010, at 13:24 , Jonathan Nilsson wrote:
[09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0 afs
a...@ss2k-devel.uci.edu: kvno = 2
[09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0 afs/mycell.edu
afs/mycell@mycell.edu: kvno = 2
You put both of these in the KeyFile? With the same kvno? This wil
On Feb 12, 2010, at 17:41 , J wrote:
Also, I see that I need port 88 open to authenticate, which on one
hand makes sense since this is a Kerberos port. But most of the
documentation I've read about AFS says I only need ports open in the
7000 range (specifically 7001) for minimal file server
On Sep 9, 2009, at 05:38 , Enzo Vitale wrote:
I have installed Mac OS X 10.6 (Snow Leopard) on my mac. Then I have
installed the 10.4.11 version of OpenAFS (the version for snow
leopard), but when I type the klog command I get the following
message: "Unable to authenticate to AFS because pas
On Jul 17, 2009, at 15:01 , Eric Chris Garrison wrote:
[r...@rufus2 etc]# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: afs/afstest.iu@ads.iu.edu
Valid starting ExpiresService principal
07/17/09 14:34:44 07/18/09 00:34:44 krbtgt/ads.iu@ads.iu.edu
On Jun 18, 2009, at 17:37 , David Bear wrote:
Anyone else having trouble getting to the web site?
Looks like it's another victim of the flooding on the CMU campus last
night.
--
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allb...@kf8nh.com
system administrator [openafs,heimdal,t
On 2009 Apr 7, at 2:01, TIARA System Man wrote:
i only had a...@realm. should i create another afs/c...@realm?
It's not necessary. Current practice is to use afs/c...@realm but you
don't have to change unless you're planning to have the same Kerberos
realm host multiple cells at some point.
On 2009 Apr 6, at 23:12, TIARA System Man wrote:
on the april fools' day, i installed another afs file server. it was
disaster i made some thing wrong. i added another kerberos afs
Don't do that. There should be a single AFS principal across an
entire cell (you could have two (a...@realm and
On 2008 Dec 21, at 12:13, Georg P. Israel wrote:
AFS seems to do this in a good way, but Kerberos is a constant
annoyance
to it. I do have machines that generate simulation data and have to
work
for weeks. If I like to do this with the current OpenAFS setup, I'll
have to log in once a day and
On 2008 Nov 14, at 7:18, Chas Williams (CONTRACTOR) wrote:
In message <5FB03AFA-8CA1-4B39-
[EMAIL PROTECTED]>,"Brandon S. Allbe
ry KF8NH" writes:
It used to be said (back when warlord was maintaining linux-afs and
Transarc 3.4a was the main release) that the memcache was much less
efficient tha
On Nov 13, 2008, at 09:39 , Jason Edgecombe wrote:
Harald Barth wrote:
On Linux, if you're using tmpfs as the cache, what's the difference
between letting the memcache swap out vs a disk cache in tmpfs?
Does memcache swap out? I was convinced it did not.
I don't believe that it does, but I w
On 2008 Nov 11, at 11:24, Ted Creedon wrote:
Is it the .0.0.0.0 address? Somehow I got it running, blew it away,
did a reinstall and I'm back to square 1.
No, the address is a wildcard. It's the port (7007) that is in use.
--
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] [EMAIL PRO
On 2008 Nov 1, at 14:56, Vincent Fox wrote:
Solaris 10 u6 is now out, supporting ZFS root disks.
So is there any way to use a ZFS filesystem for client cache?
I tried Solaris 10 version 1.4.7 both the namei binary and the
inode binary and both panic the system.
ZFS can't be used directly, but
On Sep 26, 2008, at 13:11 , Daniel Debertin wrote:
I'm doing this for my AFS admin, as described in the documentation:
ka> setfields admin -flags admin
Which works fine using OpenAFS's kaserver. What is the equivalent in
Kerberos 5/Heimdal?
Adding
admin all
to /var/heimdal/kadm5.acl (or
On 2008 Sep 4, at 17:48, Russ Allbery wrote:
Frank Burkhardt <[EMAIL PROTECTED]> writes:
Is it possible to disable it?
Not without source code modifications.
Also, the change would likely need to be made to both OpenAFS and to
your Kerberos server; although with Heimdal it would be a krb5
On 2008 Aug 30, at 15:11, Tom Cocagne wrote:
Hmmm. That sounds reasonable. Any idea what settings I might
want to look at? So far I've left all the nss-ldap stuff on the
default settings Gentoo provides (minus adding ldap to the
nsswitch.conf, of course).
Not really. We have yet to g
On 2008 Aug 30, at 14:13, Tom Cocagne wrote:
I recently noticed a problem where all files in OpenAFS appear
to be owned by most recently added user. An "ls -l" in user A's home
directory will show all files being owned by user B, immediately
after creating user B's account and home direc
On 2008 Jul 29, at 3:44, Stephan Wonczak wrote:
While more redundancy (i.e. a third database server) is always a
good idea, it is not strictly necessary, much less 'a bad idea to
run with two database servers'.
Christof probably was thinking about the 'split brain' problem,
which does no
On 2008 Jul 20, at 19:00, Loren M. Lang wrote:
1. Currently, there is no support for anything besides DES encryption
between the Kerberos 5 servers and OpenAFS with make that that will be
weakest link in our network.
2. All OpenAFS file and/or database servers all use the same KeyFile
which me
On 2008 May 22, at 7:31, Lara Lloret Iglesias wrote:
I installed a kerberos server in both machines, but maybe I just
have to install it in one of the machines and copy somehow the
configuration to the other servers...I don't know what do I have to
do actually. Each server on the cell need
On 2008 Apr 24, at 20:24, David Bear wrote:
okay -- I just bought an iMac .. it has an openafs on it (or what
looks like it).. I didn't put it there. I have no clue how to get it
configured.
Errr, I just bought an iMac and it definitely does not have OpenAFS on
it. What makes you belie
On Apr 24, 2008, at 20:31 , Jason Edgecombe wrote:
Amit Bajaj wrote:
Dear Team
I have been searching for documentation for OpenAFS 1.5
installation on REHEL 4, I am getting IBM 3.6 version installation
guide only
For installing a new cell, try this:
http://www.dementia.org/twiki/bin/vi
On Apr 21, 2008, at 4:23 , Didi wrote:
If by "unknown" you mean nameless, that's not what the patch does.
Such a patch would not even have been considered.
I agree that hiding this information in some cases might not be
optimal, but the main problem is that through this the 'groups'
command
On Apr 20, 2008, at 14:37 , Russ Allbery wrote:
Jim Meyering <[EMAIL PROTECTED]> writes:
Knowing that, I expect to revert that patch -- unless someone
can come up with a very good argument for the new behavior.
Out of curiosity, how have you used it?
Usually to tell whether two shells are i
On Apr 16, 2008, at 9:34 , Vladimir Konrad wrote:
I am thinking of running several data downloads to AFS (scheduled from
cron) and using the same keytab for all jobs. The jobs can be
scheduled at the same time (on the same server).
Will there be a window when 2nd download job (while authenticat
On Mar 1, 2008, at 11:35 , Jeffrey Altman wrote:
Steve Devine wrote:
http://www.msu.edu/~elizald2/viagra/order-viagra-overnight-
delivery.html
I have disabled it but you get the idea,. This dir is chock-o-
block full
of crap.
I believe this is the work of a bot that arrives initially to the
On Jan 31, 2008, at 17:24 , David Bear wrote:
pts members somegroup
libprot: no such entry Could not get afs tokens, running
unauthenticated.
pts: User or group doesn't exist so couldn't look up id for somegroup
What does "fs wscell" say? I suspect it'll return "openafs.org"
instead of
On Jan 7, 2008, at 8:45 , Matthias Teege wrote:
Then I checked the setup with fs lsmount.
% fs lsmount /afs/mteege.de/user
fs : Invalid argument; it is possible that /afs/mteege.de/user is
not in AFS.
% fs lsmount /afs/mteege.de/user/matthias
'/afs/mteege.de/user/matthias' is a mount point
On Nov 29, 2007, at 10:38 , Derrick Brashear wrote:
On Nov 29, 2007 10:31 AM, Helmut Jarausch <[EMAIL PROTECTED]
aachen.de> wrote:
> I'd like to resize (enlarge) the ext2-partition on which e.g.
> /vicepa is mounted.
It doesn't care, and won't use it unless you increase the number in
the cac
On Oct 25, 2007, at 12:36 , Ken Hornstein wrote:
would be reasonable to ship this program with OpenAFS. But the
problem here is I don't see who is going to do the work; obviously
I transitioned our cell years ago, and I have no motivation or time
to do work on fixing up afs2k5db. I think most
On Oct 24, 2007, at 12:21 , Steven Jenkins wrote:
I think it would be very useful if someone had the time/energy to
build a 'vms-lite' that people could adopt at their sites. That seems
a more strategic direction than trying to extend RO capabilities.
I have to admit I've thought about what
On Oct 24, 2007, at 11:33 , Lars Richter wrote:
Harald Barth schrieb:
I also can reproduce this behavior.
Do all clients but the one you created the files on show identical
file dates? Harald.
No.
All clients have different dates in the nanoseconds. All other
values are identical!
I d
On Oct 24, 2007, at 10:15 , Steven Jenkins wrote:
- the RO handling is not good -- what happens if the _only_ RO is on
the old server and the remsite happens? Clients with existing
remsite is irrelevant: it just informs the vlserver of where an R/O
replica will be stored in the future, it
On Oct 24, 2007, at 10:25 , Steven Jenkins wrote:
I sort of understand this need, but I suggest that it's caused by poor
namespace management, and that the solution should be to improve that
rather than try to keep your RWs and ROs out of sync with each other.
I think you're misunderstanding;
On Oct 24, 2007, at 10:15 , Steven Jenkins wrote:
- there is no error checking in here, so there are potential issues (I
realize your script is generating the commands, not actually doing
them, but it still needs to address error checking -- if nothing else
stick a '|| exit 1' at the end of eac
On Oct 24, 2007, at 9:54 , Steven Jenkins wrote:
On 10/24/07, Derrick Brashear <[EMAIL PROTECTED]> wrote:
...
the interesting case is where the RW has unreleased changes and
you want to
recreate the ROs as they are now. i don't know of distributed
tools to do
this.
I hadn't really though
On Oct 18, 2007, at 15:26 , Tim OBrien wrote:
machine. However, from the other machine, I can't create a
mountpoint in afs or
do much of anything, since it states that /afs is mounted read
only. I used the
Normally if a read only replica exists it will be mounted by
preference. The usef
On Sep 6, 2007, at 15:07 , Steve Devine wrote:
Jim Rees wrote:
I think ten minutes is enough, because that's how often the client
pings
servers it cares about. I could be wrong.
Hmm what if the server is blocking ping / icmp ?
Blocking arbitrary ICMP is always bad juju.
But the "ping"
On Sep 6, 2007, at 13:06 , Steve Devine wrote:
Another group in our department mounts web folders out of users
home afs space.
I recently moved several thousand user vols from one afs server to
another using vos move.
The folks running the web server reported that several of these
mountpo
On May 29, 2007, at 6:41 , El Barto wrote:
But when I want to setacl I get these error :
kdc# /usr/afs/bin/fs setacl /afs system:anyuser rl
Bad system call (core dumped)
(...)
Anyone got an idee of what I do wrong ?
What you did wrong is run a command that requires the AFS client,
whic
On May 23, 2007, at 20:21 , Brian Sebby wrote:
Wed May 23 18:55:01 2007 ,krbtgt.ANL.GOV:auth from
I understand that the IP address is given in hex, but could someone
explain
the difference between "afs:gtck", "afs:auth", and
"krbtgt.ANL.GOV:auth"?
The last one almost makes me think that
On Feb 2, 2007, at 8:16 , Ronny Blomme wrote:
I am setting up openafs-1.4.2 client and server on FC4 with
heimdal-0.7.2. I replaced the kas-server with kdc.
When I login to this server with ssh, I get tickets/tokens (via /
etc/pam.d/sshd).
These initial tokens can be refreshed once with "kini
On Jan 3, 2007, at 16:30 , Jeffrey Altman wrote:
Jim Rees wrote:
To build aklog you need configure --with-krb5. This is not
currently the
default but I'm sure it will be soon. Note that if you are using
heimdal
you don't need aklog, use heimdal's afslog instead. Again, if
this isn't
On Oct 30, 2006, at 19:15 , Rich Sudlow wrote:
What's the best replacement for the old AFS rsh and
Transarc inetd which does token passing?
openssh with the hpn patches.
The final release of kth-krb4 has an rsh / rshd which forwards
Kerberos 4 tickets and can generate tokens from them. Th
On Aug 22, 2006, at 15:37 , Jeffrey Hutzelman wrote:
These options are specific to the GNU versions of find and xargs,
respectively. What they do is make find separate filenames it
outputs with NUL's rather than newlines, and make xargs expect that
behavior. If you don't have GNU find an
On Aug 3, 2006, at 2:53 PM, Roel Flora wrote:
I was wondering if anyone has done a migration from Transarc to
OpenAFS
recently and can provide some suggestions on how to do the
migration smoothly.
We have a large number of existing users and around 1 Terabyte of data
to move. I expect that
On Aug 7, 2006, at 9:03 , Christopher D. Clausen wrote:
John Hascall <[EMAIL PROTECTED]> wrote:
This means that, during about 10 days, DB servers with 2 different
versions of OpenAFS will have to cohabit (1 x 1.4.1 and 2 x 1.2.13,
then 2 x 1.4.1 and 1 x 1.2.13, before the final 3 x 1.4.1).
I
On Jul 17, 2006, at 21:18 , Esther Filderman wrote:
On 7/14/06, Daniel Miller <[EMAIL PROTECTED]> wrote:
I'm also trying to do salvage again using 'bos salvage -server keizan
-partition vicepa -noauth' and I get:
bos: shutting down fs.
bos: can't stop 'fs' (you are not authorized for this op
I'd previously replied privately (from my cellphone, ug); this is for
public archival...
On May 1, 2006, at 9:55 AM, John Madden wrote:
So I trashed 1.5.0 install by deleting the folders (mistake?),
downloaded 1.4.1 binary package, and tried to install it. But the
1.4.1 installer balks afte
On Apr 6, 2006, at 2:19 , Marcus Watts wrote:
For the file servers, it's usually possible to upgrade fileserver
software without moving volumes. I haven't found many production
sites willing to risk this with real data. There have been and
We do this somewhat regularly --- sort of. The AFS
On Mar 20, 2006, at 3:25 , Sergey S. Kleymenov wrote:
Following by OpenAFS Administration Guide and Heimdal
documentation, on step of setting acl of root.afs:
# fs setacl /afs system:anyuser rl
fs: You don't have the required access rigthts on '/afs'
Is this before or after you released roo
-Original Message-
From: Juha =?ISO-8859-1?B?SuR5a2vk?= <[EMAIL PROTECTED]>
Date: Tuesday, Feb 14, 2006 9:06 am
Subject: Re: [OpenAFS] Re: "ktadd -k afs/[EMAIL PROTECTED]" breaks
AFS instantly?
Or the Heimdal commands like Brandon Allbery noted. Indeed, there is no program
"asetkey"
On Feb 14, 2006, at 3:27 , Juha Jäykkä wrote:
Keytabs are normally not supposed to be shared between multiple
machines, and this approach means that kadmind doesn't need to
have the
capability of retrieving keys from the KDC, which is an additional
separation of capability and an additional
On Feb 2, 2006, at 3:36 , Juha Jäykkä wrote:
causes linking error:
/usr/lib/gcc-lib/alpha-linux/3.3.5/../../../crt1.o(.text+0x10):../
sysdeps
/alpha/elf/start.S:37: undefined reference to `main'
As you can see, this happens on alpha and I cannot reproduce this on
any x86 machines. (I tested
On Feb 1, 2006, at 2:34 PM, Russ Allbery wrote:
Juha Jäykkä <[EMAIL PROTECTED]> writes:
I ran into problems building things that use libtool on afs, little
googling produced this:
http://lists.gnu.org/archive/html/bug-libtool/2002-12/msg00017.html
Does anyone know if they have since fixe
On Feb 1, 2006, at 5:41 , Leroy Tennison wrote:
I know about integrated login but is it possible to create a Linux
and/or Windows configuration where OpenAFS is the only
"authenticator" meaning that there is no need for IDs/passwords in
local files or another authentication service like NI
On Jan 29, 2006, at 6:19 , Adam Megacz wrote:
I think the confusion comes from the fact that AFS was originally a
commercial software program that you had to pay a huge amount of money
for. Therefore, every user had exactly one "site" -- the organization
that paid for his/her copy. It was ext
On Jan 27, 2006, at 11:59 AM, Douglas E. Engert wrote:
and update the /usr/afs/etc/UserList on the servers. I believe the
kaserver
admin is still required to use the k4 with the kaserver. But then
again if you
are using all Krb5 you don't need the kasrver.
If you're using kaserver, you set
On Dec 18, 2005, at 8:47 , zeroguy wrote:
On Sun, 18 Dec 2005 17:02:10 -0800
Adam Megacz <[EMAIL PROTECTED]> wrote:
Regarding the paragraph above, I know what inodes are and the
point of
the namei() system call, but I wasn't aware that AFS fileserver
instances came in two "flavors" with the
On Nov 21, 2005, at 6:40 , ph rhole oper wrote:
On Sun, 20 Nov 2005 22:26:24 +0100, "Lars Schimmer"
<[EMAIL PROTECTED]> said:
ph rhole oper wrote:
lmtp daemon of Cyrus IMAP, is supposed to deliver mail localy.
1) Does it support getting afs tokens, and delivering mail in user's
home directory
On Nov 20, 2005, at 4:12 , ph rhole oper wrote:
lmtp daemon of Cyrus IMAP, is supposed to deliver mail localy.
1) Does it support getting afs tokens, and delivering mail in user's
home directory?
Cyrus delivers to its own mail store, which is designed to be stored
on local disk.
--
brando
On Sat, 2005-08-20 at 17:06 -0500, John Tang Boyland wrote:
> (1) How do other sites handle this? Is pam_aklog passe ?
> (2) If not, how can I get it for Solaris ?
> (2b) Is there some reason why it isn't integrated with
>aklog in the src tree ? (or in the PAM directory.)
The pam_krb5
On Mon, 2005-08-08 at 19:07 -0500, Tracy Di Marco White wrote:
> On 8/8/05, Brandon S. Allbery KF8NH <[EMAIL PROTECTED]> wrote:
> > On Tue, 2005-08-09 at 01:39 +0200, scorch wrote:
> > > -r /on my heimdal install. doing a klist -T hangs though.
>
> You can't
On Tue, 2005-08-09 at 01:39 +0200, scorch wrote:
> -r /on my heimdal install. doing a klist -T hangs though.
This wouldn't happen to be Solaris, would it? The kafs library needs to
be compiled without optimization for some reason, at least with gcc, or
the attempt to read and parse tokens from t
On Tue, 2005-08-02 at 14:20 -0400, Ken Hornstein wrote:
> tokens for those cells as well. This isn't automatic, but you could
> modify this code to do what you want all of the time. The same
> concept could be applied to something else, like pam_krb5afs, but
> you'd probably have to write your ow
On Mon, 2005-07-11 at 02:13 -0400, Sir Clark Frazier Hale I wrote:
> Madhusudan Singh wrote:
> > I am trying to install an openafs server (well, trying to configure it)
> > as a
> > MIT kerberos 5 client (authentication in a realm other than the cell name)
> > on
> > a Slackware 10.1 machin
On Wed, 2005-06-22 at 13:47 -0400, Mitch Collinsworth wrote:
> Sounds good. It's been a while but looking at our config file it
> looks like I worked around this by pointing LockDir to a writable
> directory. Or is this the patch you're talking about maybe?
That's what I'm talking about; LockDir
On Wed, 2005-06-22 at 13:11 -0400, Mitch Collinsworth wrote:
> On Wed, 22 Jun 2005, Blake Atkins wrote:
> > Though I have not been able to locate it, I recall reading a post to
> > this
> > list about a similar problem with CVS + AFS. I believe the solution was a
> > patch to the client sourc
On Wed, 2005-06-22 at 18:42 +0200, Christof Hanke wrote:
> Hmmm, just a quote from the subversion-book:
> """
> Other options can be listed with svnadmin help. As opposed to CVS,
> subversion is not based on RCS, but rather on the Berkeley Database.
> Make sure not to install a repository on remo
On Fri, 2005-05-06 at 21:40 -0500, Michael Norwick wrote:
> >I'm toying with the idea of an AFS-to-{SMB,NFS,AppleShare,FTP,SFS}
> >translator as part of my project to implement an extremely minimal afs
> >client/fileserver in Java. The idea is to make it easier to
> >experiment with AFS hacks by t
1 - 100 of 112 matches
Mail list logo