jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-31 13:38:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

STABLE14-man-page-updates-20070726

Browse Source 
FIXES 65988

Mention aklog and kinit in klog's man page, add -dynroot to the afsd man
page, and mention that -skipauth tells uss not to create any Kerberos
principal and this has to be done separately.


(cherry picked from commit 2367c273bbfd3cbecc72b770ede579e60da153e2)
This commit is contained in:
Jason Edgecombe 2007-07-27 19:02:03 +00:00 committed by Russ Allbery
parent 10911ec44e
commit 13232f0064
3 changed files with 42 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
doc/man-pages/pod1/klog.pod
View File

@ -49,8 +49,12 @@ token per cell per connection to the client machine. If the user's
credential structure already contains a token for the requested cell, the credential structure already contains a token for the requested cell, the
token resulting from this command replaces it. token resulting from this command replaces it.
Sites that employ standard Kerberos authentication instead of the AFS Sites that employ Kerberos authentication instead of the AFS
Authentication Server must use the Kerberos version of this command, Authentication Server should normally use the combination of B<kinit> and
B<aklog> instead of B<klog>.
Sites using Kerberos v4 authentication (perhaps with the AFS
Authentication Server) must use the Kerberos version of this command,
B<klog.krb>, on all client machines. It automatically places the issuer's B<klog.krb>, on all client machines. It automatically places the issuer's
Kerberos tickets in the file named by the KRBTKFILE environment variable, Kerberos tickets in the file named by the KRBTKFILE environment variable,
which the B<pagsh.krb> command defines automatically as F</tmp/tktpI<X>> which the B<pagsh.krb> command defines automatically as F</tmp/tktpI<X>>

32
doc/man-pages/pod8/afsd.pod
View File

@ -23,7 +23,7 @@ B<afsd> S<<< [B<-blocks> <I<1024 byte blocks in cache>>] >>>
S<<< [B<-confdir> <I<configuration directory>>] >>> S<<< [B<-confdir> <I<configuration directory>>] >>>
S<<< [B<-logfile> <I<Place to keep the CM log>>] >>> S<<< [B<-logfile> <I<Place to keep the CM log>>] >>>
[B<-waitclose>] [B<-shutdown>] [B<-enable_peer_stats>] [B<-waitclose>] [B<-shutdown>] [B<-enable_peer_stats>]
[B<-enable_process_stats>] [B<-help>] [B<-enable_process_stats>] [B<-dynroot>] [B<-help>]
=for html =for html
</div> </div>
@ -530,6 +530,36 @@ GetStatus, and so on) sent or received, aggregated over all connections to
other machines. To display or otherwise access the records, use the Rx other machines. To display or otherwise access the records, use the Rx
Monitoring API. Monitoring API.
=item B<-dynroot>
The standard behaviour of the AFS client without the B<-dynroot> option is
to mount the root.afs volume from the default cell on the F</afs> path. The
F</afs> folder and root.afs volume traditionally shows the folders for
F<ThisCell> and other cells as configured by the AFS cell administrator.
The B<-dynroot> option changes this. Using this option, the AFS client does
NOT mount the root.afs volume on F</afs>. Instead it uses the contents of
the F<CellServDB> file to populate the listing of cells in F</afs>. This
is known as a DYNamic ROOT. A cell is not contacted until the path
F</afs/I<cellname>> if accessed. This functions similarly to an automounter.
The main advantage of using B<-dynroot> is that the AFS client will
start properly even without network access, whereas the client not using
B<-dynroot> will freeze upon startup if cannot contact the default cell
specified in F<ThisCell> and mount the root.afs volume. Dynamic root mode
is also sometimes called travelling mode because it works well for laptops
which don't always have network connectivity.
Two advantages of not using dynroot are that listing F</afs> will usually
be faster because the contents of F</afs> are limited to what the AFS
administrator decides and that symbolic links are traditionally created
by the AFS administrator to provide a short name for the cell (i.e.
cellname.domain.com is aliased to cellname). However, with dynroot, the
local system administrator can limit the default contents of F</afs> by
installing a stripped-down F<CellServDB> file, and if dynroot is in effect,
the F<CellAlias> file can be used to provide shortname for common AFS cells
which provides equivalent functionality to the most commonly used symbolic
links.
=item B<-help> =item B<-help>
Prints the online help for this command. All other valid options are Prints the online help for this command. All other valid options are

8
doc/man-pages/pod8/uss.pod
View File

@ -89,9 +89,11 @@ prints the help message.
=item B<-skipauth> =item B<-skipauth>
Bypasses mutual authentication with the AFS Authentication Server, Bypasses mutual authentication with the AFS Authentication Server, allowing
allowing a site that uses Kerberos instead of the AFS Authentication a site that uses Kerberos instead of the AFS Authentication Server to
Server to substitute that form of authentication. substitute that form of authentication. If this option is given, B<uss> does
not create or manipulate Kerberos principals. A Kerberos principal must be
created separately from the B<uss add> command.
=back =back