diff --git a/NEWS b/NEWS new file mode 100644 index 0000000000..85a61c748b --- /dev/null +++ b/NEWS @@ -0,0 +1,131 @@ +Openafs News -- history of user Visible changes. 11 July 2001 + +* Changes since Openafs 1.0 + +** AFS now builds with configure. The README for building has been + updated and includes full details. + +** A client system can now have multiple sysname values for @sys. + They will be searched in order when looking up files in AFS. The + -newsysname argument to fs sysname can be repeated to set multiple + sysnames. + +** A new system group is created for new cells (system:ptsviewers + with id -203). If this group exists, members of this group can + examine and read the entire protection database. They can examine + all users and groups and can get the membership of any group. + +** A new program, pt_util has been added to the distribution. This + program allows users to print the contents of the protection + database or to edit the protection database without running a + ptserver. It can be used to set up a new cell without ever running + in noauth mode. Run pt_util -h for help. + +** The fs setcrypt and fs getcrypt commands have been added. These + commands allow the system administrator to require that the client + encrypt all authenticated traffic between the client workstation + and AFS. The encryption used is weak, but is likely better than + sending unencrypted traffic in most environments. Some functions, + such as looking for a volume may not be encrypted, but data + transfer certainly is. By default data is not encrypted. At this + time no significant experimentation with server performance has + been conducted. + +** By default AFS is compiled with AFS_AFSDB_ENV, enabling the -afsdb + option to be given to afsd on startup. If this option is used, then new + cells will be looked up using AFSDB records stored in DNS if they + are not found in CellServDB. This means that users can create + cross-cell mountpoints in directories they control to access cells + not in root.afs, and that cells in root.afs need not be in the + client's CellServDB. + +** AFS database servers can be marked as read-only clones. Surround + the hostname in square brackets on the bos addhost command and the + database server will never be elected sync site. This is useful + for cells distributed over a wide region. + +** The AFS servers now support the -syslog flag. This flag causes + them to log to syslog rather than to files. This flag is not + supported on NT. For all servers besides the salvager, the flag can + also be specified as -syslog=facility, where facility is an integer + facility code from syslog.h. A -syslogfacility option is provided for + the salvager to accomplish the same goal. + +** If the --enable-fast-restart flag is given when configuring AFS, + then the salvager supports the -dontsalvage flag which causes it to + exit without salvaging any volumes. If this is configured into the + third command of a fs process, then the fileserver will start without + salvaging. It will fail to attach volumes that need salvaging and they + can be salvaged manually. This provides significantly better server + startup performance at the cost of administrative complexity. + +** If the --enable-bitmap-later flag is given when configuring AFS, + then the fileserver creates bitmaps for free vnodes on demand, allowing + faster starts. + +** If bosserver finds a BosConfig.new file at startup, it reads this + file and renames it to BosConfig. This allows bosserver to be + reconfigured at next restart. + +** The bosserver can be placed in a restricted mode in + which AFS superusers are only granted limited access to the server + host. The following functionality is disabled when restricted mode is in + use: + + bos exec + bos getlog (except for files with no '/'s in their name)* + bos create * + bos delete + bos install + bos uninstall + + specific exceptions are made for functionality that "bos salvage" + uses: + + a cron bnode who's name is "salvage-tmp", time is now, and command + begins with "/usr/afs/bin/salvager" may be created. This bnode + deletes itself when complete, so no special "delete" support is needed. + This functionality may be removed in the future if a "Salvage" RPC is + implimented. + + The file with the exact path /usr/afs/logs/SalvageLog may be fetched, + since that is how bos salvage [...] -showlog is implimented. + + Restricted mode is enabled using a new bos command (bos setrestricted) + or bossever command line switch (bosserver -restricted). Restricted + mode can be disabled by a) sending the bosserver process a SIGFPE (which + will then allow restricted operations until the next restart or + setrestricted command) or b) editing /usr/afs/local/BosConfig + (or BosConfig.new), and restarting the bosserver. + +** The bos UserList of trusted administrators can now contain + cross-realm Kerberos principals. + +** udebug now takes --server not --servers. + +** Several error messages have been improved to include volume + numbers. + +** Several new ports have been included for UNIX platforms: Darwin + (ppc_darwin_12 and ppc_darwin_13), Linux 2.4 (i386_linux24), Linux on + the Powerpc (ppc_linux22 and ppc_linux24), Linux on the Sparc + (sparc_linux22, sparc64_linux22 and sparc64_linux24) . + +** Incomplete FreeBSD and Alpha Linux ports are included. The + FreeBSD port has a working server and the Alpha Linux port has a + partially working client. + +** A native client for Windows 95/98/ME has been added to the distribution. + With this program, a gateway machine is no longer required for Windows 9x + to access AFS files. One drive letter will be created on your machine by + default - Z:. The Z: drive will be the root of the AFS tree, allowing you + to browse all sites that have AFS servers available. Additional drive + letters can be defined for other AFS directories. A Windows Explorer + shell extension is included that allows you to right click on items + within an AFS tree to bring up an "AFS" menu item and perform various + operations on a file or directory. The most useful item is "Access + Control Lists", which allows you to view and edit the permissions of a + particular directory. Command line tools are also available in the + install directory. These commands include klog, unlog, tokens, kpasswd, + symlink, fs and pts. The installable includes a readme file that contains + more information on how to use the client program and known issues.