jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-18 06:50:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

correct whitespace errors in readme files

Browse Source 
Fix the trailing whitespace and leading spaces
before tabs in the readme files.

Change-Id: If20e528ddb28f82e4d3d1b1f03dec8670f914afc
Reviewed-on: http://gerrit.openafs.org/8877
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
This commit is contained in:
Michael Meffie 2013-01-05 13:37:51 -05:00 committed by Jeffrey Altman
parent 5138c07abd
commit 8a17568fb4
19 changed files with 376 additions and 376 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
README
View File

@ -27,7 +27,7 @@ A Configuring
source in, you will only have an src/ directory.
1. Pick a system to build for, and note its default AFS sys_name.
A directory will be automatically created for binaries to be written
A directory will be automatically created for binaries to be written
into with this name when you build.
alpha_dux40, alpha_dux50, alpha_dux51 (client does not work)
@ -144,18 +144,18 @@ A Configuring
B Building
1. Now, you can build OpenAFS.
1. Now, you can build OpenAFS.
% make
2. Install your build using either "make install" to install
2. Install your build using either "make install" to install
into the current system (you will need to be root, and files
will be placed as appropriate for Transarc or standard paths),
"make install DESTDIR=/some/path" to install into an alternate
"make install DESTDIR=/some/path" to install into an alternate
directory tree, or if you configured with --enable-transarc-paths
make dest to create a complete binary tree in the dest directory
make dest to create a complete binary tree in the dest directory
under the directory named for the sys_name you built for,
e.g. sun4x_57/dest or i386_linux22/dest
e.g. sun4x_57/dest or i386_linux22/dest
3. As appropriate you can clean up or, if you're using Linux, build for
another kernel version.
@ -167,7 +167,7 @@ B Building
C Problems
If you have a problem building this source, you may want to visit
http://www.openafs.org/ to see if any problems have been reported
http://www.openafs.org/ to see if any problems have been reported
or to find out how to get more help.
Mailing lists have been set up to help; More details can be found
@ -199,7 +199,7 @@ D Linux Notes
% ./configure --with-afs-sysname=<sysname> \
--with-linux-kernel-headers=/usr/src/linux-2.2.19-i686
% make
% make
Your build tree will now include an additional kernel module for your
additional kernel headers. Be aware that if the kernel version string
@ -245,9 +245,9 @@ G FreeBSD Notes
You also need access to your kernel build directory for the opt_global.h
include file. Use the --with-bsd-kernel-build= configure option if your
kernel build is not GENERIC in the standard place. If
/usr/src/sys/${CPUARCH}/compile/GENERIC does not point to
/usr/obj/usr/src/sys/GENERIC you may need to resolve that and retry the
kernel build is not GENERIC in the standard place. If
/usr/src/sys/${CPUARCH}/compile/GENERIC does not point to
/usr/obj/usr/src/sys/GENERIC you may need to resolve that and retry the
build.
There is no server package, but I am told that "make install" will put

56
README-WINDOWS
View File

@ -2,10 +2,10 @@ This software has been released under the terms of the IBM Public
License. For details, see the LICENSE file in the top-level source
directory or on-line at http://www.openafs.org/dl/license10.html
The document now provides a step by step procedure that takes the user
from a basic Windows 2000/XP/2003/Vista/2008 workstation to an OpenAFS
development environment. Details are provided so that a 'beginning'
windows developer can build an OpenAFS installable package for Windows
The document now provides a step by step procedure that takes the user
from a basic Windows 2000/XP/2003/Vista/2008 workstation to an OpenAFS
development environment. Details are provided so that a 'beginning'
windows developer can build an OpenAFS installable package for Windows
2000/XP/2003/Vista/2008.
NOTE 1:
@ -24,7 +24,7 @@ can be one of:
* Windows XP
* Windows XP SP2
* Windows 2003
* Windows 2003
* Windows 2003 SP1
* Windows XP 64
* Windows 2003 64
@ -34,7 +34,7 @@ can be one of:
* Windows 7 (32 or 64)
* Windows 2008 R2 (64)
The build process is controlled by a nmake file that generates the
The build process is controlled by a nmake file that generates the
necessary binaries and binds them into an install package.
The following steps describe how to configure the development environment:
@ -51,9 +51,9 @@ The following steps describe how to configure the development environment:
J. Build Wix MSI Install Package
K. Final Results
L. Optional Items
The Microsoft development tools require anywhere from 660 MB to 1.8GB
of storage depending on which compilers are selected. The following
of storage depending on which compilers are selected. The following
versions are supported:
Microsoft Visual Studio .NET 2005
@ -72,7 +72,7 @@ One of the following Microsoft DDK/WDK is required:
Microsoft Windows Driver Kit 7600
NOTE: Not all combinations of Visual Studio, SDK, and DDK/WDK are
NOTE: Not all combinations of Visual Studio, SDK, and DDK/WDK are
known to work. OpenAFS for Windows is packaged by Secure Endpoints Inc.
using the following configurations:
@ -112,14 +112,14 @@ Doxygen is required for Developer Documentation generation
http://www.stack.nl/~dimitri/doxygen/
The NSIS installer requires about 14 MB of storage. The following
The NSIS installer requires about 14 MB of storage. The following
version is supported:
Nullsoft Scriptable Installation System 2.44
http://sourceforge.net/project/showfiles.php?group_id=22049&package_id=15374
(Be sure to use the strlen 8192 binaries)
The WiX installer requires about 18 MB of storage. The following
The WiX installer requires about 18 MB of storage. The following
version is supported:
Wix 2.0.5325.0
@ -152,11 +152,11 @@ You will need an unzip utility that can expand compressed tar files.
For example "Pkzip for Windows" from Pkware will uncompress tar files.
(http://www.pkware.com/)
Expand the downloaded tar files into target directory (c:\OpenAFS),
Expand the downloaded tar files into target directory (c:\OpenAFS),
the unzip routine will expand the source into a subdirectory tree:
c:\OpenAFS\OpenAFS-1.5.61\
c:\OpenAFS\OpenAFS-1.5.61\
Copy the files 'NTMakefile' and 'ntbuild.bat' from the 'src'
Copy the files 'NTMakefile' and 'ntbuild.bat' from the 'src'
subdirectory to the OpenAFS base directory (aka %AFSROOT%):
From a DOS command prompt window, enter the following copy commands:
@ -174,7 +174,7 @@ The OpenAFS base directory should look something like the following:
STEP B. Install compiler and development tools.
Install a copy of Microsoft Visual Studio .NET, Visual Studio .NET 2003,
Install a copy of Microsoft Visual Studio .NET, Visual Studio .NET 2003,
or Visual Studio .NET 2005. Visual Studio 2008 can be used to produce
builds but the resulting binaries cannot be used on Windows 2000.
@ -191,7 +191,7 @@ STEP C. Install SDK header files.
Files from Microsoft's Platform SDK for Windows Server 2003 SP1 are
required to complete a build on Windows 2000/XP/2003. At a minimum the
following components are known to be required:
following components are known to be required:
* Core
* Data Access
@ -226,11 +226,11 @@ These files come from the following Microsoft DDKs/SDKs:
STEP D. Configure NTBUILD.BAT.
The NTBUILD.BAT file copied to the OpenAFS base directory must be
The NTBUILD.BAT file copied to the OpenAFS base directory must be
customized for use on your development system. The provided NTBUILD.BAT
was developed for use with Visual Studio 2003 and the Windows Server 2003
Platform SDK. It requires significant modification to construct a build
environment for use with other tools.
environment for use with other tools.
The following variables must be defined to match your configuration:
@ -267,9 +267,9 @@ The following variables must be defined to match your configuration:
MSVCVer: Set to 8.0 if using Visual Studio 8
CODESIGN_DESC: Product Name
CODESIGN_TIMESTAMP: Time Stamp Service for Code Signing Certificate
CODESIGN_URL: Support URL Displayed to End Users
CODESIGN_CROSS_CERT: Path to Microsoft Cross Signing Certificate
@ -292,7 +292,7 @@ as appropriate:
AFSPRODUCT_VER_PATCH - Version Patch Number
AFSPRODUCT_VER_BUILD - Version Build Number
CELLSERVDB_INSTALL - The default file name for the CellServDB
included in the install Package.
included in the install Package.
CELLNAME_DEFAULT - The default home cell name.
CELLSERVDB_WEB - The default web address to obtain CellServDB
@ -313,7 +313,7 @@ one that can be downloaded from the web (CELLSERVDB_WEB).
IMPORTANT: When building your own binaries, you must set the AFSPRODUCT_VER_BUILD
value to a number greater than 1023. All values 0 to 1023 are reserved for use
by official OpenAFS.org releases. A failure to do so will result in Windows
by official OpenAFS.org releases. A failure to do so will result in Windows
Crash Reports for your binaries being delivered to OpenAFS.org for analysis.
@ -350,7 +350,7 @@ STEP F. Begin the build
While the build is running you will see many compile warnings. This
behavior is normal; the build process is successful as long as the build
process doesn't terminate with an error ("nmake.exe return code 0x2")
and it displays 'Build Finished Successfully'. Note that although the
and it displays 'Build Finished Successfully'. Note that although the
the build target is "install", it does not install OpenAFS.
(5) Before rebuilding you must clean the work area:
@ -365,10 +365,10 @@ Download the Nullsoft Scriptable Installation System (NSIS) 2.44 from
http://nsis.sourceforge.net/home/
Run the nsis-2.33.exe installer and install to "C:\Program Files\NSIS".
Then download the large strings build zip file and replace the installed
files with the versions from the zip file. These versions increase
the maximum string length from 1024 characters to 8192 characters.
This is necessary for installation on systems with long PATH environment
Then download the large strings build zip file and replace the installed
files with the versions from the zip file. These versions increase
the maximum string length from 1024 characters to 8192 characters.
This is necessary for installation on systems with long PATH environment
strings.
Note: The NSIS installer can only be used to produce 32-bit installers.
@ -382,7 +382,7 @@ From the %AFSROOT% directory execute:
STEP I. Install Wix MSI Installer
Download the Wix 2.0.5325.0 installer from
Download the Wix 2.0.5325.0 installer from
http://prdownloads.sourceforge.net/wix/sources-2.0.5325.0.zip

10
README.DEVEL
View File

@ -34,7 +34,7 @@ Format of the prototype files should look like:
#ifndef AFS_SRC_DDD_PROTO_H
#define AFS_SRC_DDD_PROTO_H
/* filename.c */
prototypes
@ -47,10 +47,10 @@ In most of the existing prototypes, the define is DDD_PROTOTYPES_H, which is
probably ok as well.
The declaration of the routines should be done in ANSI style. If at some
later date, it is determined that prototypes don't work on some platform
later date, it is determined that prototypes don't work on some platform
properly, we can use ansi2knr during the compile.
rettype
rettype
routine(argtype arg)
{
@ -62,13 +62,13 @@ and should have (void) if no arguments are taken.
Header files should not contain macros or other definitions unless they
are used across multiple source files.
All routines should be declared static if they are not used outside that
All routines should be declared static if they are not used outside that
source file.
Compiles on gcc-using machines should strive to handle using
-Wstrict-prototypes -Werror. (this may take a while)
Routines shall be defined in source prior to use if possible, and
Routines shall be defined in source prior to use if possible, and
prototyped in block at top of file if static.
API documentation in the code should be done using Qt-style Doxygen

8
README.WARNINGS
View File

@ -6,7 +6,7 @@ to reduce the number of warnings in the OpenAFS tree. In an attempt to
prevent warnings from creeping back in, we now have the ability to break the
build when new warnings appear.
This is only available for systems with gcc 4.2 or later, and is disabled
This is only available for systems with gcc 4.2 or later, and is disabled
unless the --enable-checking option is supplied to configure. Because we
can't remove all of the warnings, we permit file by file (and warning by
warning) disabling of specific warnings. The --enable-checking=all prevents
@ -21,15 +21,15 @@ disabled in an number of ways.
You can disable a single warning type in a particular file by using GCC
pragmas. If a warning can be disabled with a pragma, then the switch to use
will be listed in the error message you receive from the compiler. Pragmas
should be wrapped in IGNORE_SOME_GCC_WARNINGS, so that they aren't used
should be wrapped in IGNORE_SOME_GCC_WARNINGS, so that they aren't used
with non-gcc compilers, and can be disabled if desired. For example:
#ifdef IGNORE_SOME_GCC_WARNINGS
# pragma GCC diagnostic warning "-Wold-style-definition"
#endif
If a pragma isn't available for your particular warning, you will need to
If a pragma isn't available for your particular warning, you will need to
disable all warnings for the file in question. You can do this by supplying
the autoconf macro @CFLAGS_NOERROR@ in the build options for the file. For
the autoconf macro @CFLAGS_NOERROR@ in the build options for the file. For
example:
lex.yy.o : lex.yy.c y.tab.c
${CC} -c ${CFLAGS} @CFLAGS_NOERROR@ lex.yy.c

4
doc/txt/README.linux-nfstrans
View File

@ -130,7 +130,7 @@ AFS-specific operations via the remote system call interface (rmtsys).
To enable this feature, afsd must be run with the -rmtsys switch. OpenAFS
client utilities will use this feature automatically if the AFSSERVER
environment variable is set to the address or hostname of the translator
system, or if the file ~/.AFSSERVER or /.AFSSERVER exists and contains the
system, or if the file ~/.AFSSERVER or /.AFSSERVER exists and contains the
translator's address or hostname.
On systems running the client PAG manager (afspag.ko), AFS system calls
@ -176,7 +176,7 @@ NFS translator.
## Dynamic Mount Points
This patch introduces a special directory ".:mount", which can be found
This patch introduces a special directory ".:mount", which can be found
directly below the AFS root directory. This directory always appears to
be empty, but any name of the form "cell:volume" will resolve to a mount
point for the specified volume. The resulting mount points are always

76
src/JAVA/libjafs/README
View File

@ -30,8 +30,8 @@ Current as of June 4, 2003
JAFS is an open source API designed to allow Java programmers the ability
to create applications for the administration or use of OpenAFS file systems.
It works by accessing libadmin and libuafs (administrative and user-level
libraries that come with OpenAFS) through JNI. It consists of a Java package
It works by accessing libadmin and libuafs (administrative and user-level
libraries that come with OpenAFS) through JNI. It consists of a Java package
called org.openafs.jafs, and two shared libraries libjafsadm.so and libjafs.so.
---------------------------------------------------------------------------
@ -40,16 +40,16 @@ called org.openafs.jafs, and two shared libraries libjafsadm.so and libjafs.so.
*
---------------------------------------------------------------------------
There is a version of JAFS that has been compiled on Red Hat Linux 7.3,
There is a version of JAFS that has been compiled on Red Hat Linux 7.3,
and can be directly used without compilation. It was compiled using
OpenAFS 1.2.10a libraries (with a modified version of libjuafs.a). It
consists of a JAR file (jafs-1.2.10a.jar) and two shared libraries
(libjafsadm.so and libjafs.so). It was compiled using the
--enable-transarc-paths on compilation (for use with the OpenAFS RPMs),
OpenAFS 1.2.10a libraries (with a modified version of libjuafs.a). It
consists of a JAR file (jafs-1.2.10a.jar) and two shared libraries
(libjafsadm.so and libjafs.so). It was compiled using the
--enable-transarc-paths on compilation (for use with the OpenAFS RPMs),
gcc 2.96, and Java Classic VM version 1.4.1_02.
When you write Java code to use this API, import the
org.openafs.jafs package. During compilation of your Java code,
org.openafs.jafs package. During compilation of your Java code,
ensure one of the following conditions are met:
- Use the "-classpath" option to javac to specify the jafs.jar file.
- Change your $CLASSPATH environment variable to include the
@ -58,14 +58,14 @@ ensure one of the following conditions are met:
When running an application that uses JAFS, the shared libraries
need to be found by Java's library loader. The easiest way to
accomplish this is to copy these files into the /usr/local/lib/ directory,
or create symbolic links from that directory to the files. Alternatively,
or create symbolic links from that directory to the files. Alternatively,
the directory containing the libraries can also be added to the
LD_LIBRARY_PATH environment variable.
You also need to have an OpenAFS client set up on your machine
(preferably version 1.2.10a, but it should work for some past versions as well).
You can obtain the OpenAFS client and view installation documentation at
http://www.openafs.org (the RPMs are easiest to use for Linux). Also any
You can obtain the OpenAFS client and view installation documentation at
http://www.openafs.org (the RPMs are easiest to use for Linux). Also any
cells you plan to access through the API must have entries in your
client's CellServDB file (located in the /usr/vice/etc/ directory in most
setups).
@ -90,8 +90,8 @@ the JAFS API.
for the source you download:
** APPLY THE APPROPRIATE PATCH
You can apply the appropriate JAFS patch with the following command,
executed from the root directory of the download code
You can apply the appropriate JAFS patch with the following command,
executed from the root directory of the download code
(i.e. openafs-1.2.10a/):
patch -p1 < xxx.diff
@ -102,15 +102,15 @@ the JAFS API.
OpenAFS 1.2.7 Source (openafs-1.2.7-src.tar.gz)
OpenAFS 1.2.8 Source (openafs-1.2.8-src.tar.gz)
jafs-1.2.6-8.diff
jafs-1.2.6-8.diff
* OpenAFS 1.2.9 Source (openafs-1.2.9-src.tar.gz)
jafs-1.2.9.diff
jafs-1.2.9.diff
* OpenAFS 1.2.10a Source (openafs-1.2.10a-src.tar.gz)
jafs-1.2.10a.diff
jafs-1.2.10a.diff
* Daily Snapshot / CVS (example: openafs-snap-2003-05-21.tar.gz)
@ -118,21 +118,21 @@ the JAFS API.
** RUN CONFIGURE
From the same directory, run the configure script as you normally would
From the same directory, run the configure script as you normally would
to compile OpenAFS, but run it with a java-home argument so the script can
find your java distribution. For example:
./configure [other options] --java-home=/usr/java/jdk
NOTE: If the configure script is not within the root source directory,
then you will need to first run ./regen.sh to generate the
then you will need to first run ./regen.sh to generate the
configure script. In this case you will need to manually
modify the JAFS Makefile by setting the JAVA_HOME variable
to your local system's JAVA_HOME. (i.e. /usr/java/jdk)
The configure script will ensure that this directory contains bin/ and lib/
subdirectories, and that there are /bin/javac and/bin/javah executables and
an include/jni.h file. If you don't supply a command line argument for the
The configure script will ensure that this directory contains bin/ and lib/
subdirectories, and that there are /bin/javac and/bin/javah executables and
an include/jni.h file. If you don't supply a command line argument for the
java home, the script will look for it in environment variables: first in
$JAVA_HOME and then in $JDK_HOME. Also, note that if you have installed
(or are planning to install) OpenAFS by using the RPMs for Linux, you
@ -143,10 +143,10 @@ the JAFS API.
** RUN MAKE
Finally, do a full build of OpenAFS by executing 'make' in the current
directory. After it finishes, you are ready to compile JAFS. Execute
'make jafs' from that same directory. Afterward, there will be
libjafsadm.so and libjafs.so in the lib/ directory, and a jafs.jar in the
jlib/ directory. These can be used according to the instructions in the
'USE' section of this document.
'make jafs' from that same directory. Afterward, there will be
libjafsadm.so and libjafs.so in the lib/ directory, and a jafs.jar in the
jlib/ directory. These can be used according to the instructions in the
'USE' section of this document.
For additional make options, please refer to the next section "MAKE OPTIONS"
@ -157,7 +157,7 @@ the JAFS API.
*
---------------------------------------------------------------------------
Additional make options are available by running 'make' from the
Additional make options are available by running 'make' from the
src/JAVA/libjafs directory; they are as follows:
make - Perform a full make of all Java classes, jar archive, and JNI
@ -171,14 +171,14 @@ make clean_jar - Delete the Java archive library (jlib/jafs.jar)
make clean_libs - Delete both JNI shared libraries (lib/libjafs.so and
lib/libjafsadm.so)
make install - Performs a full make of all components and then installs all
necessary components to your local system. This option
prepares the required '/usr/afswsp/' directory for use by
necessary components to your local system. This option
prepares the required '/usr/afswsp/' directory for use by
the native library.
make javadocs - Generate Java API documents (in javadoc format). Docs are
saved to src/JAVA/javadocs
make jar - Builds the Java archive library (containing all Java classes)
make libjafs - Builds the user-space library (used for ACL and file access)
make libjafsadm - Builds the administrative library (used for all admin related
make libjafsadm - Builds the administrative library (used for all admin related
functions)
---------------------------------------------------------------------------
@ -194,9 +194,9 @@ src/JAVA/libjafs:
'buildinfo.pl', and a subdirectory 'etc'.
acltest.c - A test program that allows testing of the native libraries
ACL calls without going through Java.
ACL calls without going through Java.
*Usage information for this program is available by simply
*Usage information for this program is available by simply
invoking './acltest' without any parameters.
buildinfo.pl - A perl script that automatically updates the build information
@ -205,23 +205,23 @@ src/JAVA/libjafs:
the native libraries (found in VersionInfo.h). It may also
be used to programatically query for build information.
*Usage information for this program is available by simply
*Usage information for this program is available by simply
invoking 'perl buildinfo.pl' without any parameters.
etc/ - A directory containing user-space configuration files. These
files are used for user-space initialization and cache
etc/ - A directory containing user-space configuration files. These
files are used for user-space initialization and cache
configuration and are copied to '/usr/afswsp/etc' if a
'make install' is issued.
src/JAVA/classes:
Within the src/JAVA/classes directory you will find the root of the Java
Within the src/JAVA/classes directory you will find the root of the Java
package, the error message catalog file, and a test program:
*.java - Java classes that comprise the test program.
adminTest - A script that invokes the Java console-based test program.
This program can be used to exercise all major API calls
This program can be used to exercise all major API calls
from Java, thus testing JNI libraries as well as Java code.
*Usage information for this program is available via its
@ -253,7 +253,7 @@ src/JAVA/javadocs:
---------------------------------------------------------------------------
If you'd like to edit the source code, you'll find the native C code in
the src/JAVA/libjafs directory, and the Java code in the
src/JAVA/classes/org/openafs/jafs/ directory. Please reference the
the src/JAVA/libjafs directory, and the Java code in the
src/JAVA/classes/org/openafs/jafs/ directory. Please reference the
src/TechNotes-JavaAPI document for more information.

72
src/afsweb/README
View File

@ -12,68 +12,68 @@ Release Notes
I. Introduction
The AFS Web Security Pack is an extension available for selected Web servers
that enables system administrators to provide secure access via a
Web browser to documents stored in the AFS filespace. This document
The AFS Web Security Pack is an extension available for selected Web servers
that enables system administrators to provide secure access via a
Web browser to documents stored in the AFS filespace. This document
provides information specific to this release of the AFS Web Security Pack.
Note: Due the long filenames and file extensions used for the AFS Web
Secure distribution files, download of the AFS Web Secure product to
a PC sometimes results in incorrect filenames. Note that all AFS Web
Secure distribution files are g-zipped tar files, even if the *.tar.gz
file extension is lost during the download process.
Note: Due the long filenames and file extensions used for the AFS Web
Secure distribution files, download of the AFS Web Secure product to
a PC sometimes results in incorrect filenames. Note that all AFS Web
Secure distribution files are g-zipped tar files, even if the *.tar.gz
file extension is lost during the download process.
II. Installation Prerequisites
Note: If you have installed a previous version of the AFS Web Security Pack,
you must first remove the previous version, including any modifications made
to your Apache Web server configuration and runtime configuration files
Note: If you have installed a previous version of the AFS Web Security Pack,
you must first remove the previous version, including any modifications made
to your Apache Web server configuration and runtime configuration files
before installing this version of the product.
Your system must meet the following software and disk space requirements
Your system must meet the following software and disk space requirements
to install this version of the AFS Web Security Pack.
Operating system: Solaris 2.5.1, AIX 4.2x, AIX 4.3, or AIX 4.3.1
Web server: Apache 1.2.6 or Apache 1.3.1
AFS (client): AFS Client 3.4a
Disk Space: 650 KB
Operating system: Solaris 2.5.1, AIX 4.2x, AIX 4.3, or AIX 4.3.1
Web server: Apache 1.2.6 or Apache 1.3.1
AFS (client): AFS Client 3.4a
Disk Space: 650 KB
Note: Due to security considerations, OpenAFS strongly recommends that the
AFS Web Security Pack be used only on a server enabled with Secure Sockets
AFS Web Security Pack be used only on a server enabled with Secure Sockets
Layer (SSL).
IV. Known Defects and Limitations
IV. Known Defects and Limitations
* Due to a preexisting problem in the AFS UNIX product, the Apache
server Fancy Indexing option does not function as expected when AFS
directories are displayed. If the Fancy Indexing option is enabled
on the Apache server, when a user initially browses an ACL-protected
directory (with "system:anyuser l" access), the user is able to see
file details for directories and links, but not for files. Once the
user selects a file and enters a username and password, details for
* Due to a preexisting problem in the AFS UNIX product, the Apache
server Fancy Indexing option does not function as expected when AFS
directories are displayed. If the Fancy Indexing option is enabled
on the Apache server, when a user initially browses an ACL-protected
directory (with "system:anyuser l" access), the user is able to see
file details for directories and links, but not for files. Once the
user selects a file and enters a username and password, details for
the files are then displayed. This problem is not caused by the AFS Web
Security Pack or the Apache server, but is due to a defect in the UNIX-based
AFS code. We are working to address this problem and will make an
announcement when a corrected version is available. In the interim,
Security Pack or the Apache server, but is due to a defect in the UNIX-based
AFS code. We are working to address this problem and will make an
announcement when a corrected version is available. In the interim,
please be aware of this limitation as you use the AFS Web Security Pack.
*If the AFS Web Security Pack is used on the Apache server version 1.3.1, user
*If the AFS Web Security Pack is used on the Apache server version 1.3.1, user
directories cannot be directly accessed through the use of a special character
such as a tilde (~) despite use of the Apache server User Directory directive.
such as a tilde (~) despite use of the Apache server User Directory directive.
VII. AFS Web Security Pack Documentation
Postscript and HTML versions of the documentation for the AFS Web Security
Pack are available in the doc directory.
Pack are available in the doc directory.
VIII. Additional Information about Apache and SSL
The following sites on the World Wide Web provide additional information
The following sites on the World Wide Web provide additional information
about the Apache Web Server and SSL.
* Apache Home Page http://www.apache.org
* Stronghold Home http://www.c2.net
* Stronghold International http://www.int.c2.net
* Apache-SSL Home http://www.apache-ssl.org
* Apache Home Page http://www.apache.org
* Stronghold Home http://www.c2.net
* Stronghold International http://www.int.c2.net
* Apache-SSL Home http://www.apache-ssl.org
* SSLeay FAQ http://www.psy.uq.edu.au:8080/~ftp/Crypto/

36
src/afsweb/README.BETA1
View File

@ -5,14 +5,14 @@ This software has been released under the terms of the IBM Public
License. For details, see the LICENSE file in the top-level source
directory or online at http://www.openafs.org/dl/license10.html
Installation instructions for Apache AFS Web Secure
Installation instructions for Apache AFS Web Secure
(Version 1 for Apache version 1.2.6)
Prerequisites:-
Ensure the following files exist:-
- weblog
- weblog
- weblog_starter
- libapacheafs.a
- mod_afs.c
@ -21,16 +21,16 @@ In addition to these you should know the location of the AFS library
libsys.a
The mod_afs.c file should be in the apache src directory with all the other
The mod_afs.c file should be in the apache src directory with all the other
module files. weblog and weblog_starter should be in the same directory - this
could be any directory (preferably outside AFS - if it is in AFS then
could be any directory (preferably outside AFS - if it is in AFS then
system:anyuser should have the appropriate ACL on that directory).
Editing the following files in the apache src and conf directories:-
1. Configuration (or the current Configuration file)
EXTRA_LIBS= <whatever you had here before> libapacheafs.a libsys.a
EXTRA_LIBS= <whatever you had here before> libapacheafs.a libsys.a
NOTE - specify the full path of these libraries - libsys.a is probably
in /usr/afsws/lib/afs/libsys.a and you can put libapacheafs.a wherever you
@ -46,7 +46,7 @@ Otherwise, on startup if the initialization procedure fails, the apache
server will continue running but AFS authentication will always fail.
2. httpd.conf (or whatever configuration file the server uses on startup
with the -f flag)
with the -f flag)
NOTE: ensure that you provide the entire path for the ErrorLog and PidFile
Directives instead of attempting to have apache prepend ServerRoot.
@ -56,7 +56,7 @@ Apache Directives.
SetAFSDefaultCell [cell]
SetAFSMountpointDir [dir]
SetAFSCacheExpiration [time]
SetAFSCacheExpiration [time]
SetAFSTokenExpiration [time]
SetAFSWeblogPath [path]
SetAFSLocation [loc]
@ -72,8 +72,8 @@ AllowOverride None
NOTE:- SetAFSLocation <text> should be the same as the Location <text>
and should be a path relative to the server-document-root
NOTE: loc and dir should *NOT* be the same. There should be no symbolic link,
file or directory in the DocumentRoot directory with the same name as the loc
NOTE: loc and dir should *NOT* be the same. There should be no symbolic link,
file or directory in the DocumentRoot directory with the same name as the loc
directive.
cell: REQUIRED directive.
@ -84,14 +84,14 @@ cell: REQUIRED directive.
dir: REQUIRED directive.
Path to the directory or symbolic link relative to the server document
root directory where the AFS cell mount points are. If you want symbolic
links to be followed make sure you have the
links to be followed make sure you have the
Options FollowSymLinks
directive set.
directive set.
time: OPTIONAL directive
time: OPTIONAL directive
Seconds for AFS token cache expiration (cacheExpiration is for the local
cache and tokenExpiration is for the AFS kernel cache manager).
path: REQUIRED directive.
The full or relative (to server binary) path for weblog binary.
@ -99,23 +99,23 @@ path: REQUIRED directive.
loc: REQUIRED directive.
Some location relative to the server root
MAKE SURE THAT THERE DOESN"T ALREADY EXIST A DIRECTORY BY
THIS SAME NAME. This should be the same (case sensitive)
THIS SAME NAME. This should be the same (case sensitive)
as the argument to the Location directive. Eg. /afs
Configure and make apache and start it up with the new config file.
NOTE: Add the following to the shutdown or stopd file to shutdown the
NOTE: Add the following to the shutdown or stopd file to shutdown the
weblog_starter process BEFORE the kill -TERM for httpd.pid
kill -TERM `cat <path to httpd.pid>.afs`
Eg. if the httpd.pid file is in /local/stronghold/apache/logs/httpd.pid
Eg. if the httpd.pid file is in /local/stronghold/apache/logs/httpd.pid
then the stopd file should look something like this
kill -TERM `cat /local/stronghold/apache/logs/httpd.pid.afs`
kill -TERM `cat /local/stronghold/apache/logs/httpd.pid`
kill -TERM `cat /local/stronghold/apache/logs/httpd.pid`
POINTERS TO APACHE AND SSL:-

358
src/afsweb/README.BETA2
View File

@ -11,284 +11,284 @@ Release Notes
I. Introduction
AFS Web Security Pack is an extension available for selected Web servers
that enables system administrators to provide secure access via a
Web browser to documents stored in the AFS filespace. This document
summarizes the changes made to AFS Web Security for this release, and
provides installation and configuration instructions.
AFS Web Security Pack is an extension available for selected Web servers
that enables system administrators to provide secure access via a
Web browser to documents stored in the AFS filespace. This document
summarizes the changes made to AFS Web Security for this release, and
provides installation and configuration instructions.
Note: Due the long filenames and file extensions used for the AFS Web
Note: Due the long filenames and file extensions used for the AFS Web
Security Pack distribution files, download of the AFS Web Security Pack
product to a PC sometimes results in incorrect filenames. Note that all
AFS Web Security Pack distribution files are g-zipped tar files, even if the
*.tar.gz file extension is lost during the download process.
product to a PC sometimes results in incorrect filenames. Note that all
AFS Web Security Pack distribution files are g-zipped tar files, even if the
*.tar.gz file extension is lost during the download process.
II. Installation Prerequisites
Your system must meet the following software and disk space requirements
Your system must meet the following software and disk space requirements
to install this version of AFS Web Security Pack.
Operating system: Solaris 2.5.1, AIX 4.1, AIX 4.2, or AIX 4.2.1
Web server: Apache 1.2.6
AFS (client): AFS Client 3.4a
Disk Space: 650 KB
Operating system: Solaris 2.5.1, AIX 4.1, AIX 4.2, or AIX 4.2.1
Web server: Apache 1.2.6
AFS (client): AFS Client 3.4a
Disk Space: 650 KB
Note: Due to security considerations, OpenAFS strongly recommends that
AFS Web Security Pack be used only on a server enabled with Secure
Note: Due to security considerations, OpenAFS strongly recommends that
AFS Web Security Pack be used only on a server enabled with Secure
Sockets Layer (SSL).
III. New Features and Product Changes
The following list describes new features and changes that are included
The following list describes new features and changes that are included
in this version of AFS Web Security Pack.
* Configuration of AFS Web Security Pack is now easier and more flexible. The
AFSMountPointDir and AFSLocation directives are no longer required.
Instead, during configuration of AFS Web Security Pack, an authorization type
(AFSAuthType) of AFS is now specified. (See the Installation and Configuration
* Configuration of AFS Web Security Pack is now easier and more flexible. The
AFSMountPointDir and AFSLocation directives are no longer required.
Instead, during configuration of AFS Web Security Pack, an authorization type
(AFSAuthType) of AFS is now specified. (See the Installation and Configuration
instructions that follow for additional details.)
* The Log In dialog box that is displayed when users attempt to access
the AFS file space via a web browser can now be customized adding the
AFSLoginPrompt directive to the Apache server runtime configuration
file. (See the Installation and Configuration instructions that follow for
* The Log In dialog box that is displayed when users attempt to access
the AFS file space via a web browser can now be customized adding the
AFSLoginPrompt directive to the Apache server runtime configuration
file. (See the Installation and Configuration instructions that follow for
additional details.)
* AFS Web Security Pack now provides the ability to log attempts to
access AFS in which permission is denied. This logging can be used to
* AFS Web Security Pack now provides the ability to log attempts to
access AFS in which permission is denied. This logging can be used to
determine if users are attempting to access information that they are not
authorized to view. To configure this logging, you must add the
SetAFSAccessLog directive to the Apache server runtime configuration file.
(See the Installation and Configuration instructions that follow for
SetAFSAccessLog directive to the Apache server runtime configuration file.
(See the Installation and Configuration instructions that follow for
additional details.)
* AFS Web Security Pack now provides the ability to translate and access user
directories that are specified with a special character such as a tilde (~),
for example. http://www.yourcompany.com/~smith. To enable this feature, you
must add the User Directory directive to the Apache server runtime
configuration file. (See the Installation and Configuration instructions
* AFS Web Security Pack now provides the ability to translate and access user
directories that are specified with a special character such as a tilde (~),
for example. http://www.yourcompany.com/~smith. To enable this feature, you
must add the User Directory directive to the Apache server runtime
configuration file. (See the Installation and Configuration instructions
that follow for additional details.)
* The previous version of AFS Web Security Pack did not correctly permit
directory indexing of directories for which a user was assigned lookup
permission. In addition, the Parent Link in directory indexes did not
always work correctly. This version of AFS Web Security Pack corrects these
* The previous version of AFS Web Security Pack did not correctly permit
directory indexing of directories for which a user was assigned lookup
permission. In addition, the Parent Link in directory indexes did not
always work correctly. This version of AFS Web Security Pack corrects these
problems.
* This version of AFS Web Security Pack corrects a problem with the token cache
* This version of AFS Web Security Pack corrects a problem with the token cache
that occasionally caused access to AFS to be incorrectly denied.
* The previous version of AFS Web Security Pack did not accept AFS passwords
* The previous version of AFS Web Security Pack did not accept AFS passwords
that included a space. This version of AFS Web Security Pack corrects this problem.
* This version of AFS Web Security Pack corrects a communication (pipe) problem
that occasionally caused the message SERVER_ERROR to be returned. In
* This version of AFS Web Security Pack corrects a communication (pipe) problem
that occasionally caused the message SERVER_ERROR to be returned. In
addition, this version improves performance of AFS Web Security Pack.
IV. Known Defects and Limitations
IV. Known Defects and Limitations
* Due to a preexisting problem in the AFS UNIX product, the Apache
server Fancy Indexing option does not function as expected when AFS
directories are displayed. If the Fancy Indexing option is enabled
on the Apache server, when a user initially browses an ACL-protected
directory (with "system:anyuser l" access), the user is able to see
file details for directories and links, but not for files. Once the
user selects a file and enters a username and password, details for
the files are then displayed. This problem is not caused by AFS Web
Security Pack or the Apache server, but is due to a defect in the UNIX-based
AFS code. We are working to address this problem and will make an
announcement when a corrected version is available. In the interim,
please be aware of this limitation as you continue testing.
* Due to a preexisting problem in the AFS UNIX product, the Apache
server Fancy Indexing option does not function as expected when AFS
directories are displayed. If the Fancy Indexing option is enabled
on the Apache server, when a user initially browses an ACL-protected
directory (with "system:anyuser l" access), the user is able to see
file details for directories and links, but not for files. Once the
user selects a file and enters a username and password, details for
the files are then displayed. This problem is not caused by AFS Web
Security Pack or the Apache server, but is due to a defect in the UNIX-based
AFS code. We are working to address this problem and will make an
announcement when a corrected version is available. In the interim,
please be aware of this limitation as you continue testing.
V. Upgrade Instructions for AFS Web Security Pack for the Apache Web Server
V. Upgrade Instructions for AFS Web Security Pack for the Apache Web Server
Note: Use the following instructions to upgrade AFS Web Security Pack on
your Apache Web Server if Beta Version 1 or Beta Version 2 of the product
is already installed. (If this is the first time you are installing AFS Web
Security Pack, follow the instructions in the next section, Installing and
Note: Use the following instructions to upgrade AFS Web Security Pack on
your Apache Web Server if Beta Version 1 or Beta Version 2 of the product
is already installed. (If this is the first time you are installing AFS Web
Security Pack, follow the instructions in the next section, Installing and
Configuring AFS Web Security PAck 1.0 for the Apache Web Server.)
1. Replace the existing versions of the weblog, weblog_starter and
libapacheafs.a files with the new files provided with this version
of AFS Web Security Pack 1.0. Also, in the Apache src directory,
1. Replace the existing versions of the weblog, weblog_starter and
libapacheafs.a files with the new files provided with this version
of AFS Web Security Pack 1.0. Also, in the Apache src directory,
replace the mod_afs.c or afs_module.c file with the new AFS Web Security Pack
Module, afs_module.c.
Module, afs_module.c.
2. In the Apache server Configuration file, change the line that
references the AFS Web Security Pack module so that the line appears as
2. In the Apache server Configuration file, change the line that
references the AFS Web Security Pack module so that the line appears as
follows:
Module afs_module afs_module.o
Note: If you want to enable AFS Web Security Pack to translate and access user
home directories, you must include the userdir_module when you build
the Apache server. For information on including modules when building
home directories, you must include the userdir_module when you build
the Apache server. For information on including modules when building
the Apache server, consult you Apache server documentation.
3. In the Apache server src directory, run the Configure script to
create a new configuration Makefile for your operating system.
3. In the Apache server src directory, run the Configure script to
create a new configuration Makefile for your operating system.
4. Stop the Apache server process (httpd). Then, issue the make
command to compile the Apache server.
4. Stop the Apache server process (httpd). Then, issue the make
command to compile the Apache server.
5. In the Apache server runtime configuration file, remove (or comment
5. In the Apache server runtime configuration file, remove (or comment
out) the following two lines:
SetAFSMountpointDir /afs_mountpoint_directory
SetAFSLocation /afs_location
6. In the Apache server runtime configuration file, replace (or
comment out) the SetHandler afs-authentication parameter with the
AFSAuthType AFS parameter, so that the Location directive appears as
6. In the Apache server runtime configuration file, replace (or
comment out) the SetHandler afs-authentication parameter with the
AFSAuthType AFS parameter, so that the Location directive appears as
follows:
<Location /afs>
AFSAuthType AFS
</Location>
where /afs is the directory (or symbolic link to the directory)
that contains the mount points to AFS to be used by the Apache
server and AFS Web Security Pack.
where /afs is the directory (or symbolic link to the directory)
that contains the mount points to AFS to be used by the Apache
server and AFS Web Security Pack.
Note: You can specify AFSAuthType AFS for multiple locations to indicate
Note: You can specify AFSAuthType AFS for multiple locations to indicate
that AFS Web Security Pack authentication must be used when a user attempts to
access a specific location. (In specifying a location, you can use wildcard
access a specific location. (In specifying a location, you can use wildcard
characters if desired.)
7. (Optional) To customize the authorization dialog box that is
displayed when users attempt to access the AFS file space via a
7. (Optional) To customize the authorization dialog box that is
displayed when users attempt to access the AFS file space via a
web browser, add the following line within the Location directive:
AFSLoginPrompt [Custom Text]
where [Custom Text] is the text that you want to appear in the dialog
box that prompts users to enter a user name and password to access AFS
where [Custom Text] is the text that you want to appear in the dialog
box that prompts users to enter a user name and password to access AFS
filespace.
8. (Optional) To enable AFS Web Security Pack to access user directories,
add the following lines to the Apache server runtime configuration
file. This directive specifies the syntax used to access user
directories and indicates that attempts to access user directories
8. (Optional) To enable AFS Web Security Pack to access user directories,
add the following lines to the Apache server runtime configuration
file. This directive specifies the syntax used to access user
directories and indicates that attempts to access user directories
in the AFS filespace must be passed to AFS Web Security Pack:
<Location /~*>
AFSAuthtype AFS
</Location>
Then, add the following line to the Apache server runtime configuration
Then, add the following line to the Apache server runtime configuration
file to indicate the location of user directories in AFS:
UserDir [Users Directory]
where Users Directory indicates the location of user's home directories.
Note: To enable user directory access in this manner, the Apache Server
must include the UserDir module. For information on including this
module when building the Apache server, consult you Apache server
Note: To enable user directory access in this manner, the Apache Server
must include the UserDir module. For information on including this
module when building the Apache server, consult you Apache server
documentation.
9. (Optional) To enable logging of attempts to access AFS in which
permission is denied, add the SetAFSAccessLog directive to the Apache
9. (Optional) To enable logging of attempts to access AFS in which
permission is denied, add the SetAFSAccessLog directive to the Apache
server runtime configuration file as follows:
SetAFSAccessLog [Access Log File]
where [Access Log File] is the full path log file in which failed access
attempts are to be recorded.
where [Access Log File] is the full path log file in which failed access
attempts are to be recorded.
10. If necessary, rename the symbolic link to the AFS filespace in the
Apache server's document root directory with the name specified in the
Location directive for the AFS filespace in the server's runtime
configuration file.
10. If necessary, rename the symbolic link to the AFS filespace in the
Apache server's document root directory with the name specified in the
Location directive for the AFS filespace in the server's runtime
configuration file.
VI. Installing and Configuring AFS Web Security Pack 1.0 for the Apache Web Server
This section provides brief installation and configuration instructions
for Apache AFS Web Security Pack (Version 1.0 for Apache version 1.2.6
and Apache version 1.3.1). See the product documentation for complete installation
and configuration instructions and for details about using the configuration script to
This section provides brief installation and configuration instructions
for Apache AFS Web Security Pack (Version 1.0 for Apache version 1.2.6
and Apache version 1.3.1). See the product documentation for complete installation
and configuration instructions and for details about using the configuration script to
set up AFS Web Security Pack on the Apache server.
1. Uncompress and extract the files from the .tar.gz file, placing the
files in the following locations, where Apache Installation Directory
is the full pathname of the directory where the Apache Web server is
1. Uncompress and extract the files from the .tar.gz file, placing the
files in the following locations, where Apache Installation Directory
is the full pathname of the directory where the Apache Web server is
installed:
- Place both the weblog and weblog_starter files in one directory,
for example, Apache Installation Directory/afswebsecurity. These files
can be placed in any directory as long as they remain together. However,
if the weblog and weblog_starter files are placed in a directory in AFS,
ensure that either the user that the Apache Web server runs as, or the
AFS group system:anyuser is designated as having read and lookup privileges
on the directory's Access Control List (ACL).
- Place both the weblog and weblog_starter files in one directory,
for example, Apache Installation Directory/afswebsecurity. These files
can be placed in any directory as long as they remain together. However,
if the weblog and weblog_starter files are placed in a directory in AFS,
ensure that either the user that the Apache Web server runs as, or the
AFS group system:anyuser is designated as having read and lookup privileges
on the directory's Access Control List (ACL).
- Place the libapacheafs.a file in any directory, for example,
Apache Installation Directory/afswebsecurity.
- Place the libapacheafs.a file in any directory, for example,
Apache Installation Directory/afswebsecurity.
- Place the afs_module.c file in the Apache src directory (Apache version 1.2.6)
or in the src/modules/extra directory (Apache version 1.3.1)
(generally located directly beneath the Apache Installation Directory).
(generally located directly beneath the Apache Installation Directory).
In addition, note the location of the AFS library file, libsys.a. This
file is installed with the AFS client, and is generally located in the
/usr/afsws/lib/afs directory.
In addition, note the location of the AFS library file, libsys.a. This
file is installed with the AFS client, and is generally located in the
/usr/afsws/lib/afs directory.
2. Modify the Apache Server Configuration File as follows.
Locate the EXTRA_LIBS line in the file, and add the paths to the
libapacheafs.a and libsys.a libraries so that the line reads as follows:
Locate the EXTRA_LIBS line in the file, and add the paths to the
libapacheafs.a and libsys.a libraries so that the line reads as follows:
EXTRA_LIBS=[full path to libapacheafs.a] [full path to libsys.a]
In the Module configuration section of the file, add a reference to the
AFS Web Security Pack module. It is recommended that the AFS Web Security Pack
In the Module configuration section of the file, add a reference to the
AFS Web Security Pack module. It is recommended that the AFS Web Security Pack
module be the first Authentication module.
To add the AFS module to the list of Apache server modules, add the following line
to the Configuration file:
To add the AFS module to the list of Apache server modules, add the following line
to the Configuration file:
Module afs_module afs_module.o
Note: If you want the server to attempt to stop completely if AFS
initialization fails, also add -DSHUTDOWN_IF_AFS_FAILS to the
EXTRA_CFLAGS line in this file. Otherwise, on startup if the
initialization procedure fails on startup, the Apache server
Note: If you want the server to attempt to stop completely if AFS
initialization fails, also add -DSHUTDOWN_IF_AFS_FAILS to the
EXTRA_CFLAGS line in this file. Otherwise, on startup if the
initialization procedure fails on startup, the Apache server
will continue to run but AFS authentication will always fail.
3. Modify the Apache Server Runtime Configuration File (for example,
3. Modify the Apache Server Runtime Configuration File (for example,
httpd.conf) as follows.
Add the following lines to the runtime configuration file:
Add the following lines to the runtime configuration file:
SetAFSDefault [Cell cellname]
SetAFSCacheExpiration [cache_expiration]
SetAFSTokenExpiration [token_expiration]
SetAFSWeblogPath [weblog_starter_path]
where the arguments for these Apache server directives are as follows:
where the arguments for these Apache server directives are as follows:
[cellname] - The name of the default AFS cell to be accessed via the
[cellname] - The name of the default AFS cell to be accessed via the
Apache server and AFS Web Security Pack.
[cache_expiration] -The maximum lifetime in seconds of an AFS token
that is stored in the local cache. The default recommendation for
this argument is 300 seconds (5 minutes).
[cache_expiration] -The maximum lifetime in seconds of an AFS token
that is stored in the local cache. The default recommendation for
this argument is 300 seconds (5 minutes).
[token_expiration] -The maximum lifetime in seconds of an AFS token
that is stored in the AFS kernel Cache Manager. The default
recommendation for this argument is 60 seconds (1 minute).
[token_expiration] -The maximum lifetime in seconds of an AFS token
that is stored in the AFS kernel Cache Manager. The default
recommendation for this argument is 60 seconds (1 minute).
[weblog_starter_path] -The path to the AFS Web Security Pack weblog_starter program.
[weblog_starter_path] -The path to the AFS Web Security Pack weblog_starter program.
Specify the full path or a path relative to the path set by the ServerRoot Apache
directive.
directive.
Note: To enable logging of failed attempts to access AFS in which permission
Note: To enable logging of failed attempts to access AFS in which permission
is denied, also add the directive:
SetAFSAccessLog [Access Log File]
where [Access Log File] is the full path of the log file in which
where [Access Log File] is the full path of the log file in which
failed access attempts are to be recorded.
Then, add the following additional lines to the runtime configuration file:
@ -297,78 +297,78 @@ Then, add the following additional lines to the runtime configuration file:
AFSAuthType AFS
</Location>
where [afs] is the request provided by users in combination with the
where [afs] is the request provided by users in combination with the
server hostname and domain in order to access AFS filespace.
Note: This directive only works within Location (and LocationMatch for Apache 1.3.1)
tags and not in any other tags such as Directory or File.
Note: You can specify AFSAuthType AFS for multiple locations to indicate
Note: You can specify AFSAuthType AFS for multiple locations to indicate
that AFS Web Security Pack authentication must be used when a user attempts to
access a specific location. (In specifying a location, you can use wildcard
access a specific location. (In specifying a location, you can use wildcard
characters if desired.)
(Optional) To customize the authorization dialog box that is displayed
when a user attempts to access the AFS file space via a web browser,
add the following line to the Location directive added in the previous
step. The Location directive then appears as follows:
(Optional) To customize the authorization dialog box that is displayed
when a user attempts to access the AFS file space via a web browser,
add the following line to the Location directive added in the previous
step. The Location directive then appears as follows:
AFSLoginPrompt [Custom Text]
where [Custom Text] is the text that you want to appear in the dialog box
that prompts users to enter an AFS user name and password to access the
AFS filespace.
where [Custom Text] is the text that you want to appear in the dialog box
that prompts users to enter an AFS user name and password to access the
AFS filespace.
(Optional) To enable AFS Web Security Pack to access user directories, add the
following additional Location directive to the Apache server runtime
configuration file.
(Optional) To enable AFS Web Security Pack to access user directories, add the
following additional Location directive to the Apache server runtime
configuration file.
<Location /~*>
AFSAuthType AFS
</Location>
Then, also add the following additional line to the Apache server runtime
configuration file to indicate the location of user directories in AFS.
Then, also add the following additional line to the Apache server runtime
configuration file to indicate the location of user directories in AFS.
UserDir [Users Directory]
where [Users Directory] indicates the location of user's home
directories in AFS. The location is specified relative to the
server document root directory.
where [Users Directory] indicates the location of user's home
directories in AFS. The location is specified relative to the
server document root directory.
Note: To enable user directory access in this manner, the Apache
server must include the User Dir module.
Note: To enable user directory access in this manner, the Apache
server must include the User Dir module.
Save and close the modified runtime configuration file.
Save and close the modified runtime configuration file.
4. Stop the Apache server process (httpd). Then, configure and make
the Apache server and start it up with the new runtime configuration
4. Stop the Apache server process (httpd). Then, configure and make
the Apache server and start it up with the new runtime configuration
file.
5. Add the following to the shutdown or stopd file to shutdown the
5. Add the following to the shutdown or stopd file to shutdown the
weblog_starter process BEFORE the kill -TERM for httpd.pid:
kill -TERM `cat [path to httpd.pid].afs`
For example, if the httpd.pid file is in
/local/stronghold/apache/logs/httpd.pid, then the stopd file should
For example, if the httpd.pid file is in
/local/stronghold/apache/logs/httpd.pid, then the stopd file should
look something like this:
kill -TERM `cat /local/stronghold/apache/logs/httpd.pid.afs`
kill -TERM `cat /local/stronghold/apache/logs/httpd.pid`
kill -TERM `cat /local/stronghold/apache/logs/httpd.pid`
VII. AFS Web Security Pack Documentation
Postscript and HTML versions of the documentation for the initial
Beta release AFS Web Security Pack are available in the doc directory.
Postscript and HTML versions of the documentation for the initial
Beta release AFS Web Security Pack are available in the doc directory.
VIII. Additional Information about Apache and SSL
The following sites on the World Wide Web provide additional information
The following sites on the World Wide Web provide additional information
about the Apache Web Server and SSL.
* Apache Home Page http://www.apache.org
* Stronghold Home http://www.c2.net
* Stronghold International http://www.int.c2.net
* Apache-SSL Home http://www.apache-ssl.org
* Apache Home Page http://www.apache.org
* Stronghold Home http://www.c2.net
* Stronghold International http://www.int.c2.net
* Apache-SSL Home http://www.apache-ssl.org
* SSLeay FAQ http://www.psy.uq.edu.au:8080/~ftp/Crypto/

14
src/libafsauthent/README
View File

@ -10,15 +10,15 @@ the kauth and auth library interfaces. The primary method used to obtain
thread safety in these libraries is to lock/unlock a recursive global
mutex at the entry point of every public function in the library.
However, not all public functions are made thread safe since not all
However, not all public functions are made thread safe since not all
functions are needed by the NT admin work. In particular, there are
many public functions that make up descendants of the functions
we wish to use that weren't modified, since these functions will be
we wish to use that weren't modified, since these functions will be
protected by the locking at a higher level function.
To prevent people from using non-thread safe functions, platform
specific methods are used to limit the functions exported by the
library (using def files under NT and mapfiles under Solaris). For
most non-exported functions, it should be trivial to make the
transformation to thread safe by simply locking/ unlocking the
To prevent people from using non-thread safe functions, platform
specific methods are used to limit the functions exported by the
library (using def files under NT and mapfiles under Solaris). For
most non-exported functions, it should be trivial to make the
transformation to thread safe by simply locking/ unlocking the
global mutex at the beginning/end of the function.

24
src/libuafs/README
View File

@ -10,34 +10,34 @@ README file for libuafs and libjuafs, Version 1.2 06/04/2003.
### INTRODUCTION ###
This Makefile generates two libraries, the standard libuafs.a and
This Makefile generates two libraries, the standard libuafs.a and
libjuafs.a, a libuafs.a variant that is designed for use with Java
enabled applications (as used with libjafsadm, see
src/JAVA/libjafsadm/JAFSADM_README). The libuafs.a library facilitates
user authentication at a process level and enables access and
manipulation of the files and access control lists (ACLs). By way of
the libuafs.a klog function (uafs_klog), the authenticated user's
credentials are bound to the executing process and therefore is granted
user authentication at a process level and enables access and
manipulation of the files and access control lists (ACLs). By way of
the libuafs.a klog function (uafs_klog), the authenticated user's
credentials are bound to the executing process and therefore is granted
permission to act on behalf of the authenticated user.
### LIBUAFS ###
As of 05/13/2002 the libuafs.a library remains unchanged with respect
As of 05/13/2002 the libuafs.a library remains unchanged with respect
to OpenAFS release 1.2.3.
### LIBJUAFS ###
The libjuafs.a is a new addition to the libuafs.a build as of 05/10/2002 and has
The libjuafs.a is a new addition to the libuafs.a build as of 05/10/2002 and has
been added for the following reasons:
- To avoid function name collisions with other libraries
- To ensure that existing applications using libuafs.a will not be affected.
- Utilize libuafs.a functionality in Java-based applications.
The libjuafs.a library implements the AFS_WEB_ENHANCEMENTS and UKERNEL
(user space kernel) definitions, which are used to enable functions
The libjuafs.a library implements the AFS_WEB_ENHANCEMENTS and UKERNEL
(user space kernel) definitions, which are used to enable functions
such as:
- afs_setpag_val*
@ -57,7 +57,7 @@ for the thread to restore tokens, rather than reauthenticating.
### BUILD ###
A simple "make" will build both libuafs.a and libjuafs.a. Optionally, you
A simple "make" will build both libuafs.a and libjuafs.a. Optionally, you
can make each library independently by issuing:
make UAFS/libuafs.a
@ -71,11 +71,11 @@ can make each library independently by issuing:
The libuafs/UAFS directory is generated by the Makefile and contains the
object files and local copy of libuafs.a resulting from the build process.
The libuafs/JUAFS directory is the same as libuafs/UAFS, however it
The libuafs/JUAFS directory is the same as libuafs/UAFS, however it
contains output files respective to libjuafs.a.
### CONSIDERATIONS ###
The libjuafs.a library has only been tested using RedHat Linux 7.3 and
The libjuafs.a library has only been tested using RedHat Linux 7.3 and
OpenAFS 1.2.6, OpenAFS 1.2.7, OpenAFS 1.2.8, and OpenAFS 1.2.9.

2
src/mcas/README
View File

@ -85,7 +85,7 @@ The license is GPL. See the file COPYING for details.
****
This software has been released by its original author, Keir Fraser,
with permission from his advisors, under a BSD license. For details,
with permission from his advisors, under a BSD license. For details,
please see README.LICENSE.
-- Matt Benjamin, 07/24/2009

12
src/platform/DARWIN/AklogAuthPlugin/README
View File

@ -46,29 +46,29 @@ int main(int argc, char *argv[])
CFArrayRef arrayRef;
if (!CFDictionaryGetValueIfPresent(login_dict, CFSTR("mechanisms"),
&arrayRef))
&arrayRef))
exit(1);
CFMutableArrayRef newMechanisms = CFArrayCreateMutableCopy(NULL, 0,
arrayRef);
arrayRef);
if (!newMechanisms)
exit(1);
CFIndex index = CFArrayGetFirstIndexOfValue(newMechanisms,
CFRangeMake(0, CFArrayGetCount(newMechanisms)), CFSTR("authinternal"));
CFRangeMake(0, CFArrayGetCount(newMechanisms)), CFSTR("authinternal"));
if (index == -1)
exit(1);
CFArraySetValueAtIndex(newMechanisms, index, CFSTR("newmech"));
CFMutableDictionaryRef new_login_dict
= CFDictionaryCreateMutableCopy(NULL, 0, login_dict);
CFMutableDictionaryRef new_login_dict
= CFDictionaryCreateMutableCopy(NULL, 0, login_dict);
CFDictionarySetValue(new_login_dict, CFSTR("mechanisms"), newMechanisms);
status = AuthorizationRightSet(authRef, LOGIN_RIGHT, new_login_dict,
NULL, NULL, NULL);
NULL, NULL, NULL);
if (status) exit(1);
}

16
src/rxkad/README.v5
View File

@ -2,29 +2,29 @@
# This code depends on heimdal's asn1_compile generated krb5 decoding
# stuff. The code is originally from rxkad that Björn Grönvall
# <bg@sics.se> for kth-krb and was included in Arla.
#
#
# The first file, v5der.c are part for of support functions
# that all generated files depends on.
#
#
# The second file (v5gen.h) is the header file that is generated for
# the decoding functions.
#
#
# The third file (v5gen.c) is the subset of the generated functions we
# need to decode the authenticator.
#
#
# The forth file (v5gen-rewrite.h) is used to make sure we don't
# pollute the namespace.
#
#
# All files are modified to build within OpenAFS environment without
# any external dependencies. Below is the shell script that is used to
# import the code into the four files.
#
#
# All internal symbols are rewritten to _rxkad_v5_.
#
# Make sure we don't export too much
#
# : lha@nutcracker ; nm ticket5.o | grep T | grep -v _rxkad_v5
#
# : lha@nutcracker ; nm ticket5.o | grep T | grep -v _rxkad_v5
# 00005748 T tkt_DecodeTicket5
#

14
src/tests/README
View File

@ -3,12 +3,12 @@ AFS verification suite
Prerequisites
1) A Kerberos KDC should already be configured
1) A Kerberos KDC should already be configured
2) An afs key should be in the KeyFile the AFS binaries will use
(/usr/afs/etc/KeyFile in an IBM-style installation; bos_util can be used
to set it up)
3) 2 srvtabs or keytabs with user keys, one for the user "admin"
and one for the user "user" that can be used for authenticated testing
and one for the user "user" that can be used for authenticated testing
of the AFS installation
4) The necessary tools for getting an AFS token from the installed Kerberos
(typically aklog) should be available.
@ -209,22 +209,22 @@ Some tests as noted are:
* Copyright (c) 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

2
src/tests/README.afstools
View File

@ -1,2 +1,2 @@
This is a (potentially) modified version of the AFSTools perl suite.
This is a (potentially) modified version of the AFSTools perl suite.
You should visit grand.central.org for the official version.

12
src/tests/README.dumptool
View File

@ -54,21 +54,21 @@ accepts the following commands:
-F Append / to filenames for directories, @ for symlinks,
and * for files which have the execute bits set.
-R Recurse through all subdirectories.
cd Change the current directory
cp Copy a file from the dump. Note that globbing is NOT
supported, and you must give a filename (the Unix
idiom of just giving a destination directory for the
second argument to cp will NOT work).
vcp Copy a file from the dump, by the vnode. The first
argument is the vnode number, optionally followed by
the uniquifier. E.g:
vcp 126278 /tmp/file1
vcp 126278.43289 /tmp/file2
quit Exits dumptool.
exit
@ -84,7 +84,7 @@ below:
-f Force dump processing. Attempt to continue processing
a dump even when some errors are detected. Not completely
tested.
-i Inode dump. Dump a list of all files in the volume,
with their volume/vnode/uniquifier information.
@ -98,11 +98,11 @@ Additional command line options:
-d Dump all residency filenames in the dump file to standard
output.
-t Residency tag information. Allows a user to specify the
tag of a residency if the rsserver is not available.
Format of option is Residency/Tag
-r Residency filesystem information. Allows a user to specify
the residency filesystem information if dumptool is not
run on the same host as the residency in the dump. Format

12
src/vol/test/README
View File

@ -5,10 +5,10 @@ This software has been released under the terms of the IBM Public
License. For details, see the LICENSE file in the top-level source
directory or online at http://www.openafs.org/dl/license10.html
/* Tool for listing /vicepX partition
/* Tool for listing /vicepX partition
**
*/
listVicepx -p < partitionName> -v <volumeName>
listVicepx -p < partitionName> -v <volumeName>
[-ls | -lsl | -ld | -dir <directoryInode> ]
Without any input options, it prints out the names of symlinks and
@ -18,15 +18,15 @@ With the -ls option, it prints out the names of all file/symlinks
inside the volume.
With the -lsl option, it prints out metadata about all file/symlink.
This metadata includes the inode number(Ind), UNIX mode bits(Mod),
This metadata includes the inode number(Ind), UNIX mode bits(Mod),
link count(Lnk), the owner(Own), the group(Grp) and the file size(Siz).
With the -ld option, it prints out metadata about all directories
in this volume. This metadata includes the directory inode(Ind) and
the directory vnode(Vnd) along with the directory name. The root
the directory vnode(Vnd) along with the directory name. The root
directory of the volume is indicated as ~.
With the -dir <directory inode> option, this tool prints out the
With the -dir <directory inode> option, this tool prints out the
contents of this directory. The inode number has to be a directory inode.
COMPILATION:
@ -36,5 +36,5 @@ ln -s ../SRC/test SRC
ln -s ../DEST DEST
make install
The executable name is listVicepx.
The executable name is listVicepx.

2
tests/README
View File

@ -19,7 +19,7 @@ level. The Makefile.in in this directory will also need to be modified
to recurse into any new directories. See util/Makefile.in for an example
of how to write a Makefile.in for a new test directory.
The files comprising the test harness are sourced from the C TAP Harness
The files comprising the test harness are sourced from the C TAP Harness
distribution using the src/external mechanism. The upstream site for that
distribution is at: