diff --git a/README b/README index c28e867676..393f475164 100644 --- a/README +++ b/README @@ -27,7 +27,7 @@ A Configuring source in, you will only have an src/ directory. 1. Pick a system to build for, and note its default AFS sys_name. - A directory will be automatically created for binaries to be written + A directory will be automatically created for binaries to be written into with this name when you build. alpha_dux40, alpha_dux50, alpha_dux51 (client does not work) @@ -144,18 +144,18 @@ A Configuring B Building - 1. Now, you can build OpenAFS. + 1. Now, you can build OpenAFS. % make - 2. Install your build using either "make install" to install + 2. Install your build using either "make install" to install into the current system (you will need to be root, and files will be placed as appropriate for Transarc or standard paths), - "make install DESTDIR=/some/path" to install into an alternate + "make install DESTDIR=/some/path" to install into an alternate directory tree, or if you configured with --enable-transarc-paths - make dest to create a complete binary tree in the dest directory + make dest to create a complete binary tree in the dest directory under the directory named for the sys_name you built for, - e.g. sun4x_57/dest or i386_linux22/dest + e.g. sun4x_57/dest or i386_linux22/dest 3. As appropriate you can clean up or, if you're using Linux, build for another kernel version. @@ -167,7 +167,7 @@ B Building C Problems If you have a problem building this source, you may want to visit - http://www.openafs.org/ to see if any problems have been reported + http://www.openafs.org/ to see if any problems have been reported or to find out how to get more help. Mailing lists have been set up to help; More details can be found @@ -199,7 +199,7 @@ D Linux Notes % ./configure --with-afs-sysname= \ --with-linux-kernel-headers=/usr/src/linux-2.2.19-i686 - % make + % make Your build tree will now include an additional kernel module for your additional kernel headers. Be aware that if the kernel version string @@ -245,9 +245,9 @@ G FreeBSD Notes You also need access to your kernel build directory for the opt_global.h include file. Use the --with-bsd-kernel-build= configure option if your - kernel build is not GENERIC in the standard place. If - /usr/src/sys/${CPUARCH}/compile/GENERIC does not point to - /usr/obj/usr/src/sys/GENERIC you may need to resolve that and retry the + kernel build is not GENERIC in the standard place. If + /usr/src/sys/${CPUARCH}/compile/GENERIC does not point to + /usr/obj/usr/src/sys/GENERIC you may need to resolve that and retry the build. There is no server package, but I am told that "make install" will put diff --git a/README-WINDOWS b/README-WINDOWS index ae259ff81e..f3d7d540d6 100644 --- a/README-WINDOWS +++ b/README-WINDOWS @@ -2,10 +2,10 @@ This software has been released under the terms of the IBM Public License. For details, see the LICENSE file in the top-level source directory or on-line at http://www.openafs.org/dl/license10.html -The document now provides a step by step procedure that takes the user -from a basic Windows 2000/XP/2003/Vista/2008 workstation to an OpenAFS -development environment. Details are provided so that a 'beginning' -windows developer can build an OpenAFS installable package for Windows +The document now provides a step by step procedure that takes the user +from a basic Windows 2000/XP/2003/Vista/2008 workstation to an OpenAFS +development environment. Details are provided so that a 'beginning' +windows developer can build an OpenAFS installable package for Windows 2000/XP/2003/Vista/2008. NOTE 1: @@ -24,7 +24,7 @@ can be one of: * Windows XP * Windows XP SP2 - * Windows 2003 + * Windows 2003 * Windows 2003 SP1 * Windows XP 64 * Windows 2003 64 @@ -34,7 +34,7 @@ can be one of: * Windows 7 (32 or 64) * Windows 2008 R2 (64) -The build process is controlled by a nmake file that generates the +The build process is controlled by a nmake file that generates the necessary binaries and binds them into an install package. The following steps describe how to configure the development environment: @@ -51,9 +51,9 @@ The following steps describe how to configure the development environment: J. Build Wix MSI Install Package K. Final Results L. Optional Items - + The Microsoft development tools require anywhere from 660 MB to 1.8GB -of storage depending on which compilers are selected. The following +of storage depending on which compilers are selected. The following versions are supported: Microsoft Visual Studio .NET 2005 @@ -72,7 +72,7 @@ One of the following Microsoft DDK/WDK is required: Microsoft Windows Driver Kit 7600 -NOTE: Not all combinations of Visual Studio, SDK, and DDK/WDK are +NOTE: Not all combinations of Visual Studio, SDK, and DDK/WDK are known to work. OpenAFS for Windows is packaged by Secure Endpoints Inc. using the following configurations: @@ -112,14 +112,14 @@ Doxygen is required for Developer Documentation generation http://www.stack.nl/~dimitri/doxygen/ -The NSIS installer requires about 14 MB of storage. The following +The NSIS installer requires about 14 MB of storage. The following version is supported: Nullsoft Scriptable Installation System 2.44 http://sourceforge.net/project/showfiles.php?group_id=22049&package_id=15374 (Be sure to use the strlen 8192 binaries) -The WiX installer requires about 18 MB of storage. The following +The WiX installer requires about 18 MB of storage. The following version is supported: Wix 2.0.5325.0 @@ -152,11 +152,11 @@ You will need an unzip utility that can expand compressed tar files. For example "Pkzip for Windows" from Pkware will uncompress tar files. (http://www.pkware.com/) -Expand the downloaded tar files into target directory (c:\OpenAFS), +Expand the downloaded tar files into target directory (c:\OpenAFS), the unzip routine will expand the source into a subdirectory tree: - c:\OpenAFS\OpenAFS-1.5.61\ + c:\OpenAFS\OpenAFS-1.5.61\ -Copy the files 'NTMakefile' and 'ntbuild.bat' from the 'src' +Copy the files 'NTMakefile' and 'ntbuild.bat' from the 'src' subdirectory to the OpenAFS base directory (aka %AFSROOT%): From a DOS command prompt window, enter the following copy commands: @@ -174,7 +174,7 @@ The OpenAFS base directory should look something like the following: STEP B. Install compiler and development tools. -Install a copy of Microsoft Visual Studio .NET, Visual Studio .NET 2003, +Install a copy of Microsoft Visual Studio .NET, Visual Studio .NET 2003, or Visual Studio .NET 2005. Visual Studio 2008 can be used to produce builds but the resulting binaries cannot be used on Windows 2000. @@ -191,7 +191,7 @@ STEP C. Install SDK header files. Files from Microsoft's Platform SDK for Windows Server 2003 SP1 are required to complete a build on Windows 2000/XP/2003. At a minimum the -following components are known to be required: +following components are known to be required: * Core * Data Access @@ -226,11 +226,11 @@ These files come from the following Microsoft DDKs/SDKs: STEP D. Configure NTBUILD.BAT. -The NTBUILD.BAT file copied to the OpenAFS base directory must be +The NTBUILD.BAT file copied to the OpenAFS base directory must be customized for use on your development system. The provided NTBUILD.BAT was developed for use with Visual Studio 2003 and the Windows Server 2003 Platform SDK. It requires significant modification to construct a build -environment for use with other tools. +environment for use with other tools. The following variables must be defined to match your configuration: @@ -267,9 +267,9 @@ The following variables must be defined to match your configuration: MSVCVer: Set to 8.0 if using Visual Studio 8 CODESIGN_DESC: Product Name - + CODESIGN_TIMESTAMP: Time Stamp Service for Code Signing Certificate - + CODESIGN_URL: Support URL Displayed to End Users CODESIGN_CROSS_CERT: Path to Microsoft Cross Signing Certificate @@ -292,7 +292,7 @@ as appropriate: AFSPRODUCT_VER_PATCH - Version Patch Number AFSPRODUCT_VER_BUILD - Version Build Number CELLSERVDB_INSTALL - The default file name for the CellServDB - included in the install Package. + included in the install Package. CELLNAME_DEFAULT - The default home cell name. CELLSERVDB_WEB - The default web address to obtain CellServDB @@ -313,7 +313,7 @@ one that can be downloaded from the web (CELLSERVDB_WEB). IMPORTANT: When building your own binaries, you must set the AFSPRODUCT_VER_BUILD value to a number greater than 1023. All values 0 to 1023 are reserved for use -by official OpenAFS.org releases. A failure to do so will result in Windows +by official OpenAFS.org releases. A failure to do so will result in Windows Crash Reports for your binaries being delivered to OpenAFS.org for analysis. @@ -350,7 +350,7 @@ STEP F. Begin the build While the build is running you will see many compile warnings. This behavior is normal; the build process is successful as long as the build process doesn't terminate with an error ("nmake.exe return code 0x2") -and it displays 'Build Finished Successfully'. Note that although the +and it displays 'Build Finished Successfully'. Note that although the the build target is "install", it does not install OpenAFS. (5) Before rebuilding you must clean the work area: @@ -365,10 +365,10 @@ Download the Nullsoft Scriptable Installation System (NSIS) 2.44 from http://nsis.sourceforge.net/home/ Run the nsis-2.33.exe installer and install to "C:\Program Files\NSIS". -Then download the large strings build zip file and replace the installed -files with the versions from the zip file. These versions increase -the maximum string length from 1024 characters to 8192 characters. -This is necessary for installation on systems with long PATH environment +Then download the large strings build zip file and replace the installed +files with the versions from the zip file. These versions increase +the maximum string length from 1024 characters to 8192 characters. +This is necessary for installation on systems with long PATH environment strings. Note: The NSIS installer can only be used to produce 32-bit installers. @@ -382,7 +382,7 @@ From the %AFSROOT% directory execute: STEP I. Install Wix MSI Installer -Download the Wix 2.0.5325.0 installer from +Download the Wix 2.0.5325.0 installer from http://prdownloads.sourceforge.net/wix/sources-2.0.5325.0.zip diff --git a/README.DEVEL b/README.DEVEL index d39cbc6594..b7b57a8c95 100644 --- a/README.DEVEL +++ b/README.DEVEL @@ -34,7 +34,7 @@ Format of the prototype files should look like: #ifndef AFS_SRC_DDD_PROTO_H #define AFS_SRC_DDD_PROTO_H - + /* filename.c */ prototypes @@ -47,10 +47,10 @@ In most of the existing prototypes, the define is DDD_PROTOTYPES_H, which is probably ok as well. The declaration of the routines should be done in ANSI style. If at some -later date, it is determined that prototypes don't work on some platform +later date, it is determined that prototypes don't work on some platform properly, we can use ansi2knr during the compile. - rettype + rettype routine(argtype arg) { @@ -62,13 +62,13 @@ and should have (void) if no arguments are taken. Header files should not contain macros or other definitions unless they are used across multiple source files. -All routines should be declared static if they are not used outside that +All routines should be declared static if they are not used outside that source file. Compiles on gcc-using machines should strive to handle using -Wstrict-prototypes -Werror. (this may take a while) -Routines shall be defined in source prior to use if possible, and +Routines shall be defined in source prior to use if possible, and prototyped in block at top of file if static. API documentation in the code should be done using Qt-style Doxygen diff --git a/README.WARNINGS b/README.WARNINGS index 9de861d3ec..4122d332fc 100644 --- a/README.WARNINGS +++ b/README.WARNINGS @@ -6,7 +6,7 @@ to reduce the number of warnings in the OpenAFS tree. In an attempt to prevent warnings from creeping back in, we now have the ability to break the build when new warnings appear. -This is only available for systems with gcc 4.2 or later, and is disabled +This is only available for systems with gcc 4.2 or later, and is disabled unless the --enable-checking option is supplied to configure. Because we can't remove all of the warnings, we permit file by file (and warning by warning) disabling of specific warnings. The --enable-checking=all prevents @@ -21,15 +21,15 @@ disabled in an number of ways. You can disable a single warning type in a particular file by using GCC pragmas. If a warning can be disabled with a pragma, then the switch to use will be listed in the error message you receive from the compiler. Pragmas -should be wrapped in IGNORE_SOME_GCC_WARNINGS, so that they aren't used +should be wrapped in IGNORE_SOME_GCC_WARNINGS, so that they aren't used with non-gcc compilers, and can be disabled if desired. For example: #ifdef IGNORE_SOME_GCC_WARNINGS # pragma GCC diagnostic warning "-Wold-style-definition" #endif -If a pragma isn't available for your particular warning, you will need to +If a pragma isn't available for your particular warning, you will need to disable all warnings for the file in question. You can do this by supplying -the autoconf macro @CFLAGS_NOERROR@ in the build options for the file. For +the autoconf macro @CFLAGS_NOERROR@ in the build options for the file. For example: lex.yy.o : lex.yy.c y.tab.c ${CC} -c ${CFLAGS} @CFLAGS_NOERROR@ lex.yy.c diff --git a/doc/txt/README.linux-nfstrans b/doc/txt/README.linux-nfstrans index f32b918676..ba4faa30f0 100644 --- a/doc/txt/README.linux-nfstrans +++ b/doc/txt/README.linux-nfstrans @@ -130,7 +130,7 @@ AFS-specific operations via the remote system call interface (rmtsys). To enable this feature, afsd must be run with the -rmtsys switch. OpenAFS client utilities will use this feature automatically if the AFSSERVER environment variable is set to the address or hostname of the translator -system, or if the file ~/.AFSSERVER or /.AFSSERVER exists and contains the +system, or if the file ~/.AFSSERVER or /.AFSSERVER exists and contains the translator's address or hostname. On systems running the client PAG manager (afspag.ko), AFS system calls @@ -176,7 +176,7 @@ NFS translator. ## Dynamic Mount Points -This patch introduces a special directory ".:mount", which can be found +This patch introduces a special directory ".:mount", which can be found directly below the AFS root directory. This directory always appears to be empty, but any name of the form "cell:volume" will resolve to a mount point for the specified volume. The resulting mount points are always diff --git a/src/JAVA/libjafs/README b/src/JAVA/libjafs/README index 3560677c75..5b28c70c53 100644 --- a/src/JAVA/libjafs/README +++ b/src/JAVA/libjafs/README @@ -30,8 +30,8 @@ Current as of June 4, 2003 JAFS is an open source API designed to allow Java programmers the ability to create applications for the administration or use of OpenAFS file systems. -It works by accessing libadmin and libuafs (administrative and user-level -libraries that come with OpenAFS) through JNI. It consists of a Java package +It works by accessing libadmin and libuafs (administrative and user-level +libraries that come with OpenAFS) through JNI. It consists of a Java package called org.openafs.jafs, and two shared libraries libjafsadm.so and libjafs.so. --------------------------------------------------------------------------- @@ -40,16 +40,16 @@ called org.openafs.jafs, and two shared libraries libjafsadm.so and libjafs.so. * --------------------------------------------------------------------------- -There is a version of JAFS that has been compiled on Red Hat Linux 7.3, +There is a version of JAFS that has been compiled on Red Hat Linux 7.3, and can be directly used without compilation. It was compiled using -OpenAFS 1.2.10a libraries (with a modified version of libjuafs.a). It -consists of a JAR file (jafs-1.2.10a.jar) and two shared libraries -(libjafsadm.so and libjafs.so). It was compiled using the ---enable-transarc-paths on compilation (for use with the OpenAFS RPMs), +OpenAFS 1.2.10a libraries (with a modified version of libjuafs.a). It +consists of a JAR file (jafs-1.2.10a.jar) and two shared libraries +(libjafsadm.so and libjafs.so). It was compiled using the +--enable-transarc-paths on compilation (for use with the OpenAFS RPMs), gcc 2.96, and Java Classic VM version 1.4.1_02. When you write Java code to use this API, import the -org.openafs.jafs package. During compilation of your Java code, +org.openafs.jafs package. During compilation of your Java code, ensure one of the following conditions are met: - Use the "-classpath" option to javac to specify the jafs.jar file. - Change your $CLASSPATH environment variable to include the @@ -58,14 +58,14 @@ ensure one of the following conditions are met: When running an application that uses JAFS, the shared libraries need to be found by Java's library loader. The easiest way to accomplish this is to copy these files into the /usr/local/lib/ directory, -or create symbolic links from that directory to the files. Alternatively, +or create symbolic links from that directory to the files. Alternatively, the directory containing the libraries can also be added to the LD_LIBRARY_PATH environment variable. You also need to have an OpenAFS client set up on your machine (preferably version 1.2.10a, but it should work for some past versions as well). -You can obtain the OpenAFS client and view installation documentation at -http://www.openafs.org (the RPMs are easiest to use for Linux). Also any +You can obtain the OpenAFS client and view installation documentation at +http://www.openafs.org (the RPMs are easiest to use for Linux). Also any cells you plan to access through the API must have entries in your client's CellServDB file (located in the /usr/vice/etc/ directory in most setups). @@ -90,8 +90,8 @@ the JAFS API. for the source you download: ** APPLY THE APPROPRIATE PATCH - You can apply the appropriate JAFS patch with the following command, - executed from the root directory of the download code + You can apply the appropriate JAFS patch with the following command, + executed from the root directory of the download code (i.e. openafs-1.2.10a/): patch -p1 < xxx.diff @@ -102,15 +102,15 @@ the JAFS API. OpenAFS 1.2.7 Source (openafs-1.2.7-src.tar.gz) OpenAFS 1.2.8 Source (openafs-1.2.8-src.tar.gz) - jafs-1.2.6-8.diff + jafs-1.2.6-8.diff * OpenAFS 1.2.9 Source (openafs-1.2.9-src.tar.gz) - jafs-1.2.9.diff + jafs-1.2.9.diff * OpenAFS 1.2.10a Source (openafs-1.2.10a-src.tar.gz) - jafs-1.2.10a.diff + jafs-1.2.10a.diff * Daily Snapshot / CVS (example: openafs-snap-2003-05-21.tar.gz) @@ -118,21 +118,21 @@ the JAFS API. ** RUN CONFIGURE - From the same directory, run the configure script as you normally would + From the same directory, run the configure script as you normally would to compile OpenAFS, but run it with a java-home argument so the script can find your java distribution. For example: ./configure [other options] --java-home=/usr/java/jdk NOTE: If the configure script is not within the root source directory, - then you will need to first run ./regen.sh to generate the + then you will need to first run ./regen.sh to generate the configure script. In this case you will need to manually modify the JAFS Makefile by setting the JAVA_HOME variable to your local system's JAVA_HOME. (i.e. /usr/java/jdk) - The configure script will ensure that this directory contains bin/ and lib/ - subdirectories, and that there are /bin/javac and/bin/javah executables and - an include/jni.h file. If you don't supply a command line argument for the + The configure script will ensure that this directory contains bin/ and lib/ + subdirectories, and that there are /bin/javac and/bin/javah executables and + an include/jni.h file. If you don't supply a command line argument for the java home, the script will look for it in environment variables: first in $JAVA_HOME and then in $JDK_HOME. Also, note that if you have installed (or are planning to install) OpenAFS by using the RPMs for Linux, you @@ -143,10 +143,10 @@ the JAFS API. ** RUN MAKE Finally, do a full build of OpenAFS by executing 'make' in the current directory. After it finishes, you are ready to compile JAFS. Execute - 'make jafs' from that same directory. Afterward, there will be - libjafsadm.so and libjafs.so in the lib/ directory, and a jafs.jar in the - jlib/ directory. These can be used according to the instructions in the - 'USE' section of this document. + 'make jafs' from that same directory. Afterward, there will be + libjafsadm.so and libjafs.so in the lib/ directory, and a jafs.jar in the + jlib/ directory. These can be used according to the instructions in the + 'USE' section of this document. For additional make options, please refer to the next section "MAKE OPTIONS" @@ -157,7 +157,7 @@ the JAFS API. * --------------------------------------------------------------------------- -Additional make options are available by running 'make' from the +Additional make options are available by running 'make' from the src/JAVA/libjafs directory; they are as follows: make - Perform a full make of all Java classes, jar archive, and JNI @@ -171,14 +171,14 @@ make clean_jar - Delete the Java archive library (jlib/jafs.jar) make clean_libs - Delete both JNI shared libraries (lib/libjafs.so and lib/libjafsadm.so) make install - Performs a full make of all components and then installs all - necessary components to your local system. This option - prepares the required '/usr/afswsp/' directory for use by + necessary components to your local system. This option + prepares the required '/usr/afswsp/' directory for use by the native library. make javadocs - Generate Java API documents (in javadoc format). Docs are saved to src/JAVA/javadocs make jar - Builds the Java archive library (containing all Java classes) make libjafs - Builds the user-space library (used for ACL and file access) -make libjafsadm - Builds the administrative library (used for all admin related +make libjafsadm - Builds the administrative library (used for all admin related functions) --------------------------------------------------------------------------- @@ -194,9 +194,9 @@ src/JAVA/libjafs: 'buildinfo.pl', and a subdirectory 'etc'. acltest.c - A test program that allows testing of the native libraries - ACL calls without going through Java. + ACL calls without going through Java. - *Usage information for this program is available by simply + *Usage information for this program is available by simply invoking './acltest' without any parameters. buildinfo.pl - A perl script that automatically updates the build information @@ -205,23 +205,23 @@ src/JAVA/libjafs: the native libraries (found in VersionInfo.h). It may also be used to programatically query for build information. - *Usage information for this program is available by simply + *Usage information for this program is available by simply invoking 'perl buildinfo.pl' without any parameters. - etc/ - A directory containing user-space configuration files. These - files are used for user-space initialization and cache + etc/ - A directory containing user-space configuration files. These + files are used for user-space initialization and cache configuration and are copied to '/usr/afswsp/etc' if a 'make install' is issued. src/JAVA/classes: - Within the src/JAVA/classes directory you will find the root of the Java + Within the src/JAVA/classes directory you will find the root of the Java package, the error message catalog file, and a test program: *.java - Java classes that comprise the test program. adminTest - A script that invokes the Java console-based test program. - This program can be used to exercise all major API calls + This program can be used to exercise all major API calls from Java, thus testing JNI libraries as well as Java code. *Usage information for this program is available via its @@ -253,7 +253,7 @@ src/JAVA/javadocs: --------------------------------------------------------------------------- If you'd like to edit the source code, you'll find the native C code in -the src/JAVA/libjafs directory, and the Java code in the -src/JAVA/classes/org/openafs/jafs/ directory. Please reference the +the src/JAVA/libjafs directory, and the Java code in the +src/JAVA/classes/org/openafs/jafs/ directory. Please reference the src/TechNotes-JavaAPI document for more information. diff --git a/src/afsweb/README b/src/afsweb/README index 1324c45588..1444012bd8 100644 --- a/src/afsweb/README +++ b/src/afsweb/README @@ -12,68 +12,68 @@ Release Notes I. Introduction -The AFS Web Security Pack is an extension available for selected Web servers -that enables system administrators to provide secure access via a -Web browser to documents stored in the AFS filespace. This document +The AFS Web Security Pack is an extension available for selected Web servers +that enables system administrators to provide secure access via a +Web browser to documents stored in the AFS filespace. This document provides information specific to this release of the AFS Web Security Pack. -Note: Due the long filenames and file extensions used for the AFS Web -Secure distribution files, download of the AFS Web Secure product to -a PC sometimes results in incorrect filenames. Note that all AFS Web -Secure distribution files are g-zipped tar files, even if the *.tar.gz -file extension is lost during the download process. +Note: Due the long filenames and file extensions used for the AFS Web +Secure distribution files, download of the AFS Web Secure product to +a PC sometimes results in incorrect filenames. Note that all AFS Web +Secure distribution files are g-zipped tar files, even if the *.tar.gz +file extension is lost during the download process. II. Installation Prerequisites -Note: If you have installed a previous version of the AFS Web Security Pack, -you must first remove the previous version, including any modifications made -to your Apache Web server configuration and runtime configuration files +Note: If you have installed a previous version of the AFS Web Security Pack, +you must first remove the previous version, including any modifications made +to your Apache Web server configuration and runtime configuration files before installing this version of the product. -Your system must meet the following software and disk space requirements +Your system must meet the following software and disk space requirements to install this version of the AFS Web Security Pack. -Operating system: Solaris 2.5.1, AIX 4.2x, AIX 4.3, or AIX 4.3.1 -Web server: Apache 1.2.6 or Apache 1.3.1 -AFS (client): AFS Client 3.4a -Disk Space: 650 KB +Operating system: Solaris 2.5.1, AIX 4.2x, AIX 4.3, or AIX 4.3.1 +Web server: Apache 1.2.6 or Apache 1.3.1 +AFS (client): AFS Client 3.4a +Disk Space: 650 KB Note: Due to security considerations, OpenAFS strongly recommends that the -AFS Web Security Pack be used only on a server enabled with Secure Sockets +AFS Web Security Pack be used only on a server enabled with Secure Sockets Layer (SSL). -IV. Known Defects and Limitations +IV. Known Defects and Limitations -* Due to a preexisting problem in the AFS UNIX product, the Apache -server Fancy Indexing option does not function as expected when AFS -directories are displayed. If the Fancy Indexing option is enabled -on the Apache server, when a user initially browses an ACL-protected -directory (with "system:anyuser l" access), the user is able to see -file details for directories and links, but not for files. Once the -user selects a file and enters a username and password, details for +* Due to a preexisting problem in the AFS UNIX product, the Apache +server Fancy Indexing option does not function as expected when AFS +directories are displayed. If the Fancy Indexing option is enabled +on the Apache server, when a user initially browses an ACL-protected +directory (with "system:anyuser l" access), the user is able to see +file details for directories and links, but not for files. Once the +user selects a file and enters a username and password, details for the files are then displayed. This problem is not caused by the AFS Web -Security Pack or the Apache server, but is due to a defect in the UNIX-based -AFS code. We are working to address this problem and will make an -announcement when a corrected version is available. In the interim, +Security Pack or the Apache server, but is due to a defect in the UNIX-based +AFS code. We are working to address this problem and will make an +announcement when a corrected version is available. In the interim, please be aware of this limitation as you use the AFS Web Security Pack. -*If the AFS Web Security Pack is used on the Apache server version 1.3.1, user +*If the AFS Web Security Pack is used on the Apache server version 1.3.1, user directories cannot be directly accessed through the use of a special character -such as a tilde (~) despite use of the Apache server User Directory directive. +such as a tilde (~) despite use of the Apache server User Directory directive. VII. AFS Web Security Pack Documentation Postscript and HTML versions of the documentation for the AFS Web Security -Pack are available in the doc directory. +Pack are available in the doc directory. VIII. Additional Information about Apache and SSL -The following sites on the World Wide Web provide additional information +The following sites on the World Wide Web provide additional information about the Apache Web Server and SSL. -* Apache Home Page http://www.apache.org -* Stronghold Home http://www.c2.net -* Stronghold International http://www.int.c2.net -* Apache-SSL Home http://www.apache-ssl.org +* Apache Home Page http://www.apache.org +* Stronghold Home http://www.c2.net +* Stronghold International http://www.int.c2.net +* Apache-SSL Home http://www.apache-ssl.org * SSLeay FAQ http://www.psy.uq.edu.au:8080/~ftp/Crypto/ diff --git a/src/afsweb/README.BETA1 b/src/afsweb/README.BETA1 index 216b1febf8..cc91fbe2e2 100644 --- a/src/afsweb/README.BETA1 +++ b/src/afsweb/README.BETA1 @@ -5,14 +5,14 @@ This software has been released under the terms of the IBM Public License. For details, see the LICENSE file in the top-level source directory or online at http://www.openafs.org/dl/license10.html -Installation instructions for Apache AFS Web Secure +Installation instructions for Apache AFS Web Secure (Version 1 for Apache version 1.2.6) Prerequisites:- Ensure the following files exist:- - - weblog + - weblog - weblog_starter - libapacheafs.a - mod_afs.c @@ -21,16 +21,16 @@ In addition to these you should know the location of the AFS library libsys.a -The mod_afs.c file should be in the apache src directory with all the other +The mod_afs.c file should be in the apache src directory with all the other module files. weblog and weblog_starter should be in the same directory - this -could be any directory (preferably outside AFS - if it is in AFS then +could be any directory (preferably outside AFS - if it is in AFS then system:anyuser should have the appropriate ACL on that directory). Editing the following files in the apache src and conf directories:- 1. Configuration (or the current Configuration file) - EXTRA_LIBS= libapacheafs.a libsys.a + EXTRA_LIBS= libapacheafs.a libsys.a NOTE - specify the full path of these libraries - libsys.a is probably in /usr/afsws/lib/afs/libsys.a and you can put libapacheafs.a wherever you @@ -46,7 +46,7 @@ Otherwise, on startup if the initialization procedure fails, the apache server will continue running but AFS authentication will always fail. 2. httpd.conf (or whatever configuration file the server uses on startup - with the -f flag) + with the -f flag) NOTE: ensure that you provide the entire path for the ErrorLog and PidFile Directives instead of attempting to have apache prepend ServerRoot. @@ -56,7 +56,7 @@ Apache Directives. SetAFSDefaultCell [cell] SetAFSMountpointDir [dir] -SetAFSCacheExpiration [time] +SetAFSCacheExpiration [time] SetAFSTokenExpiration [time] SetAFSWeblogPath [path] SetAFSLocation [loc] @@ -72,8 +72,8 @@ AllowOverride None NOTE:- SetAFSLocation should be the same as the Location and should be a path relative to the server-document-root -NOTE: loc and dir should *NOT* be the same. There should be no symbolic link, -file or directory in the DocumentRoot directory with the same name as the loc +NOTE: loc and dir should *NOT* be the same. There should be no symbolic link, +file or directory in the DocumentRoot directory with the same name as the loc directive. cell: REQUIRED directive. @@ -84,14 +84,14 @@ cell: REQUIRED directive. dir: REQUIRED directive. Path to the directory or symbolic link relative to the server document root directory where the AFS cell mount points are. If you want symbolic - links to be followed make sure you have the + links to be followed make sure you have the Options FollowSymLinks - directive set. + directive set. -time: OPTIONAL directive +time: OPTIONAL directive Seconds for AFS token cache expiration (cacheExpiration is for the local cache and tokenExpiration is for the AFS kernel cache manager). - + path: REQUIRED directive. The full or relative (to server binary) path for weblog binary. @@ -99,23 +99,23 @@ path: REQUIRED directive. loc: REQUIRED directive. Some location relative to the server root MAKE SURE THAT THERE DOESN"T ALREADY EXIST A DIRECTORY BY - THIS SAME NAME. This should be the same (case sensitive) + THIS SAME NAME. This should be the same (case sensitive) as the argument to the Location directive. Eg. /afs Configure and make apache and start it up with the new config file. -NOTE: Add the following to the shutdown or stopd file to shutdown the +NOTE: Add the following to the shutdown or stopd file to shutdown the weblog_starter process BEFORE the kill -TERM for httpd.pid kill -TERM `cat .afs` -Eg. if the httpd.pid file is in /local/stronghold/apache/logs/httpd.pid +Eg. if the httpd.pid file is in /local/stronghold/apache/logs/httpd.pid then the stopd file should look something like this kill -TERM `cat /local/stronghold/apache/logs/httpd.pid.afs` - - kill -TERM `cat /local/stronghold/apache/logs/httpd.pid` + + kill -TERM `cat /local/stronghold/apache/logs/httpd.pid` POINTERS TO APACHE AND SSL:- diff --git a/src/afsweb/README.BETA2 b/src/afsweb/README.BETA2 index 3ba1c530b7..82e1ce5d0a 100644 --- a/src/afsweb/README.BETA2 +++ b/src/afsweb/README.BETA2 @@ -11,284 +11,284 @@ Release Notes I. Introduction -AFS Web Security Pack is an extension available for selected Web servers -that enables system administrators to provide secure access via a -Web browser to documents stored in the AFS filespace. This document -summarizes the changes made to AFS Web Security for this release, and -provides installation and configuration instructions. +AFS Web Security Pack is an extension available for selected Web servers +that enables system administrators to provide secure access via a +Web browser to documents stored in the AFS filespace. This document +summarizes the changes made to AFS Web Security for this release, and +provides installation and configuration instructions. -Note: Due the long filenames and file extensions used for the AFS Web +Note: Due the long filenames and file extensions used for the AFS Web Security Pack distribution files, download of the AFS Web Security Pack - product to a PC sometimes results in incorrect filenames. Note that all -AFS Web Security Pack distribution files are g-zipped tar files, even if the -*.tar.gz file extension is lost during the download process. + product to a PC sometimes results in incorrect filenames. Note that all +AFS Web Security Pack distribution files are g-zipped tar files, even if the +*.tar.gz file extension is lost during the download process. II. Installation Prerequisites -Your system must meet the following software and disk space requirements +Your system must meet the following software and disk space requirements to install this version of AFS Web Security Pack. -Operating system: Solaris 2.5.1, AIX 4.1, AIX 4.2, or AIX 4.2.1 -Web server: Apache 1.2.6 -AFS (client): AFS Client 3.4a -Disk Space: 650 KB +Operating system: Solaris 2.5.1, AIX 4.1, AIX 4.2, or AIX 4.2.1 +Web server: Apache 1.2.6 +AFS (client): AFS Client 3.4a +Disk Space: 650 KB -Note: Due to security considerations, OpenAFS strongly recommends that -AFS Web Security Pack be used only on a server enabled with Secure +Note: Due to security considerations, OpenAFS strongly recommends that +AFS Web Security Pack be used only on a server enabled with Secure Sockets Layer (SSL). III. New Features and Product Changes -The following list describes new features and changes that are included +The following list describes new features and changes that are included in this version of AFS Web Security Pack. -* Configuration of AFS Web Security Pack is now easier and more flexible. The -AFSMountPointDir and AFSLocation directives are no longer required. -Instead, during configuration of AFS Web Security Pack, an authorization type -(AFSAuthType) of AFS is now specified. (See the Installation and Configuration +* Configuration of AFS Web Security Pack is now easier and more flexible. The +AFSMountPointDir and AFSLocation directives are no longer required. +Instead, during configuration of AFS Web Security Pack, an authorization type +(AFSAuthType) of AFS is now specified. (See the Installation and Configuration instructions that follow for additional details.) -* The Log In dialog box that is displayed when users attempt to access -the AFS file space via a web browser can now be customized adding the -AFSLoginPrompt directive to the Apache server runtime configuration -file. (See the Installation and Configuration instructions that follow for +* The Log In dialog box that is displayed when users attempt to access +the AFS file space via a web browser can now be customized adding the +AFSLoginPrompt directive to the Apache server runtime configuration +file. (See the Installation and Configuration instructions that follow for additional details.) -* AFS Web Security Pack now provides the ability to log attempts to -access AFS in which permission is denied. This logging can be used to +* AFS Web Security Pack now provides the ability to log attempts to +access AFS in which permission is denied. This logging can be used to determine if users are attempting to access information that they are not authorized to view. To configure this logging, you must add the - SetAFSAccessLog directive to the Apache server runtime configuration file. -(See the Installation and Configuration instructions that follow for + SetAFSAccessLog directive to the Apache server runtime configuration file. +(See the Installation and Configuration instructions that follow for additional details.) -* AFS Web Security Pack now provides the ability to translate and access user -directories that are specified with a special character such as a tilde (~), -for example. http://www.yourcompany.com/~smith. To enable this feature, you -must add the User Directory directive to the Apache server runtime -configuration file. (See the Installation and Configuration instructions +* AFS Web Security Pack now provides the ability to translate and access user +directories that are specified with a special character such as a tilde (~), +for example. http://www.yourcompany.com/~smith. To enable this feature, you +must add the User Directory directive to the Apache server runtime +configuration file. (See the Installation and Configuration instructions that follow for additional details.) -* The previous version of AFS Web Security Pack did not correctly permit -directory indexing of directories for which a user was assigned lookup -permission. In addition, the Parent Link in directory indexes did not -always work correctly. This version of AFS Web Security Pack corrects these +* The previous version of AFS Web Security Pack did not correctly permit +directory indexing of directories for which a user was assigned lookup +permission. In addition, the Parent Link in directory indexes did not +always work correctly. This version of AFS Web Security Pack corrects these problems. -* This version of AFS Web Security Pack corrects a problem with the token cache +* This version of AFS Web Security Pack corrects a problem with the token cache that occasionally caused access to AFS to be incorrectly denied. -* The previous version of AFS Web Security Pack did not accept AFS passwords +* The previous version of AFS Web Security Pack did not accept AFS passwords that included a space. This version of AFS Web Security Pack corrects this problem. -* This version of AFS Web Security Pack corrects a communication (pipe) problem -that occasionally caused the message SERVER_ERROR to be returned. In +* This version of AFS Web Security Pack corrects a communication (pipe) problem +that occasionally caused the message SERVER_ERROR to be returned. In addition, this version improves performance of AFS Web Security Pack. -IV. Known Defects and Limitations +IV. Known Defects and Limitations -* Due to a preexisting problem in the AFS UNIX product, the Apache -server Fancy Indexing option does not function as expected when AFS -directories are displayed. If the Fancy Indexing option is enabled -on the Apache server, when a user initially browses an ACL-protected -directory (with "system:anyuser l" access), the user is able to see -file details for directories and links, but not for files. Once the -user selects a file and enters a username and password, details for -the files are then displayed. This problem is not caused by AFS Web -Security Pack or the Apache server, but is due to a defect in the UNIX-based -AFS code. We are working to address this problem and will make an -announcement when a corrected version is available. In the interim, -please be aware of this limitation as you continue testing. +* Due to a preexisting problem in the AFS UNIX product, the Apache +server Fancy Indexing option does not function as expected when AFS +directories are displayed. If the Fancy Indexing option is enabled +on the Apache server, when a user initially browses an ACL-protected +directory (with "system:anyuser l" access), the user is able to see +file details for directories and links, but not for files. Once the +user selects a file and enters a username and password, details for +the files are then displayed. This problem is not caused by AFS Web +Security Pack or the Apache server, but is due to a defect in the UNIX-based +AFS code. We are working to address this problem and will make an +announcement when a corrected version is available. In the interim, +please be aware of this limitation as you continue testing. -V. Upgrade Instructions for AFS Web Security Pack for the Apache Web Server +V. Upgrade Instructions for AFS Web Security Pack for the Apache Web Server -Note: Use the following instructions to upgrade AFS Web Security Pack on -your Apache Web Server if Beta Version 1 or Beta Version 2 of the product -is already installed. (If this is the first time you are installing AFS Web -Security Pack, follow the instructions in the next section, Installing and +Note: Use the following instructions to upgrade AFS Web Security Pack on +your Apache Web Server if Beta Version 1 or Beta Version 2 of the product +is already installed. (If this is the first time you are installing AFS Web +Security Pack, follow the instructions in the next section, Installing and Configuring AFS Web Security PAck 1.0 for the Apache Web Server.) -1. Replace the existing versions of the weblog, weblog_starter and -libapacheafs.a files with the new files provided with this version -of AFS Web Security Pack 1.0. Also, in the Apache src directory, +1. Replace the existing versions of the weblog, weblog_starter and +libapacheafs.a files with the new files provided with this version +of AFS Web Security Pack 1.0. Also, in the Apache src directory, replace the mod_afs.c or afs_module.c file with the new AFS Web Security Pack -Module, afs_module.c. +Module, afs_module.c. -2. In the Apache server Configuration file, change the line that -references the AFS Web Security Pack module so that the line appears as +2. In the Apache server Configuration file, change the line that +references the AFS Web Security Pack module so that the line appears as follows: Module afs_module afs_module.o Note: If you want to enable AFS Web Security Pack to translate and access user - home directories, you must include the userdir_module when you build -the Apache server. For information on including modules when building + home directories, you must include the userdir_module when you build +the Apache server. For information on including modules when building the Apache server, consult you Apache server documentation. -3. In the Apache server src directory, run the Configure script to -create a new configuration Makefile for your operating system. +3. In the Apache server src directory, run the Configure script to +create a new configuration Makefile for your operating system. -4. Stop the Apache server process (httpd). Then, issue the make -command to compile the Apache server. +4. Stop the Apache server process (httpd). Then, issue the make +command to compile the Apache server. -5. In the Apache server runtime configuration file, remove (or comment +5. In the Apache server runtime configuration file, remove (or comment out) the following two lines: SetAFSMountpointDir /afs_mountpoint_directory SetAFSLocation /afs_location -6. In the Apache server runtime configuration file, replace (or -comment out) the SetHandler afs-authentication parameter with the -AFSAuthType AFS parameter, so that the Location directive appears as +6. In the Apache server runtime configuration file, replace (or +comment out) the SetHandler afs-authentication parameter with the +AFSAuthType AFS parameter, so that the Location directive appears as follows: AFSAuthType AFS -where /afs is the directory (or symbolic link to the directory) -that contains the mount points to AFS to be used by the Apache -server and AFS Web Security Pack. +where /afs is the directory (or symbolic link to the directory) +that contains the mount points to AFS to be used by the Apache +server and AFS Web Security Pack. -Note: You can specify AFSAuthType AFS for multiple locations to indicate +Note: You can specify AFSAuthType AFS for multiple locations to indicate that AFS Web Security Pack authentication must be used when a user attempts to -access a specific location. (In specifying a location, you can use wildcard +access a specific location. (In specifying a location, you can use wildcard characters if desired.) -7. (Optional) To customize the authorization dialog box that is -displayed when users attempt to access the AFS file space via a +7. (Optional) To customize the authorization dialog box that is +displayed when users attempt to access the AFS file space via a web browser, add the following line within the Location directive: AFSLoginPrompt [Custom Text] -where [Custom Text] is the text that you want to appear in the dialog -box that prompts users to enter a user name and password to access AFS +where [Custom Text] is the text that you want to appear in the dialog +box that prompts users to enter a user name and password to access AFS filespace. -8. (Optional) To enable AFS Web Security Pack to access user directories, -add the following lines to the Apache server runtime configuration -file. This directive specifies the syntax used to access user -directories and indicates that attempts to access user directories +8. (Optional) To enable AFS Web Security Pack to access user directories, +add the following lines to the Apache server runtime configuration +file. This directive specifies the syntax used to access user +directories and indicates that attempts to access user directories in the AFS filespace must be passed to AFS Web Security Pack: AFSAuthtype AFS -Then, add the following line to the Apache server runtime configuration +Then, add the following line to the Apache server runtime configuration file to indicate the location of user directories in AFS: UserDir [Users Directory] where Users Directory indicates the location of user's home directories. -Note: To enable user directory access in this manner, the Apache Server -must include the UserDir module. For information on including this -module when building the Apache server, consult you Apache server +Note: To enable user directory access in this manner, the Apache Server +must include the UserDir module. For information on including this +module when building the Apache server, consult you Apache server documentation. -9. (Optional) To enable logging of attempts to access AFS in which -permission is denied, add the SetAFSAccessLog directive to the Apache +9. (Optional) To enable logging of attempts to access AFS in which +permission is denied, add the SetAFSAccessLog directive to the Apache server runtime configuration file as follows: SetAFSAccessLog [Access Log File] -where [Access Log File] is the full path log file in which failed access -attempts are to be recorded. +where [Access Log File] is the full path log file in which failed access +attempts are to be recorded. -10. If necessary, rename the symbolic link to the AFS filespace in the -Apache server's document root directory with the name specified in the -Location directive for the AFS filespace in the server's runtime -configuration file. +10. If necessary, rename the symbolic link to the AFS filespace in the +Apache server's document root directory with the name specified in the +Location directive for the AFS filespace in the server's runtime +configuration file. VI. Installing and Configuring AFS Web Security Pack 1.0 for the Apache Web Server -This section provides brief installation and configuration instructions -for Apache AFS Web Security Pack (Version 1.0 for Apache version 1.2.6 -and Apache version 1.3.1). See the product documentation for complete installation -and configuration instructions and for details about using the configuration script to +This section provides brief installation and configuration instructions +for Apache AFS Web Security Pack (Version 1.0 for Apache version 1.2.6 +and Apache version 1.3.1). See the product documentation for complete installation +and configuration instructions and for details about using the configuration script to set up AFS Web Security Pack on the Apache server. -1. Uncompress and extract the files from the .tar.gz file, placing the -files in the following locations, where Apache Installation Directory -is the full pathname of the directory where the Apache Web server is +1. Uncompress and extract the files from the .tar.gz file, placing the +files in the following locations, where Apache Installation Directory +is the full pathname of the directory where the Apache Web server is installed: -- Place both the weblog and weblog_starter files in one directory, -for example, Apache Installation Directory/afswebsecurity. These files -can be placed in any directory as long as they remain together. However, -if the weblog and weblog_starter files are placed in a directory in AFS, -ensure that either the user that the Apache Web server runs as, or the -AFS group system:anyuser is designated as having read and lookup privileges -on the directory's Access Control List (ACL). +- Place both the weblog and weblog_starter files in one directory, +for example, Apache Installation Directory/afswebsecurity. These files +can be placed in any directory as long as they remain together. However, +if the weblog and weblog_starter files are placed in a directory in AFS, +ensure that either the user that the Apache Web server runs as, or the +AFS group system:anyuser is designated as having read and lookup privileges +on the directory's Access Control List (ACL). -- Place the libapacheafs.a file in any directory, for example, -Apache Installation Directory/afswebsecurity. +- Place the libapacheafs.a file in any directory, for example, +Apache Installation Directory/afswebsecurity. - Place the afs_module.c file in the Apache src directory (Apache version 1.2.6) or in the src/modules/extra directory (Apache version 1.3.1) -(generally located directly beneath the Apache Installation Directory). +(generally located directly beneath the Apache Installation Directory). -In addition, note the location of the AFS library file, libsys.a. This -file is installed with the AFS client, and is generally located in the -/usr/afsws/lib/afs directory. +In addition, note the location of the AFS library file, libsys.a. This +file is installed with the AFS client, and is generally located in the +/usr/afsws/lib/afs directory. 2. Modify the Apache Server Configuration File as follows. -Locate the EXTRA_LIBS line in the file, and add the paths to the -libapacheafs.a and libsys.a libraries so that the line reads as follows: +Locate the EXTRA_LIBS line in the file, and add the paths to the +libapacheafs.a and libsys.a libraries so that the line reads as follows: EXTRA_LIBS=[full path to libapacheafs.a] [full path to libsys.a] -In the Module configuration section of the file, add a reference to the -AFS Web Security Pack module. It is recommended that the AFS Web Security Pack +In the Module configuration section of the file, add a reference to the +AFS Web Security Pack module. It is recommended that the AFS Web Security Pack module be the first Authentication module. -To add the AFS module to the list of Apache server modules, add the following line -to the Configuration file: +To add the AFS module to the list of Apache server modules, add the following line +to the Configuration file: Module afs_module afs_module.o -Note: If you want the server to attempt to stop completely if AFS -initialization fails, also add -DSHUTDOWN_IF_AFS_FAILS to the -EXTRA_CFLAGS line in this file. Otherwise, on startup if the -initialization procedure fails on startup, the Apache server +Note: If you want the server to attempt to stop completely if AFS +initialization fails, also add -DSHUTDOWN_IF_AFS_FAILS to the +EXTRA_CFLAGS line in this file. Otherwise, on startup if the +initialization procedure fails on startup, the Apache server will continue to run but AFS authentication will always fail. -3. Modify the Apache Server Runtime Configuration File (for example, +3. Modify the Apache Server Runtime Configuration File (for example, httpd.conf) as follows. -Add the following lines to the runtime configuration file: +Add the following lines to the runtime configuration file: SetAFSDefault [Cell cellname] SetAFSCacheExpiration [cache_expiration] SetAFSTokenExpiration [token_expiration] SetAFSWeblogPath [weblog_starter_path] -where the arguments for these Apache server directives are as follows: +where the arguments for these Apache server directives are as follows: -[cellname] - The name of the default AFS cell to be accessed via the +[cellname] - The name of the default AFS cell to be accessed via the Apache server and AFS Web Security Pack. -[cache_expiration] -The maximum lifetime in seconds of an AFS token -that is stored in the local cache. The default recommendation for -this argument is 300 seconds (5 minutes). +[cache_expiration] -The maximum lifetime in seconds of an AFS token +that is stored in the local cache. The default recommendation for +this argument is 300 seconds (5 minutes). -[token_expiration] -The maximum lifetime in seconds of an AFS token -that is stored in the AFS kernel Cache Manager. The default -recommendation for this argument is 60 seconds (1 minute). +[token_expiration] -The maximum lifetime in seconds of an AFS token +that is stored in the AFS kernel Cache Manager. The default +recommendation for this argument is 60 seconds (1 minute). -[weblog_starter_path] -The path to the AFS Web Security Pack weblog_starter program. +[weblog_starter_path] -The path to the AFS Web Security Pack weblog_starter program. Specify the full path or a path relative to the path set by the ServerRoot Apache -directive. +directive. -Note: To enable logging of failed attempts to access AFS in which permission +Note: To enable logging of failed attempts to access AFS in which permission is denied, also add the directive: SetAFSAccessLog [Access Log File] -where [Access Log File] is the full path of the log file in which +where [Access Log File] is the full path of the log file in which failed access attempts are to be recorded. Then, add the following additional lines to the runtime configuration file: @@ -297,78 +297,78 @@ Then, add the following additional lines to the runtime configuration file: AFSAuthType AFS -where [afs] is the request provided by users in combination with the +where [afs] is the request provided by users in combination with the server hostname and domain in order to access AFS filespace. Note: This directive only works within Location (and LocationMatch for Apache 1.3.1) tags and not in any other tags such as Directory or File. -Note: You can specify AFSAuthType AFS for multiple locations to indicate +Note: You can specify AFSAuthType AFS for multiple locations to indicate that AFS Web Security Pack authentication must be used when a user attempts to -access a specific location. (In specifying a location, you can use wildcard +access a specific location. (In specifying a location, you can use wildcard characters if desired.) -(Optional) To customize the authorization dialog box that is displayed -when a user attempts to access the AFS file space via a web browser, -add the following line to the Location directive added in the previous -step. The Location directive then appears as follows: +(Optional) To customize the authorization dialog box that is displayed +when a user attempts to access the AFS file space via a web browser, +add the following line to the Location directive added in the previous +step. The Location directive then appears as follows: AFSLoginPrompt [Custom Text] -where [Custom Text] is the text that you want to appear in the dialog box -that prompts users to enter an AFS user name and password to access the -AFS filespace. +where [Custom Text] is the text that you want to appear in the dialog box +that prompts users to enter an AFS user name and password to access the +AFS filespace. -(Optional) To enable AFS Web Security Pack to access user directories, add the -following additional Location directive to the Apache server runtime -configuration file. +(Optional) To enable AFS Web Security Pack to access user directories, add the +following additional Location directive to the Apache server runtime +configuration file. AFSAuthType AFS -Then, also add the following additional line to the Apache server runtime -configuration file to indicate the location of user directories in AFS. +Then, also add the following additional line to the Apache server runtime +configuration file to indicate the location of user directories in AFS. UserDir [Users Directory] -where [Users Directory] indicates the location of user's home -directories in AFS. The location is specified relative to the -server document root directory. +where [Users Directory] indicates the location of user's home +directories in AFS. The location is specified relative to the +server document root directory. -Note: To enable user directory access in this manner, the Apache -server must include the User Dir module. +Note: To enable user directory access in this manner, the Apache +server must include the User Dir module. -Save and close the modified runtime configuration file. +Save and close the modified runtime configuration file. -4. Stop the Apache server process (httpd). Then, configure and make -the Apache server and start it up with the new runtime configuration +4. Stop the Apache server process (httpd). Then, configure and make +the Apache server and start it up with the new runtime configuration file. -5. Add the following to the shutdown or stopd file to shutdown the +5. Add the following to the shutdown or stopd file to shutdown the weblog_starter process BEFORE the kill -TERM for httpd.pid: kill -TERM `cat [path to httpd.pid].afs` -For example, if the httpd.pid file is in -/local/stronghold/apache/logs/httpd.pid, then the stopd file should +For example, if the httpd.pid file is in +/local/stronghold/apache/logs/httpd.pid, then the stopd file should look something like this: kill -TERM `cat /local/stronghold/apache/logs/httpd.pid.afs` - kill -TERM `cat /local/stronghold/apache/logs/httpd.pid` + kill -TERM `cat /local/stronghold/apache/logs/httpd.pid` VII. AFS Web Security Pack Documentation -Postscript and HTML versions of the documentation for the initial -Beta release AFS Web Security Pack are available in the doc directory. +Postscript and HTML versions of the documentation for the initial +Beta release AFS Web Security Pack are available in the doc directory. VIII. Additional Information about Apache and SSL -The following sites on the World Wide Web provide additional information +The following sites on the World Wide Web provide additional information about the Apache Web Server and SSL. -* Apache Home Page http://www.apache.org -* Stronghold Home http://www.c2.net -* Stronghold International http://www.int.c2.net -* Apache-SSL Home http://www.apache-ssl.org +* Apache Home Page http://www.apache.org +* Stronghold Home http://www.c2.net +* Stronghold International http://www.int.c2.net +* Apache-SSL Home http://www.apache-ssl.org * SSLeay FAQ http://www.psy.uq.edu.au:8080/~ftp/Crypto/ diff --git a/src/libafsauthent/README b/src/libafsauthent/README index 23f572e91e..1d79c28c7b 100644 --- a/src/libafsauthent/README +++ b/src/libafsauthent/README @@ -10,15 +10,15 @@ the kauth and auth library interfaces. The primary method used to obtain thread safety in these libraries is to lock/unlock a recursive global mutex at the entry point of every public function in the library. -However, not all public functions are made thread safe since not all +However, not all public functions are made thread safe since not all functions are needed by the NT admin work. In particular, there are many public functions that make up descendants of the functions -we wish to use that weren't modified, since these functions will be +we wish to use that weren't modified, since these functions will be protected by the locking at a higher level function. -To prevent people from using non-thread safe functions, platform -specific methods are used to limit the functions exported by the -library (using def files under NT and mapfiles under Solaris). For -most non-exported functions, it should be trivial to make the -transformation to thread safe by simply locking/ unlocking the +To prevent people from using non-thread safe functions, platform +specific methods are used to limit the functions exported by the +library (using def files under NT and mapfiles under Solaris). For +most non-exported functions, it should be trivial to make the +transformation to thread safe by simply locking/ unlocking the global mutex at the beginning/end of the function. diff --git a/src/libuafs/README b/src/libuafs/README index ca345809ec..a62281ca6a 100644 --- a/src/libuafs/README +++ b/src/libuafs/README @@ -10,34 +10,34 @@ README file for libuafs and libjuafs, Version 1.2 06/04/2003. ### INTRODUCTION ### -This Makefile generates two libraries, the standard libuafs.a and +This Makefile generates two libraries, the standard libuafs.a and libjuafs.a, a libuafs.a variant that is designed for use with Java enabled applications (as used with libjafsadm, see src/JAVA/libjafsadm/JAFSADM_README). The libuafs.a library facilitates -user authentication at a process level and enables access and -manipulation of the files and access control lists (ACLs). By way of -the libuafs.a klog function (uafs_klog), the authenticated user's -credentials are bound to the executing process and therefore is granted +user authentication at a process level and enables access and +manipulation of the files and access control lists (ACLs). By way of +the libuafs.a klog function (uafs_klog), the authenticated user's +credentials are bound to the executing process and therefore is granted permission to act on behalf of the authenticated user. ### LIBUAFS ### -As of 05/13/2002 the libuafs.a library remains unchanged with respect +As of 05/13/2002 the libuafs.a library remains unchanged with respect to OpenAFS release 1.2.3. ### LIBJUAFS ### -The libjuafs.a is a new addition to the libuafs.a build as of 05/10/2002 and has +The libjuafs.a is a new addition to the libuafs.a build as of 05/10/2002 and has been added for the following reasons: - To avoid function name collisions with other libraries - To ensure that existing applications using libuafs.a will not be affected. - Utilize libuafs.a functionality in Java-based applications. -The libjuafs.a library implements the AFS_WEB_ENHANCEMENTS and UKERNEL -(user space kernel) definitions, which are used to enable functions +The libjuafs.a library implements the AFS_WEB_ENHANCEMENTS and UKERNEL +(user space kernel) definitions, which are used to enable functions such as: - afs_setpag_val* @@ -57,7 +57,7 @@ for the thread to restore tokens, rather than reauthenticating. ### BUILD ### -A simple "make" will build both libuafs.a and libjuafs.a. Optionally, you +A simple "make" will build both libuafs.a and libjuafs.a. Optionally, you can make each library independently by issuing: make UAFS/libuafs.a @@ -71,11 +71,11 @@ can make each library independently by issuing: The libuafs/UAFS directory is generated by the Makefile and contains the object files and local copy of libuafs.a resulting from the build process. -The libuafs/JUAFS directory is the same as libuafs/UAFS, however it +The libuafs/JUAFS directory is the same as libuafs/UAFS, however it contains output files respective to libjuafs.a. ### CONSIDERATIONS ### -The libjuafs.a library has only been tested using RedHat Linux 7.3 and +The libjuafs.a library has only been tested using RedHat Linux 7.3 and OpenAFS 1.2.6, OpenAFS 1.2.7, OpenAFS 1.2.8, and OpenAFS 1.2.9. diff --git a/src/mcas/README b/src/mcas/README index 9ff8b6e2f0..36b24c1d42 100644 --- a/src/mcas/README +++ b/src/mcas/README @@ -85,7 +85,7 @@ The license is GPL. See the file COPYING for details. **** This software has been released by its original author, Keir Fraser, -with permission from his advisors, under a BSD license. For details, +with permission from his advisors, under a BSD license. For details, please see README.LICENSE. -- Matt Benjamin, 07/24/2009 diff --git a/src/platform/DARWIN/AklogAuthPlugin/README b/src/platform/DARWIN/AklogAuthPlugin/README index 8e66eefbd7..b1b0c795b1 100644 --- a/src/platform/DARWIN/AklogAuthPlugin/README +++ b/src/platform/DARWIN/AklogAuthPlugin/README @@ -46,29 +46,29 @@ int main(int argc, char *argv[]) CFArrayRef arrayRef; if (!CFDictionaryGetValueIfPresent(login_dict, CFSTR("mechanisms"), - &arrayRef)) + &arrayRef)) exit(1); CFMutableArrayRef newMechanisms = CFArrayCreateMutableCopy(NULL, 0, - arrayRef); + arrayRef); if (!newMechanisms) exit(1); CFIndex index = CFArrayGetFirstIndexOfValue(newMechanisms, - CFRangeMake(0, CFArrayGetCount(newMechanisms)), CFSTR("authinternal")); + CFRangeMake(0, CFArrayGetCount(newMechanisms)), CFSTR("authinternal")); if (index == -1) exit(1); CFArraySetValueAtIndex(newMechanisms, index, CFSTR("newmech")); - CFMutableDictionaryRef new_login_dict - = CFDictionaryCreateMutableCopy(NULL, 0, login_dict); + CFMutableDictionaryRef new_login_dict + = CFDictionaryCreateMutableCopy(NULL, 0, login_dict); CFDictionarySetValue(new_login_dict, CFSTR("mechanisms"), newMechanisms); status = AuthorizationRightSet(authRef, LOGIN_RIGHT, new_login_dict, - NULL, NULL, NULL); + NULL, NULL, NULL); if (status) exit(1); } diff --git a/src/rxkad/README.v5 b/src/rxkad/README.v5 index bad58c7fed..c945fb3f6f 100644 --- a/src/rxkad/README.v5 +++ b/src/rxkad/README.v5 @@ -2,29 +2,29 @@ # This code depends on heimdal's asn1_compile generated krb5 decoding # stuff. The code is originally from rxkad that Björn Grönvall # for kth-krb and was included in Arla. -# +# # The first file, v5der.c are part for of support functions # that all generated files depends on. -# +# # The second file (v5gen.h) is the header file that is generated for # the decoding functions. -# +# # The third file (v5gen.c) is the subset of the generated functions we # need to decode the authenticator. -# +# # The forth file (v5gen-rewrite.h) is used to make sure we don't # pollute the namespace. -# +# # All files are modified to build within OpenAFS environment without # any external dependencies. Below is the shell script that is used to # import the code into the four files. -# +# # All internal symbols are rewritten to _rxkad_v5_. # # Make sure we don't export too much -# -# : lha@nutcracker ; nm ticket5.o | grep T | grep -v _rxkad_v5 +# +# : lha@nutcracker ; nm ticket5.o | grep T | grep -v _rxkad_v5 # 00005748 T tkt_DecodeTicket5 # diff --git a/src/tests/README b/src/tests/README index 1b905aa065..db54cd13ba 100644 --- a/src/tests/README +++ b/src/tests/README @@ -3,12 +3,12 @@ AFS verification suite Prerequisites -1) A Kerberos KDC should already be configured +1) A Kerberos KDC should already be configured 2) An afs key should be in the KeyFile the AFS binaries will use (/usr/afs/etc/KeyFile in an IBM-style installation; bos_util can be used to set it up) 3) 2 srvtabs or keytabs with user keys, one for the user "admin" - and one for the user "user" that can be used for authenticated testing + and one for the user "user" that can be used for authenticated testing of the AFS installation 4) The necessary tools for getting an AFS token from the installed Kerberos (typically aklog) should be available. @@ -209,22 +209,22 @@ Some tests as noted are: * Copyright (c) 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE diff --git a/src/tests/README.afstools b/src/tests/README.afstools index 2ba03c85a6..e0a3aa4149 100644 --- a/src/tests/README.afstools +++ b/src/tests/README.afstools @@ -1,2 +1,2 @@ -This is a (potentially) modified version of the AFSTools perl suite. +This is a (potentially) modified version of the AFSTools perl suite. You should visit grand.central.org for the official version. diff --git a/src/tests/README.dumptool b/src/tests/README.dumptool index f6757cd0e8..ef55d42d46 100644 --- a/src/tests/README.dumptool +++ b/src/tests/README.dumptool @@ -54,21 +54,21 @@ accepts the following commands: -F Append / to filenames for directories, @ for symlinks, and * for files which have the execute bits set. -R Recurse through all subdirectories. - + cd Change the current directory cp Copy a file from the dump. Note that globbing is NOT supported, and you must give a filename (the Unix idiom of just giving a destination directory for the second argument to cp will NOT work). - + vcp Copy a file from the dump, by the vnode. The first argument is the vnode number, optionally followed by the uniquifier. E.g: vcp 126278 /tmp/file1 vcp 126278.43289 /tmp/file2 - + quit Exits dumptool. exit @@ -84,7 +84,7 @@ below: -f Force dump processing. Attempt to continue processing a dump even when some errors are detected. Not completely tested. - + -i Inode dump. Dump a list of all files in the volume, with their volume/vnode/uniquifier information. @@ -98,11 +98,11 @@ Additional command line options: -d Dump all residency filenames in the dump file to standard output. - + -t Residency tag information. Allows a user to specify the tag of a residency if the rsserver is not available. Format of option is Residency/Tag - + -r Residency filesystem information. Allows a user to specify the residency filesystem information if dumptool is not run on the same host as the residency in the dump. Format diff --git a/src/vol/test/README b/src/vol/test/README index be8538cd36..dea2bb819f 100644 --- a/src/vol/test/README +++ b/src/vol/test/README @@ -5,10 +5,10 @@ This software has been released under the terms of the IBM Public License. For details, see the LICENSE file in the top-level source directory or online at http://www.openafs.org/dl/license10.html -/* Tool for listing /vicepX partition +/* Tool for listing /vicepX partition ** */ -listVicepx -p < partitionName> -v +listVicepx -p < partitionName> -v [-ls | -lsl | -ld | -dir ] Without any input options, it prints out the names of symlinks and @@ -18,15 +18,15 @@ With the -ls option, it prints out the names of all file/symlinks inside the volume. With the -lsl option, it prints out metadata about all file/symlink. -This metadata includes the inode number(Ind), UNIX mode bits(Mod), +This metadata includes the inode number(Ind), UNIX mode bits(Mod), link count(Lnk), the owner(Own), the group(Grp) and the file size(Siz). With the -ld option, it prints out metadata about all directories in this volume. This metadata includes the directory inode(Ind) and -the directory vnode(Vnd) along with the directory name. The root +the directory vnode(Vnd) along with the directory name. The root directory of the volume is indicated as ~. -With the -dir option, this tool prints out the +With the -dir option, this tool prints out the contents of this directory. The inode number has to be a directory inode. COMPILATION: @@ -36,5 +36,5 @@ ln -s ../SRC/test SRC ln -s ../DEST DEST make install -The executable name is listVicepx. +The executable name is listVicepx. diff --git a/tests/README b/tests/README index fbddf46660..7fa408ccba 100644 --- a/tests/README +++ b/tests/README @@ -19,7 +19,7 @@ level. The Makefile.in in this directory will also need to be modified to recurse into any new directories. See util/Makefile.in for an example of how to write a Makefile.in for a new test directory. -The files comprising the test harness are sourced from the C TAP Harness +The files comprising the test harness are sourced from the C TAP Harness distribution using the src/external mechanism. The upstream site for that distribution is at: