For each command only useful with the Authentication Server, add
warnings that the Authentication Server is obsolete and will be
removed in a future version of OpenAFS. Encourage people who care
to update uss to work with a modern Kerberos KDC, recommend kinit
and aklog or klog.krb5 over klog, and warn that klog will be of
limited use without an Authentication Server.
Change-Id: Idc78ba548134b83ac1eea0fb81a5bc38a431bb38
Reviewed-on: http://gerrit.openafs.org/2052
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Purely reformatting to make the document more maintainable. There are
no content changes.
Change-Id: I349c8e86de925cbed6e09be529a22e0a08b227f6
Reviewed-on: http://gerrit.openafs.org/2059
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
Update and revise chapter one (An Overview of OpenAFS Administration)
of the Administration Guide for current AFS and current computing
concepts.
Replace the Kerberos Server terminology with Kerberos KDC and add
additional details about the relationship between AFS and a Kerberos
KDC. Remove some remaining Authentication Server references. Add
some details about the Protection Server management of the mapping
from Kerberos principals to AFS IDs.
Remove some now-obsolete distinctions and concepts between mainframes
and workstations and recommendations for server systems.
Reorganize the order in which the servers are discussed to follow a
somewhat more natural order.
Be clear that the Backup Server is optional and that there are other
methods available to back up AFS. Mention backing up to disk as well
as tape in a few places.
Change-Id: I57ce083a84ca2a44f7a4383d80b05508e6448284
Reviewed-on: http://gerrit.openafs.org/2045
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Purely reformatting to make the document more maintainable. There are
no content changes.
Change-Id: Ic3fb32ef68c14418b3ac6bab92fda759db89b394
Reviewed-on: http://gerrit.openafs.org/2044
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Provide a more useful abstract and remove the (outdated) specific list
of supported platforms and the M.m version number placeholders. Update
the list of associated documents to match their current titles, and
provide a better description of the Reference Manual.
Reformat the parent document and preface for easier maintenance in the
future.
Change-Id: I42ce78274ed7c4ca7a2f0b9c5ec2e6f7a786adb8
Reviewed-on: http://gerrit.openafs.org/2043
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
Change references to the documentation sets that we still ship to
reference the OpenAFS manuals instead of the IBM AFS manuals. Remove
references to the IBM AFS/DFS Migration documentation, since that
doesn't appear to be available anywhere any more, replacing them where
relevant to more generic references to the DFS documentation. Add
links to docs.openafs.org for mentions of the manuals in SEE ALSO, and
standardize on one link format. Replace a few references to the IBM
AFS Release Notes with the actual information in those notes, or drop
the reference if it doesn't seem particularly useful.
Change-Id: Ie9666842f1315891c6a9c37c0424200f4b78bff7
Reviewed-on: http://gerrit.openafs.org/2031
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
salvager and salvageserver's documentation of -oktozap says to not use
without consultation with AFS Development or Product Support, left over
from the IBM product. Remove those references and add a caution more
in line with open source.
Change-Id: I136dc145caf3e8e3a992c239e1a46d86f96580ed
Reviewed-on: http://gerrit.openafs.org/2030
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
The -rebuildDB flag was documented to rebuild the Protection Database at
startup, but it was accepted and ignored in the ptserver source, doing
nothing. Remove the documentation and the option recognition in ptserver.
Change-Id: I36f30f38464b602cb4739a958663a6feb5fe27bf
Reviewed-on: http://gerrit.openafs.org/2029
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
-fastKeys wasn't accepted by the kaserver binary, but was still
mentioned in the usage message and the kaserver man page. Remove
the remnants of the flag.
Change-Id: Ifb3ae49ea0cab80c325a77b0eb1062944697b53d
Reviewed-on: http://gerrit.openafs.org/2028
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Adds new command line option to scout so users can set the
number of characters to display without truncating.
Change-Id: I69f159549d7f5b4cfee26c276ad34705f504ee2b
Reviewed-on: http://gerrit.openafs.org/1951
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
We have two LICENSE files, which had been somewhat independently
modified. Resynchronize them, remove trailing whitespace, and convert
from ISO 8859-1 to UTF-8.
Change-Id: Ia3dba0e328e7f026362e2e8efda206c34ce4e768
Reviewed-on: http://gerrit.openafs.org/2025
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Mention in the fs getserverprefs and fs setserverprefs documentation
that VL servers may also come from DNS AFSDB and SRV records. Document
that SRV record information is not (yet) properly used.
Change-Id: I223efedf4d00ac1b57b3dce74a807790691abdbf
Reviewed-on: http://gerrit.openafs.org/2015
Tested-by: Russ Allbery <rra@stanford.edu>
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Clearly prefer asetkey to bos addkey in the KeyFile, bos addkey, and
bos listkeys man pages. Reference asetkey list and asetkey delete as
alternatives to bos listkeys and bos removekey. Distinguish between
Authentication Server cells and Kerberos v5 cells and mention the
preferred afs/<cell> principal format. Add some cautions around
matching enctypes and salts when synchronizing keys with a v5 KDC.
Update man-pages/README for completion of this task, clean up some
other wording, and remove some other now-irrelevant information.
Change-Id: I29b83a61cbdb08de508bdb313524a307e385044b
Reviewed-on: http://gerrit.openafs.org/1938
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Russ Allbery <rra@stanford.edu>
Examples of the pts mem -expandgroups and -supergroups
options for the man page.
Change-Id: Idea0509797212397eff87aa5975eaf5364c8414c
Reviewed-on: http://gerrit.openafs.org/1896
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Add a copy of RFC 5864 (DNS SRV Resource Records for AFS) to the
protocol documentation directory for reference. As permitted by
the IETF Trust License Policy section 3(e), I release this document
under the MIT/X Consortium license included in this copy of the
document.
LICENSE MIT
Change-Id: I8e22aac07b4cedbe18b8375213a7866cf98a1386
Reviewed-on: http://gerrit.openafs.org/1799
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
If --enable-fuse-client is passed to configure and afsd.fuse is built,
install it into the same directory as afsd and install afsd.fuse.8 as a
symlink to the afsd.8 man page. Add documentation of afsd.fuse to the
afsd man page.
Change-Id: I7d0cd3992a8466e626af2191c713e5623cc40d84
Reviewed-on: http://gerrit.openafs.org/1792
Tested-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Change I572ff682de4cc7ef27bb46dd028d3d797b873841 added the fileserver
callback xstats collection to afsmonitor. Provide some documentation
for these fields, along with the other fields displayed by afsmonitor.
Change-Id: I21618047519fbb28f6707ff9ba95a17fe27e0f3c
Reviewed-on: http://gerrit.openafs.org/1783
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Add a caution explaining how the file server addresses are registered
and pointing users at NetInfo and NetRestrict plus restarting the file
server for the normal case.
Mention what version of OpenAFS introduced this command. Drop the note
about the version of OpenAFS that added the -encrypt flag, since the
whole command is newer than that.
Reference vos listaddrs -printuuid specifically to get the UUID.
General formatting and wording cleanup: use terminology more consistently,
continue a long example line, wrap long lines, fix a spelling error, and
add cross-references to NetInfo and NetRestrict.
Change-Id: Idd6175339dc0feb1b777963bbb09731e42b83522
Reviewed-on: http://gerrit.openafs.org/1787
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Important changes affecting the Windows distribution for 1.5.74
Change-Id: I980a66a2ab4a90c580249641fc22e3c7a91097dc
Reviewed-on: http://gerrit.openafs.org/1770
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
The vos setaddrs command sets the IP addresses for a server entry
in the Volume Location Database (VLDB). Specify one or serveral hosts.
All existing hosts in the VLDB entry are replaced with the new entries
on the command line.
Change-Id: I3c26e49c4a6e2aebae363017d074329ac265132a
Reviewed-on: http://gerrit.openafs.org/1744
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Improve support for supergroups in the pts membership command
with a new option called -expandgroups. This option will
recursively show the complete membership of users and groups.
The expanded members of a group are all the users which are
members of all of the group's sub-groups. The expanded groups
of a user are all the groups which are supergroups of the
users's groups.
Change-Id: I811a4e5e73632e5e205fe10f3f3a36a98464d49e
Reviewed-on: http://gerrit.openafs.org/1601
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Improve pts support for supergroups with an option to list the
supergroups of a group.
Change-Id: I4fe1cd131cd334386bc16ce733e01e29e0511d4f
Reviewed-on: http://gerrit.openafs.org/1600
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Simon Wilkinson <sxw@inf.ed.ac.uk>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
It's possible to use AFSDB records only to locate the VLDB servers but
still list the cell in the client CellServDB so that the client is
aware of it and populates it into dynroot. Describe doing this in the
man page.
Change-Id: I714cd515dc4b72a6e358bbd8f9332d4ddce5a5fc
Reviewed-on: http://gerrit.openafs.org/1710
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Add a caution to the fileserver man page explaining that traditional
and demand-attach require different configurations, and also mention
that there are two different server implementations. Add an example
of a bos create command for creating a demand-attach File Server to
the fileserver man page.
Add a caution to the bos create man page that a traditional fs node
won't work with demand-attach and vice versa. Document the necessary
arguments for the dafs type. Clarify in EXAMPLES which bos create
commands are traditional and which are demand-attach. Add an example
of changing from a traditional to a demand-attach configuration.
Change kaserver to ptserver in the example of a simple process.
Change-Id: I4077246b69edf6e1ddc7c0761ac8e1006d471c24
Reviewed-on: http://gerrit.openafs.org/1707
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Make the computation of the docbook stylesheet location
based upon testing for directory existence now that versions
of cygwin 1.7.2 and place the stylesheets in a new location.
Change-Id: I844ae35a34eab73ee033bba875e68f71dc54f26b
Reviewed-on: http://gerrit.openafs.org/1702
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
This patchset contains updates to the OpenAFS UserGuide that
explains how to authentication OpenAFS using kinit/aklog
and uses language describing Kerberos outside the context
of the kaserver. References to applications such as telnet
have been replaced with more modern equivalents such as ssh.
Change-Id: Ifae779b04a26beb9be9cf58b450958acdc477c06
Reviewed-on: http://gerrit.openafs.org/1521
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
these are the release notes available via the web but not here.
Change-Id: Ieb4af99a4d6a1dfdaabccdac79d03f7d328de675
Reviewed-on: http://gerrit.openafs.org/1641
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
The option was given correctly in SYNOPSIS but not in the OPTIONS section.
Thanks, Rod Widdowson.
FIXES 126771
Change-Id: Ibd9694c066b6750ad04273c22e66c84fb7b4a1c6
Reviewed-on: http://gerrit.openafs.org/1589
Reviewed-by: Rod Widdowson <rdw@steadingsoftware.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
replace both
afssettings with something patterned from webdav's (BSD-licensed)
mount program with general plist reading code. the lists of
valid oid objects of course have to be the same. eject old
darwins. add the new one.
fstab with something from freebsd umount
Change-Id: I28f6765475314b9b78102c762daec19cda4988c3
Reviewed-on: http://gerrit.openafs.org/1583
Reviewed-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
In DAFS, replace uses of the VLockPartition_r partition-level locks with
the approprivate VLockVolume*NB volume-level locks (and sometimes
FSYNC_VerifyCheckout). This allows for greater parallelization of
volserver attachment / volume creation, for volume operations to occur
during salvages, and for multiple salvages on a single partition to
occur simultaneously.
More architectural details of volume-level locks can be found in the
changes to doc/arch/dafs-overview.txt.
Change-Id: I4e8ef4c864002d7e7c976691824c53dfa9cfaf91
Reviewed-on: http://gerrit.openafs.org/1406
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Add some developer documentation for DAFS. This isn't comprehensive or
extremely detailed, but is intended to provide a larger-picture overview
of some of the pieces of DAFS. More detailed docs are intended to exist
in source comments (doxygen and such), and should already be there for
the most part.
Change-Id: I167b52c3bfb9e6b4b7111b3548ca8b1dafe305ea
Reviewed-on: http://gerrit.openafs.org/1376
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
When salvaging a volume (with DAFS or not), it is required to read the
volume headers of all volumes on the partition, so we know what volumes
are in the same volume group as the salvaged volume. Currently with
DAFS, this requirement can make demand-salvages very slow, since each
demand-salvage must read each volume header on the partition.
So, instead of having each demand-salvage read the volume headers
itself, have a demand-salvage request the required volume group
hierarchy information from the fileserver. The fileserver will scan the
partition's volume headers, and will keep the hierarchy cached in
memory. Any modifications to this hierarchy from volume
creation/deletion will update this volume group cache (VGC) via FSSYNC
commands.
This results in a dramatic salvaging speedup when many demand-salvages
are requested, and eliminates the cases where DAFS salvaging can be
significantly slower than non-DAFS salvaging.
FIXES 124488
Change-Id: Ie9ae655593ad8a90ca6ad8f63e6b6e799f283988
Reviewed-on: http://gerrit.openafs.org/880
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Added some text that the CellAlias file is only used on Unix.
LICENSE BSD
Change-Id: I913d6a0774240ffc16cf92cfa92c4b2d06f41fd6
Reviewed-on: http://gerrit.openafs.org/1307
Tested-by: Jason Edgecombe <jason@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Provide some explanation for the various FSSYNC commands, and what they
are there for.
Change-Id: I572300b66cc8b6a1b0f2aa185edd198c237f7225
Reviewed-on: http://gerrit.openafs.org/1236
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Write some documentation for the -files and -excessive options to
fs getcacheparms
Change-Id: I769f8c0cf6d9d100a1687ae73a337132befb2449
Reviewed-on: http://gerrit.openafs.org/1217
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Change the default so new installations of the bosserver have
no weekly restarts. Update the manpage and XML documentation to
reflect this change.
FIXES 126138
Change-Id: Ic22b750a602f6d2a22be881f5e1b04cd4fa132ae
Reviewed-on: http://gerrit.openafs.org/1097
Reviewed-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Remove the #ifdef's around the bos restricted mode code. This makes
restricted mode available as part of the standard build, but a server
will not go into restricted mode unless the relevant command line
options are specified, or bos setrestricted is run.
Document bos_setrestricted and bos_getrestricted, and the new
'-restricted' command line option. Add a note to the man pages of
all of the commands whose behaviour is affected by restricted mode.
Add 'setr' and 'getr' aliases for setrestart and getrestart so that
these documented shortcuts continue to work (otherwise they'd be
ambiguous against setrestricted and getrestricted). Note that
setre, setres, and setrest will not work once this patch is applied.
Change-Id: Ie69d21493ea5f78757f0a3d478de43fdaabd3c31
Reviewed-on: http://gerrit.openafs.org/1028
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
To set a key, use "asetkey add", not just "asetkey"
FIXES 125430
Change-Id: Ifa381ec95f9253bcc5c7a1d374fbf88408f82f67
Reviewed-on: http://gerrit.openafs.org/1045
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
vos dump -verbose sends its logging to stderr, not to stdout (where
it would potentially collide with the dump data itself).
FIXES 124911
Change-Id: I515c50df59d2f376787969df59b6e01e244ecbc7
Reviewed-on: http://gerrit.openafs.org/1044
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
Add a command to vos to explicitly end volume transactions. These can
happen if (for example) we segfault or the user ctrl-C's in 'vos'
before/after a volume operation, but before we AFSVolEndTrans.
Change-Id: Ie34ee1fdff917b56900f456c7cf8b1329533a7da
Reviewed-on: http://gerrit.openafs.org/870
Reviewed-by: Dan Hyde <drh@umich.edu>
Reviewed-by: Alistair Ferguson <alistair.ferguson@mac.com>
Tested-by: Alistair Ferguson <alistair.ferguson@mac.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Fix the pt_util manpage to reflect the fact that it is run on database
servers, not fileservers.
Change-Id: If2a8e5b65ef925c50eb9bfebea4e0d30c20f0970
Reviewed-on: http://gerrit.openafs.org/901
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Description of registry key HKLM\ SOFTWARE\ OpenAFS\
Client\ Server Preferences\ File (and \ VLDB) states
"256" - should be 15 - and "ServerPreferences" should
have a space between the words.
Change-Id: Ia2147f920ecc023d26250efaf9815f1b09d1550a
Reviewed-on: http://gerrit.openafs.org/840
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Make ihandle file descriptor cache parameters tunable, and accommodate
platforms where max open files is large. Expand the fd cache hash table
to 2048 entries. Raise fd cache size automatically to match configured
number of lwps.
NOTE: This code has been tested on Centos 5.3 x86_64, on VMWare, 2 physical,
2 logical CPUs (in tandem with viced_more_threads).
LICENSE BSD
Change-Id: If68eda6e1c955e026b250ca52bddf0b8383959c9
Change-Id: I5fbbec95523ea9cd9ff42dcf43f17db94c7bb161
Reviewed-on: http://gerrit.openafs.org/584
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Cache parameters are discussed in two locations in the afsd man page,
and the first copy had not been updated for the new auto-tuning of
the chunk size and the stat parameter. Fix both.
Note that the firewall requirements for klog only apply if you're using
kaserver and klog. Kerberos v5 has its own requirements, but this is not
the place to talk about them.
Change-Id: I9cdaaa71351a64cecc1b6904efba87d4871d42fb
Reviewed-on: http://gerrit.openafs.org/798
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
9d396c4916 (from 2005) introduced
autotuning for afsd, and changed some of the defaults which aren't
autotuned. Update the afsd man page to reflect the autotuning, and
the new defaults.
Change-Id: Iea2035743cb45cca1c249bc2e838405039ad7d3a
Reviewed-on: http://gerrit.openafs.org/744
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Add support for Windows 7 and Server 2008 R2.
Improve text in a variety of areas.
LICENSE MIT
Reviewed-on: http://gerrit.openafs.org/719
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
A typo in c717fcd32c removed the = before
the first head1 in vos_remsite.pod. Put it back.
Reviewed-on: http://gerrit.openafs.org/612
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Larger collection of all vos suite commands, including but
not limited to:
-- documented all commands / options, verified against both 1.4 and 1.5 tree
(including the common -encrypt/-noresolve options)
-- correct order, POD formatting and synopsis for all commands' options
-- shorthand synopsis provided for all commands that missed it, with proper
non-ambiguous command abbreviations of all options
-- POD synopsis formatted to 80-columns in commands where it was running over
-- for newer options, documented which OpenAFS version they became available
-- proper manpage links using L<> in vos.pod
Reviewed-on: http://gerrit.openafs.org/609
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
The POD formatting code for bold is B, not b.
Reviewed-on: http://gerrit.openafs.org/546
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
An initial pass at adding indexing to the Windows release notes.
The next pass should refine the index terms and add appropriate
secondary index values.
LICENSE MIT
Reviewed-on: http://gerrit.openafs.org/454
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Reformat the Registry and Environment Values in Appendix A
so that they are easier to identify in the table of contents.
LICENSE MIT
Reviewed-on: http://gerrit.openafs.org/453
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
restorevol moved from section 8 to section 1. The Windows build
system needed corresponding changes.
Reviewed-on: http://gerrit.openafs.org/440
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
restorevol only requires access to a dump file and write access to the
directory in which the dump is being unpacked. It doesn't require being
a superuser, so it should be installed in bin instead of sbin. Also
move the man page to section 1 and update references accordingly.
Reviewed-on: http://gerrit.openafs.org/333
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Added a bullet point explaining the use of a Kerberos cross-realm trust and PTS
foreign groups to give foreign users access.
Replaced a reference to Authentication Database with Kerberos Database.
LICENSE BSD
Reviewed-on: http://gerrit.openafs.org/381
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Removed the reference to the Authentication Server and added a reference to the Kerberos Server and Kerberos 5 authentication for foreign clients.
Replaced AFS Product Support with the AFS registrar as the maintainer of the
public CellServDB file. A link was added to grand.central.org for getting the
latest copy of the file and submitting changes for the local site.
Reviewed-on: http://gerrit.openafs.org/379
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Remove the conditional and Autoconf flag for enabling BosConfig.new
handling and change bosserver to always rename BosConfig.new to BosConfig
on startup if the former exists.
Document BosConfig.new handling in the bosserver and BosConfig man pages.
Tone down the warning about the BosConfig file format changing and warn
that bosserver rewrites BosConfig when shutting down.
Reviewed-on: http://gerrit.openafs.org/211
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Added text about Freelance Mode and Dynamric Root Mode and the changes they
cause when dealing with mounts to foreign cells in /afs and \\AFS
Reviewed-on: http://gerrit.openafs.org/380
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Fixed a typo in the asetkey man page.
Reviewed-on: http://gerrit.openafs.org/373
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
The file format is a single line containing one or more realms
separated by white space.
LICENSE BSD
Reviewed-on: http://gerrit.openafs.org/352
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Some formatting corrections
Section 3.26 updated to describe limitations caused by Apple
Bonjour on 32-bit Windows.
Section 3.40 updated to mentions Microsoft SMB Redirector
Extended Server Timeout support.
Section 3.41 updated to describe inability of pioctl operations
to succeed on service mapped drives.
Section 3.43 updated to include Windows 7 and Server 2008
in the known issues list.
New section 3.51 on Microsoft RPC Services
LICENSE MIT
Reviewed-on: http://gerrit.openafs.org/346
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
PTS groups with 's' access permissions can be examined by members of the
group and the owner of the group in addition to system:administrators.
State this in the manual page.
Reviewed-on: http://gerrit.openafs.org/327
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
The original IBM HTML documentation had a table showing the permissions
that bosserver expects and sets when it creates the directory structure
for AFS. That table was accidentally dropped in the conversion to POD.
Restore it from the HTML shipped with an older version of OpenAFS.
Reviewed-on: http://gerrit.openafs.org/210
Tested-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Russ Allbery <rra@stanford.edu>
It was suggested that the auditlog option should not say there is one
record per RPC. In the future, there might be a need for multiple records
per RPC.
LICENSE BSD
Reviewed-on: http://gerrit.openafs.org/229
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
The expanded auditlog explanation includes what information is recorded
in the auditlog.
LICENSE BSD
Reviewed-on: http://gerrit.openafs.org/213
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Document that the quotas passed to fs setquota, vos create, and vos
setfields and the size passed to fs setcachesize may take a suffix
indicating the unit. This documents the change in behavior implemented by
54c0a3f3e6.
Fix a copy/paste error in the vos create -maxquota option definition.
Reviewed-on: http://gerrit.openafs.org/212
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Adds support for sysv message queues for fileserver audit logs. This
also organizes the audit log code into various 'interfaces', of which
there are two: the original 'file' interface, and the 'sysvmq' interface
that this adds. The interface is configurable at runtime with the
-audit-interface switch.
FIXES 124674
Reviewed-on: http://gerrit.openafs.org/82
Tested-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
This adds the -id option to 'vos create', and the -roid option to 'vos
create' and 'vos addsite'. This allows the user to manually specify the
volume IDs that a new RW or RO volume will get (or explicitly specify
that an RO volume ID should be unset), instead of always relying on the
volume IDs retrieved from the vlserver.
Reviewed-on: http://gerrit.openafs.org/157
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Gerrit 175 renamed compile_et and compile_et.pod to afs_compile_et*.
Fix the Windows build system to process the new pod file name
and modify the WiX installer scripts to install afs_compile_et.html.
FIXES 125152
LICENSE MIT
Reviewed-on: http://gerrit.openafs.org/http://gerrit.openafs.org/204
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Rename the installed version of compile_et to afs_compile_et to avoid
conflicts with other, more standard, users of com_err. Also rename the
man page to match
Reviewed-on: http://gerrit.openafs.org/http://gerrit.openafs.org/175
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Many Windows files were not included in the .gitignore files.
Many directories did not have .gitignore files at all.
Add and update where required.
LICENSE IPL10
Reviewed-on: http://gerrit.openafs.org/103
Verified-by: Simon Wilkinson <sxw@inf.ed.ac.uk>
Reviewed-by: Simon Wilkinson <sxw@inf.ed.ac.uk>
Verified-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Replaced some references to the Authentication Database with Kerberos.
Removed text about obsolete tools like rcp, inetd, and rlogin.
Corrected references to AFS Product support by replacing them with links
to the OpenAFS Support page. Added warnings about using the wrong fsck binary
with inode and namei-based fileserver binaries. Removed an obsolete paragraph
about ThisCell and how it interacts with the Authentication Database.
LICENSE BSD
FIXES 124931
Reviewed-on: http://gerrit.openafs.org/10
Verified-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Verified-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Russ Allbery <rra@stanford.edu>
The -valid switch to vos addsite doesn't take an argument, and it is
optional. Correcting documentation to reflect that.
Reviewed-on: http://gerrit.openafs.org/11
Verified-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Russ Allbery <rra@stanford.edu>
Now we're in git we don't need any cvsignore files any more...
Reviewed-on: http://gerrit.openafs.org/1
Verified-by: Derrick Brashear <shadow@gmail.com>
Reviewed-by: Derrick Brashear <shadow@gmail.com>
Revise our git ignores to match the current state of the tree, and include
entires in the top level for all of the 'dest' directories for all of the
architectures we claim to support.
Reviewed-on: http://gerrit.openafs.org/2
Reviewed-by: Derrick Brashear <shadow@gmail.com>
Verified-by: Simon Wilkinson <sxw@inf.ed.ac.uk>
LICENSE IPL10
FIXES 124709
curpag needs to know about kernel constructs (getpagvalue on AIX, onegroup
versus two group on linux) and on aix 5.1 simply can't work. add a new pioctl
and use it to simply ask the kernel what the current pag is
LICENSE BSD
FIXES 124889
Updates to chapter one of the Admin Guide. Remove references to the
Authentication Server, add references to a Kerberos server, revise ntpd
parts to reflect the fact that OpenAFS doesn't ship ntpd, and removed
the distinction between the US and non-US versions of the Update Server.
LICENSE IPL10
FIXES 124880
rxi_Findcbi, rxi_FIndIfnet, rxi_FindIfMTU "failure" end up returning
the RX_REMOTE_PACKET_SIZE as the mtu to use unless we allow our override
to apply, so we do that. then, add an afsd switch to allow setting it.
afsd man page update required and will follow.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
LICENSE IPL10
FIXES 124880
man page update to document previous work
LICENSE MIT
Replace version info in the DocBook files with a new ENTITY "version"
associated with a local "version.xml" file which contain a <revision>
tag for the current release.
The version.xml file should be autogenerated by the Makefile system.
LICENSE MIT
Standardize the UNIX Makefiles for all of the DocBook guides. Remove the
rest of the generated files and switch to xsltproc and dblatex for the
document generation in all cases. Fix a few DocBook errors by removing
the contents of the <index> tag and removing the unknown <pubsnumber> tag
in the <revision> field.
LICENSE MIT
Use dblatex to build PDF documentation instead of docbook2html and xsltproc
to build HTML instead of docbook2html. Remove all the index generation
logic, since dblatex and xsltproc handle that automatically. Remove the
contents of the <index> tag in the source, since neither program requires
there be anything in there.
Remove the style sheets and configuration that were used for docbook2*.
FIXES 124799
LICENSE IPL10
Install symlinks for the *.krb versions of klog, pagsh, and tokens to the
non-krb versions and add information about the *.krb versions to the
non-krb man pages.
FIXES 124794
LICENSE IPL10
Note in CellServDB man page that it's also used to populate root.afs for
a -dynroot client. Also document the dynamic lookup of database servers
with -afsdb and provide some more information about when CellServDB has to
contain the cell and when it doesn't.
Mark the backup server as optional, and indicate that the authentication
server is deprecated and CellServDB isn't required for authentication if
Kerberos v5 and aklog are used.
LICENSE IPL10
FIXES 109189
Add new man pages for fs rxstatproc, fs setcbaddr, and fs trace. Also
updates the links from fs to its subsidiary man pages and fixes the
fs rxstatpeer man page a bit to mirror fs rxstatproc.
LICENSE MIT
Initial take at converting the OpenAFS for Windows Release Notes
to DocBook.
Website style HTML and HtmlHelp (.chm) output is generated.
Formatting of Registry Value descriptions could be improved.
There is no indexing at present.
LICENSE IPL10
FIXES 124760
Remove generated HTML from the respository
Update XML to support autogeneration of Index files via XSLT
Add graphics referenced by generated HTML output
Add top level index.html used by the docs.openafs.org web site.
Add NTMakefile for AdminGuide, QuickStartUnix, and UserGuide
that utilizes XSLT to generate Windows HTMLHelp (.CHM) and
website appropriate HTML output.
In AdminGuide and UserGuide, relabel the documentation as OpenAFS
instead of IBM AFS. Create a new revision entry for the OpenAFS
docs.
Incorporate updates to QuickStartUnix Appendix A
LICENSE IPL10
FIXES 124681
add -encrypt flag to pts generic options, allowing the wire to be
encrypted if desired and the user's authenticated. document same.
LICENSE BSD
Fix the -parallel example in the main description text: "5all" should be
"all5". Reword the description a bit to hopefully make it clearer that
there are two separate values set here. Note under the option description
of -parallel that multiple partitions on the same device are normally
processed serially.
FIXES 124151
LICENSE BSD
Add system:ptsviewers to the privilege documentation of pts membership and
try to clarify the privilege required by being less verbose and hopefully
more direct.
LICENSE BSD
Various file server man page updates: number of partitions, partition size
limits, directory file name block size, and a reference to the IBM manual
set.
LICENSE BSD
Pod::Simple::Search ignores every POD file that doesn't "look right," which
means it skips files containing a period (like krb.conf.pod) unless you set
a search option. Pod::Simple::HTMLBatch has no way to set search options.
Apply a truly horrible hack to get around this.
LICENSE BSD
FIXES 104110
add vos clone and vos shadow to overall list
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
LICENSE BSD
FIXES 104110
add krb.conf
update CellServDB to discuss AFSDB DNS records
LICENSE BSD
FIXES 86677
remove discussion of max partition size now that 1.5 has a limit of 2^64 KB.
add discussion of techinical nature of fs minidump on windows.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
LICENSE BSD
FIXES 86677
update discussion of max partition size.
LICENSE MIT
- fs diskfree
- fs examine
- fs listquota
- fs quota
require read permission not list for the root directory
of the volume and list permission for the preceding path.
LICENSE BSD
Use the correct subcommand name (fs getacl instead of fs_getacl) on the
HTML index page, even though we have to use the underscore in the NAME
section of the actual POD documentation.
LICENSE BSD
Add additional missing commands to the to-do list. Add a section on man
page section numbers and their rationale. Document that embedding a
license in the man page isn't required if it's one of the licenses in our
LICENSE file.
FIXES 104745
LICENSE BSD
Fix several issues with the afs(1) man page. Based on the patch by Jason,
but I also documented /vicepiv as the maximum, and /vicepiu as the
maximum recommended, partition.
LICENSE BSD
Add documentation of foreign realm user registration and cross-realm PTS
groups. Add documentation of missing ptserver flags. Add some additional
to-do entries for the man pages.
LICENSE IPL10
Update the fileserver documentation for demand-attach and add documentation
of other missing options and notes where some options are only applicable
with particular builds.
LICENSE BSD
Add some additional cross-references, add some missing man pages, fix a
few references to the OpenAFS manuals, document the -live flag to vos
move, and add an example for rxdebug.
Add a new fs newalias man page. Add -help to the synopsis and options of
the other new man pages. Add additional missing links in the fs man page.
Fix some wording in the CellAlias man page.
Complete the documentation of the afsd flags and update a few things like
-settime and -nosettime. Add man pages for fs setcrypt, fs getcrypt, and
CellAlias. Based on work by Jason Edgecombe and then extensively edited,
so any errors I probably introduced.
FIXES 65988
Mention aklog and kinit in klog's man page, add -dynroot to the afsd man
page, and mention that -skipauth tells uss not to create any Kerberos
principal and this has to be done separately.
Add additional arguments to the SYNOPSIS that the file server recognizes.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Missed another erroneous option argument.
ka-forwarder is under a different copyright not previously covered, so
embed the actual licensing in the source rather than referring to a file
that doesn't exist and add the relevant information to the LICENSE files.
FIXES 60137
commit updates to the docs for obsolete stuff
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
also the appendix file
Remove generated files from CVS.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Some initial obvious cleanup. Removed all the sections on Digital UNIX,
changed IBM AFS to OpenAFS throughout, and reformatted and cleaned up the
front matter and some of the first few pages.
Add some comments to the makefile, set up dependencies to build the index
automatically, remove a bunch of unnecessary @-signs in front of commands,
and add a clean target.
Document (at least partially) AFS's mapping of Kerberos v5 principal names
to Kerberos v4 format in the aklog man page. Also document that -setpag
may not always work.
When using the install-sh that ships with the source tree, Autoconf
substitutes in a relative path just to be annoying. Define the INSTALL
variables in each individual Makefile so that they find the proper file.
Remove the definitions from Makefile.config so that no one will
accidentally get the wrong ones.
Delete pinstall and convert the entire tree to use the install program
found by configure (falling back on install-sh in the local tree). This
means that we have to pre-create directories with install -d. Also redo
the install and dest rules to be lists of install rules rather than
dependencies driving separate make rules so that running make install will
always update the target directory with the current code, even if there are
files in the install area that are newer.
Stop installing libafssetpag; we're about to kill it in favor of a
different library. Remove some djgpp rules.
Rewrite the aklog man page in POD and add documentation of the new flags
and .xlog.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Fix my misunderstanding of what rxkad2b is.
====================
Fix unterminated B<>.
Autoconf 2.60 will replace some variables, most notably mandir, with values
relative to datarootdir, a new variable. Add settings of datarootdir to
the affected files.
Implement proper synopsis wrapping for HTML generation.
This was done in three pieces. First, add HTML-specific tags to the POD to
mark the synopsis for HTML purposes so that we can apply style information
to it. Second, update the style sheet to indent all lines except for the
first in the synopsis section. Third, add the appropriate S<> tags around
option and argument pairs so that we don't wrap between the option and its
argument.
Unfortunately, due to the <I<foo>> style that looks nicer for other reasons,
we have to use the very verbose S<<< >>>. Oh well.
Make the mentions of subcommands in the fs command introduction links to
the relevant pages, and add to README a to-do note to do this for the rest
of the introductory pages.
Fix links to man pages that contain underscores by working around a bug
in Pod::Simple.
Initial cut at an HTML conversion of the POD reference pages. Requires
Pod::Simple be installed (version 3.0 or later, probably). Also fix a POD
formatting bug in the afs(1) man page noticed while testing HTML output.
Add man pages for rxgen and cmdebug. The cmdebug man page was written from
scratch based on the source code. The rxgen man page is a conversion of an
old TeX document to POD.
Add new man pages for livesys and voldump. Fix the man page for sys to say
what it actually does, rather than implying that it works like livesys, and
to recommend livesys instead. Fix a path error in the NetInfo
documentation. Update the README for the current status, including
listing all installed commands that don't have man pages. (There may still
be some subcommands that don't have man pages but aren't listed.)
On installation, substitute the configured paths into the man pages,
replacing the Transarc paths. Also fix a problem with the way that
pinstall was being used to install man pages. (Silly me, I was assuming
it had the same behavior as install.)
This is just a quick first pass. Longer term, it's probably better to
replace all paths in the man pages with unambiguous tokens and then
replace those tokens instead of assuming that the man pages use Transarc
paths and replacing those paths specifically. The current method has a
few minor problems, such as not being able to distinguish between the
various paths that make up /usr/afs/bin. Still, the results of this method
are good enough to start with.
Move man page generation out into a separate script that's just invoked
from regen.sh, so that someone can run that separate script later if they
wish. Make that script more robust against problems such as empty podN
directories. Diagnose a missing pod2man and warn about old versions of
Pod::Man.
Also, remove the old programs used to do the initial conversion from HTML.
Enough post-conversion editing was done that they're no longer necessary
except for historical curiosity, and for that purpose they can be pulled
out of CVS.
This completes the first editing pass of the man pages. Very little
content editing has been done, but the server and client versions of
various man pages have been combined into a single man page for the
file (affects CellServDB, ThisCell, NetInfo, and NetRestrict), the
descriptions of the various AFS cache files have been combined into one
afs_cache man page, and the descriptions of the two butc log files have
been combined into one butc_logs man page.
For man pages for databases with two files, symlinks are now created on
installation for the secondary file name.
All of the man pages should now be ready for public review, additional
editing and cleanup, and content editing.
This completes the initial editing pass of the section eight man pages.
Only small amounts of content editing has been done. Some known problems
have been noted in README, but there will doubtless be others, as well as
some lingering formatting problems. However, the quality should now be
good enough for general public review.
Some of the section eight man pages were really supposed to be section one,
the package apropros and package help commands are too useless to document,
and a few of the difficult-to-name section five man pages have now acquired
names.
Initial documentation for the man page project, including initial notes
on conversion, a start at a formatting guide, information on how to
contribute, and an initial issues list of things I happened to notice
while editing the section one pages.
Generate the man pages in man1, man5, and man8 subdirectories rather than
directly in the doc/man-pages directory to reduce clutter. Add a
.cvsignore to reduce noise.
Complete an initial editing and cleanup pass for all section one man pages.
Fix various conversion problems, formatting inconsistencies, and obvious
problems. Please note that no editing for content has yet been done; this
is solely editing for formatting and correct conversion to POD.
Also, add some additional section five man pages that were omitted from the
first conversion run due to unusual file names, and globally replace
CAVEATS with CAUTIONS in the man pages to match the original section name.
The section one man pages should now be in reasonable shape and ready for
additional review and further updates, although there are probably still
remaining obvious problems.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
This file got the wrong name when it was originally committed. Fix.
This is the initial conversion of the AFS Adminstrators Reference into POD
for use as man pages. The man pages are now generated via pod2man from
regen.sh so that only those working from CVS have to have pod2man
available. The Makefile only installs. The pages have also been sorted
out into pod1, pod5, and pod8 directories, making conversion to the right
section of man page easier without maintaining a separate list and allowing
for names to be duplicated between pod5 and pod1 or pod8 (which will likely
be needed in a few cases).
This reconversion is done with a new script based on work by Chas Williams.
In some cases, the output is worse than the previous POD pages, but this is
a more comprehensive conversion.
This is only the first step, and this initial conversion has various
problems. In addition, the file man pages that didn't have simple names
have not been converted in this pass and will be added later. Some of the
man pages have syntax problems and all of them have formatting errors. The
next editing pass, coming shortly, will clean up most of the remaining
mess.
"fs flushall" is like "fs flushvolume" but flushes all data in the cache
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
typo
Now that OAFW is ready for a stable series, we will default "fs trace"
to off on non-Debug builds. It can be set to on via the TraceOption
registry value. (see registry.txt)
Added a new option for viewing the trace log data in real time
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Include the Thread ID in the output to make it usable for debugging
deadlocks.
====================
alter the afsd_init.log tag for the TraceOption to not be
Windows Event Log specific.
Byte range locks:
The OpenAFS Windows client has to fake byte range locks given no
server side support for such locks. This is implemented as keyed
byte range locks on the cache manager.
Keyed byte range locks:
Each cm_scache_t structure keeps track of a list of keyed locks.
The key for a lock is essentially a token which identifies an owner
of a set of locks (referred to as a client). The set of keys used
within a specific cm_scache_t structure form a namespace that has a
scope of just that cm_scache_t structure. The same key value can
be used with another cm_scache_t structure and correspond to a
completely different client. However it is advantageous for the
SMB or IFS layer to make sure that there is a 1-1 mapping between
client and keys irrespective of the cm_scache_t.
Assume a client C has key Key(C) (although, since the scope of the
key is a cm_scache_t, the key can be Key(C,S), where S is the
cm_scache_t. But assume a 1-1 relation between keys and clients).
A byte range (O,+L) denotes byte addresses (O) through (O+L-1)
inclusive (a.k.a. [O,O+L-1]). The function Key(x) is implemented
through cm_generateKey() function for both SMB and IFS.
The cache manager will set a lock on the AFS file server in order
to assert the locks in S->fileLocks. If only shared locks are in
place for S, then the cache manager will obtain a LockRead lock,
while if there are any exclusive locks, it will obtain a LockWrite
lock. If the exclusive locks are all released while the shared
locks remain, then the cache manager will downgrade the lock from
LockWrite to LockRead.
Lock states:
A lock exists iff it is in S->fileLocks for some cm_scache_t
S. Existing locks are in one of the following states: ACTIVE,
WAITLOCK, WAITUNLOCK, LOST, DELETED.
The following sections describe each lock and the associated
transitions.
1. ACTIVE: A lock L is ACTIVE iff the cache manager has asserted
the lock with the AFS file server. This type of lock can be
exercised by a client to read or write to the locked region (as
the lock allows).
1.1 ACTIVE->LOST: When the AFS file server fails to extend a
server lock that was required to assert the lock.
1.2 ACTIVE->DELETED: Lock is released.
2. WAITLOCK: A lock is in a WAITLOCK state if the cache manager
grants the lock but the lock is yet to be asserted with the AFS
file server. Once the file server grants the lock, the state
will transition to an ACTIVE lock.
2.1 WAITLOCK->ACTIVE: The server granted the lock.
2.2 WAITLOCK->DELETED: Lock is abandoned, or timed out during
waiting.
2.3 WAITLOCK->LOST: One or more locks from this client were
marked as LOST. No further locks will be granted to this
client until al lost locks are removed.
3. WAITUNLOCK: A lock is in a WAITUNLOCK state if the cache manager
receives a request for a lock that conflicts with an existing
ACTIVE or WAITLOCK lock. The lock will be placed in the queue
and will be granted at such time the conflicting locks are
removed, at which point the state will transition to either
WAITLOCK or ACTIVE.
3.1 WAITUNLOCK->ACTIVE: The conflicting lock was removed. The
current serverLock is sufficient to assert this lock, or a
sufficient serverLock is obtained.
3.2 WAITUNLOCK->WAITLOCK: The conflicting lock was removed,
however the required serverLock is yet to be asserted with the
server.
3.3 WAITUNLOCK->DELETED: The lock is abandoned or timed out.
3.5 WAITUNLOCK->LOST: One or more locks from this client were
marked as LOST. No further locks will be granted to this
client until all lost locks are removed.
4. LOST: A lock L is LOST if the server lock that was required to
assert the lock could not be obtained or if it could not be
extended, or if other locks by the same client were LOST.
Effectively, once a lock is LOST, the contract between the cache
manager and that specific client is no longer valid.
The cache manager rechecks the server lock once every minute and
extends it as appropriate. If this is not done for 5 minutes,
the AFS file server will release the lock. Once released, the
lock cannot be re-obtained without verifying that the contents
of the file hasn't been modified since the time the lock was
released. Doing so may cause data corruption.
4.1 LOST->DELETED: The lock is released.
4.2 LOST->ACTIVE: The lock is reassertd. This requires
verifying that the file was not modified in between.
4.3 LOST->WAITLOCK: All LOST ACTIVE locks from this client were
reasserted. The cache manager can reinstate this waiting
lock.
4.4 LOST->WAITUNLOCK: All LOST ACTIVE locks from this client
were reasserted. The cache manager can reinstate this waiting
lock.
5. DELETED: The lock is no longer relevant. Eventually, it will
get removed from the cm_scache_t. In the meantime, it will be
treated as if it does not exist.
5.1 DELETED->not exist: The lock is removed from the
cm_scache_t.
6* A lock L is ACCEPTED if it is ACTIVE or WAITLOCK.
These locks have been accepted by the cache manager, but may or
may not have been granted back to the client.
7* A lock L is QUEUED if it is ACTIVE, WAITLOCK or WAITUNLOCK.
8* A lock L is EFFECTIVE if it is ACTIVE or LOST.
9* A lock L is WAITING if it is WAITLOCK or WAITUNLOCK.
Lock operation:
A client C can READ range (Offset,+Length) of cm_scache_t S iff:
1. for all _a_ in (Offset,+Length), one of the following is true:
1.1 There does NOT exist an ACTIVE lock L in S->fileLocks such
that _a_ in (L->LOffset,+L->LLength) (IOW: byte _a_ of S is
unowned)
AND
For each LOST lock M in S->fileLocks such that
_a_ in (M->LOffset,+M->LLength), M->LockType is shared AND
M->key != Key(C).
(Note: If this is a different client from one whose shared
lock was LOST, then the contract between this client and the
cache manager is indistinguishable from that where no lock
was lost. If an exclusive lock was lost, then the range is
considered unsafe for consumption.)
1.3 There is an ACTIVE lock L in S->fileLocks such that: L->key
== Key(C) && _a_ in (L->LOffset,+L->LLength) (IOW: byte _a_
of S is owned by C under lock L)
1.4 There is an ACTIVE lock L in S->fileLocks such that _a_ in
(L->LOffset,L->+LLength) && L->LockType is shared (IOW: byte
_a_ of S is shared) AND there is no LOST lock M such that _a_
in (M->LOffset,+M->LLength) and M->key == Key(C)
A client C can WRITE range (Offset,+Length) of cm_scache_t S iff:
2. for all _a_ in (Offset,+Length), one of the following is true:
2.1 Byte _a_ of S is unowned (as above) AND for each LOST lock
L in S->fileLocks _a_ NOT in (L->LOffset,+L->LLength).
2.2 Byte _a_ of S is owned by C under lock L (as above) AND
L->LockType is exclusive.
A client C can OBTAIN a lock L on cm_scache_t S iff:
3. for all _a_ in (L->LOffset,+L->LLength), ALL of the following is
true:
3.1 L->LockType is exclusive IMPLIES there does NOT exist a QUEUED lock
M in S->fileLocks such that _a_ in (M->LOffset,+M->LLength).
(Note: If we count all QUEUED locks then we hit cases such as
cascading waiting locks where the locks later on in the queue
can be granted without compromising file integrity. On the
other hand if only ACCEPTED locks are considered, then locks
that were received earlier may end up waiting for locks that
were received later to be unlocked. The choice of QUEUED
locks were made so that large locks don't consistently get
trumped by smaller locks which were requested later.)
3.2 L->LockType is shared IMPLIES for each QUEUED lock M in
S->fileLocks, if _a_ in (M->LOffset,+M->LLength) then
M->LockType is shared.
4. For each LOST lock M in S->fileLocks, M->key != Key(C)
(Note: If a client loses a lock, it loses all locks.
Subsequently, it will not be allowed to obtain any more locks
until all existing LOST locks that belong to the client are
released. Once all locks are released by a single client,
there exists no further contract between the client and AFS
about the contents of the file, hence the client can then
proceed to obtain new locks and establish a new contract.)
A client C can only unlock locks L in S->fileLocks which have
L->key == Key(C).
The representation and invariants are as follows:
- Each cm_scache_t structure keeps:
- A queue of byte-range locks (cm_scache_t::fileLocks) which
are of type cm_file_lock_t.
- A record of the highest server-side lock that has been
obtained for this object (cm_scache_t::serverLock), which is
one of (-1), LockRead, LockWrite.
- A count of ACCEPTED exclusive and shared locks that are in the
queue (cm_scache_t::sharedLocks and
cm_scache_t::exclusiveLocks)
- Each cm_file_lock_t structure keeps:
- The type of lock (cm_file_lock_t::LockType)
- The key associated with the lock (cm_file_lock_t::key)
- The offset and length of the lock (cm_file_lock_t::LOffset
and cm_file_lock_t::LLength)
- The state of the lock.
- Time of issuance or last successful extension
Semantic invariants:
I1. The number of ACCEPTED locks in S->fileLocks are
(S->sharedLocks + S->exclusiveLocks)
External invariants:
I3. S->serverLock is the lock that we have asserted with the
AFS file server for this cm_scache_t.
I4. S->serverLock == LockRead iff there is at least one ACTIVE
shared lock, but no ACTIVE exclusive locks.
I5. S->serverLock == LockWrite iff there is at least one ACTIVE
exclusive lock.
I6. If a WAITUNLOCK lock L exists in S->fileLocks, then all
locks that L is waiting on are ahead of L in S->fileLocks.
I7. If L is a LOST lock, then for each lock M in S->fileLocks,
M->key == L->key IMPLIES M is LOST or DELETED.
--asanka
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Byte range locks added to change list
====================
should improve error codes, and allow lock promotions and demotions
by releasing locks.
====================
More improvements to the byte range locking. Handle errors caused
by a failure to have locking privs; report sharing violations when
opening files; lie about locks on read-only volumes; implement
shared read/write file creation in the smb layer.
====================
remove assertion
====================
must reference count local references to objects if the lock
is being released
====================
Do not use a variable until you assign it a value
====================
remove an unwanted assertion and move the resetting of scp->serverLock
to -1 into cm_LockMarkSCacheLost() so that others do not forget to set
it. cm_LockMarkSCacheLost() is always called when the scp->mx is held
so it is ok to do so.
Do not return error codes from the SMB/CIFS server that can be interpretted
by the SMB/CIFS client as meaning that the AFS Client Service is not
available.
When tokens expire, do not display an obtain tokens dialog if there
is no network connectivity to the kdc for the realm associated with
the cell.
In the en_US build, stop displaying the expiration time of tokens
after the tokens expire.
1.3.8201
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
remove AFS Gateway option
Apparently the problem with multi-domain forests with cross-
realm trusts to non-Windows realms was not entirely solved.
The authentication to the AFS SMB service failed because
the wrong name was being used. Using ASU as an example,
the authentication was being performed with the name
"QAAD\user" (an account in the forest root) and not
"user@ASU.EDU (the MIT Kerberos principal used to login with)
The solution was to add an additional dependency on KFW
in order or to be able to easily obtain the client principal
name stored in the MSLSA ccache TGT. This information is
used in two locations:
- the pioctl() function
- a new WinLogon Event Handler for the "logon" event.
The pioctl function will now be able to use the correct
name when calling WNetAddConnection2() and the "logon"
event handler will now be able to call WNetAddConnection2().
The hope is that the "logon" event handler will be called
before the profile is loaded but I have not guarrantee
that will happen.
FIXES 18131
collect all licenses here
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
FIXES 18131
install LICENSE into destdir builds
updates for 1.3.80
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
update issues list
This patch applies all of the work done to add persistent cache support,
cache manager debugging, and a variety of bug fixes. A full description
will be committed within doc/txt/winnotes as part of a later commit.
* The variable used to determine whether a file or virtual memory
mapped cache is used was not properly initialized to a default
value. If the registry setting "NonPersistentCaching" was not
set, the choice would be random. Properly initialized to be
"file".
* The memory mapped view was never unmapped before closing the file
at service shutdown. This is now properly cleaned up.
* Default location of Cache file is now %TEMP%\AFSCache
Add new Property for StoreAnsiFilenames
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Add property for StoreAnsiFilenames
update text files for StoreAnsiFilenames.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Allow users to choose to store file names in AFS using ANSI code pages
instead of OEM code pages.
Install registry values to force a mapping from afsdsbmt.ini file updates
via the old profile API to the new HKLM\Software\OpenAFS\Client\Submounts
key.
update docs
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
conditionalize the cleanup of language files on their existence
====================
reformat parts of afsd_init.c
add support for version number checking to afsd_service.exe
====================
Fix the afs_config.exe submount dialog operations: Edit Submount name and
Remove submount entry.
====================
Fix the version info data stored in the resource block to
use the same language identifier as is advertised.
the VC++ 2003 Toolkit is missing some important libraries.
remove it from the README-NT file
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
update docs
====================
simplify the freelance import from afs_freelance.ini code. don't generate
an new file if the old one does not exist.
begin conversion from old string functions to new strsafe functions.
this will need to be done for all of the afsd_service.exe source
modules before we can regularly use VS .NET 2005
Add support for VL_GetEntryByNameN. Still need to figure out what needs
to be done for VL_GetEntryByNameU. (multi-homed support)
====================
fix a deadlock situation if an Obtain Tokens dialog is produced
by an expiration event and the user chooses to cancel instead of
obtain new credentials.
Fix the registry query in afskfw.lib to read the HKLM machine value
even if the HKCU key is present.
Update text in the install notes to better describe the krb524
issues
Provide mechanisms to force the use of krb524 via afscreds, afslogon,
and aklog. afslogon and afscreds rely on a new "Use524" registry value
(see registry.txt) and aklog has a new "-m" command line option.
The pattern matching algorithm was failing to match strings when the
pattern terminated in a '*'. The logic was also too complex because
it failed to simply the patterns prior to processing. Any combination
of '*' and '?' == '*' according to the Windows file name pattern
matching rules.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
FIXES 15365
The pattern matching algorithm was failing to match strings when the
pattern terminated in a '*'. The logic was also too complex because
it failed to simply the patterns prior to processing. Any combination
of '*' and '?' == '*' according to the Windows file name pattern
matching rules.
FIXES 915
FIXES 15250
* smb_ReceiveCoreRename() was factored to produce smb_Rename()
which is used by both the original function and the new
smb_ReceiveNTRename(). smb_ReceiveNTRename() supports the
creation of HardLinks in addition to Renaming. smb_Link()
is a new function which creates HardLinks via cm_Link().
cm_Link() is a new vnodeops function which creates links
using RXAFS_Link().
smb_ReceiveNTRename() does not support the File Copy and
Move Cluster Information operations described in its interface.
ReceiveNTRename is under documented in CIFS-TR-1p00_FINAL.pdf.
* When opening files via symlinks, we should follow the symlinks
until we reach the actual file stat cache entry. The stat cache
entry of the file should then be stored in the FID instead of
stat scache entry of the symlink.
* return bad operation errors for all unimplemented functions
even if we do not know the functions exist.
* Log bad packets and unknown operation packets to the trace log
* Map CM_ERROR_BADOP to STATUS_NOT_SUPPORTED instead of
0xC09820FF
* Update list of known CIFS operations to include all those listed
in CIFS-TR-1p00_FINAL.pdf.
* modify registry.txt to replace QWORD with DWORD
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
* add expanded registry support to "submounts"
Update text files for 1.3.71 and describe the new Windows Authorization
Group "AFS Client Admins"
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Add support for "AFS Client Admins" windows authortization group
====================
NTMakefile changes for Admin Group
* Fix aklog.exe to not add the AFS ID to the username
* PTS registration of new users to foreign cells has been added to
afscreds.exe
* The cm_Daemon thread is used to perform checks for
down servers, up servers, volumes, callback expirations,
lock maintenance and token expiration. Due to a gaff in
larger integer division the thread never performed any
work. Instead the current time computation would always
be less then the trigger times. This had an adverse affect
on the client's ability to maintain communication with servers,
keep volumes up to date, and flush user tokens and acls
when they have expired. This was broken when the 1.3 branch
was modified to support VC7 which no longer included
largeint.lib
* An initialization problem with the Freelance code was
detected while fixing the callbackRequest. The cm_rootSCachep
object is obtained during afsd_InitDaemons() but the callback
information is incomplete. The callback information will not
be obtained until cm_MergeStatus is called from within
cm_GetCallback. Unfortunately, cm_SyncOp did not properly
test for the conditions under which the callback information
must be obtained.
* Reports have been filed indicating that callbacks were
being lost. An examination of the code indicated that the
cm_server_t objects were not being properly reference
counted by the cm_scache_t and cm_callbackRequest_t objects.
In particular, the cm_server_t objects may have been freed
from beneath the cm_conn_t objects.
All of the reference counting is now done via the functions:
cm_GetServer
cm_GetServerNoLock
cm_PutServer
cm_PutServerNoLock
this improves the ability to track the referrals.
Each cm_BeginCallbackGranting Call now allocates a reference
to the cm_server_t. The cm_EndCallbackGrantingCall either
frees the reference or transfers it to the cm_scache_t
cbServerp field. These are then appropriately tracked
through the cm_Analyze call.
* Ensure that the dnlc hash table is the same size as the
dir name hash table (as per original author's note).
Increase the dnlc CM_AFSNCNAMESIZE to a multiple of 8
for compatibility with 64-bit systems.
* fix smb_ApplyV3DirListPatches to properly apply the hidden
attribute to dotfiles when the infoLevel < 0x101 and
cm_SyncOp has failed.
* Fix the Freelance registry initialization code. There
was a possibility that some systems could end up with
garbage in the registry during a clean install.
Restore the installation of afslogon.dll as a winlogon event handler.
Microsoft identified the problem as being a newly added restriction
on the behavior of DllMain entry points. Network operations such
as bind() may no longer be called. The ICF blocks them but does not
cause an error to be returned.
Disable the installation of the WinLogon Event Handlers to avoid
problems with XP SP2 Final Release booting and profiles being released
on logoff.
Update version to 1.3.7000
Add VS8 entries to the build system
document new freelance functionality and update install notes
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
more updates
Updates winnotes with current info
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
summary of changes performed this week for 1.3.70
Update documentation on cache control and credential manager options
in MSI deployment guide.
'CachePath' setting in registry allows REG_EXPAND_SZ type.
Update registry documentation for 'CachePath' setting.
Both installers save the credential manager command line options in
registry.
Fix handling of existing 'afsdcell.ini' file in WiX installer.
WiX 2.0.1927 changed the XML schema. The WiX installer has beed
updated accordingly.
* update winnotes
* add osi trace log entries to help diagnose issues with overlapped writes
from CIFS client
* fix osi trace log entries for freelance add mount to use osi_SaveLogString
* fix afscreds "Start Service" to automatically obtain tokens if kerberos
tickets are available
* update afscreds systray menu to use "..." after Remove Icon
* remove extra "." in wix installer resource
Update the install notes to describe conflicts between SMB Authentication
and Windows machines configured with non-Windows Kerberos authentication
used to map to local accounts.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
More updates to smb auth vs external kerberos login
the procedure used to obtain the profile directory failed in Domains
which were not Forests. If ADS_NAME_INITTYPE_GC fails, we must try
ADS_NAME_INITTYPE_DOMAIN which requires the Domain. Added a Domain
parameter to QueryAdHomePathFromSid. This was easy to obtain in
the NPLogonNotify since the logon domain is provided as a parameter.
Unfortunately, the domain provided to the winlogon event notification
routine is the user authentication domain, not the logon domain for
the local machine. Needed to create a GetLocalShortDomain function
which uses the IADsADSystemInfo COM interface to obtain the local
short domain. With this in place, we can now properly detect the
profile directory in all cases.
Document MaxLogSize in registry.txt
TraceLogging is supposed to be activated for different purposes
with bit flags. The osi log and afslogon both used the same bit
flag. Bit 0 is now for afslogon; and Bit 1 is for osi log.
* Update Windows Notes files
* Modify logoff procedure to use a pioctl to check if an arbitrary path
exists within AFS
* Add a new registry value HKLM\Software\OpenAFS\Client CellServDBDir
which can be used to locate the CellServDB file in an arbitrary directory
- Fix NTMakefiles in many directories to define WIN32_LEAN_AND_MEAN NOGDI
to avoid macro redefinitions
- update text files
- add "authentication cell" registry value for afscreds.exe
From asanka@mit.edu:
Network provider :
- If the user is logging into an AD domain, then look up the user's
profile path, find out which cell it's in and then authenticate to
that cell instead of the default cell.
- Domain specific registry keys
- A few fixes for handling UNICODE_STRINGs
smb3.c :
- Delete partial security context during negotiation
client_cpa :
- As per the SDK which says we must handle CPL_INQUIRE message, we do.
Also fixes a small bug where the icon isn't properly set when viewing
the Control Panel folder.
loopbackutils.cpp
- Don't bother setting the app data template, because we are setting
it in the MSI anyway.
install/wix/NTMakefile
- Add a configurable symbol AFSDEV_AUXWIXDEFINES which can be used to
customize a build of the msi.
install/wix
- Move afslogon.dll to SYSTEM32 directory
- Add registry keys to support WinLogon notifications.
- Rename afsdcell.ini to CellServDB and move it to the client directory.
- If there's already an afsdcell.ini in the Windows directory, copy
that over to the client directory instead.
- Add descriptions to AFS client and server services
Over last several years significant efforts have been made to work around
the inability to protect user tokens from use by inappropriate entities.
The tokens are associated with a given userid and session by a combination
of an SMB based ioctl and an authenticated/encrypted RPC. This has opened
the door for tokens to be borrowed by other users if they could connect
to the same SMB server with the identical userid. This was trivially
possible because the SMB connections were unauthenticated.
This patch adds two forms of authenticated SMB connections: NTLM and
Extended Security (aka GSS SPNEGO). By default Extended Security mode
is used. This patch has been tested on 2000 workstation, 2000 server,
XP SP1, and 2003 Server, and XP SP2 RC2. The Extended Security works on
all platforms except for XP SP2 RC2 regards of whether or not the machine
is part of a domain or not; and whether or not a local or domain account
is used.
On XP SP2 RC2, attempts to use negotiate Extended Security result in a
Logon Denied error from AcceptSecurityContext() and a substatus code of
0x7C90486A is logged to the Security Event log via the NTLM SSP.
The SMB AUTH NTLM mode succeeds on XP SP2 RC2.
Disabling SMB Authentication or specifying the use of NTLM mode may be done
via the registry.
Value : smbAuthType
Type : DWORD {0..2}
Default : 2
If this value is specified, it defines the type of SMB authentication
which must be present in order for the Windows SMB client to connect
to the AFS Client Service's SMB server. The values are:
0 = No authentication required
1 = NTLM authentication required
2 = Extended (GSS SPNEGO) authentication required
The default is Extended authentication
Change the NetbiosName registry value from REG_SZ to REG_EXPAND_SZ
and add the necessary code to expand the strings. This will allow
the use of %COMPUTERNAME%-AFS in case people want to explicitly use
a non-portable name.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Update text for NetbiosName value.
From Skyrope:
The Skyrope work attempted to improve on the end user experience of using
OpenAFS in the following ways:
* Obtain tokens using renewable Kerberos 5 tickets in order to
reduce the need for end users to renew expired tokens
* Monitor the list of IP Addresses in order to detect changes
in the network configuration which might affect the reachability
of cells or the state of the AFS Client Service. When cells
are newly reachable, obtain tokens for the cells. If the AFS
Client Service is not running, start it. If tokens are expiring
attempt to renew them.
* Use KDC probes to detect the accessibility of realms/cells. If
the KDC is not reachable, do not prompt the end user for a
username and password. (fs probe is not implemented on windows)
* Automatically obtain tokens using the Windows Logon Session
Kerberos credentials (if available)
* Allow tokens for multiple cells to be obtained by using the
same Kerberos 5 tickets. (no UI yet implemented)
* Perform drive mapping persistance by tracking it within the
afsdsbmt.ini file instead of relying on the Windows Shell
to persist the state.
* Add new afscreds.exe command line options and change the
default set used when creating the "AFS Credentials" shortcut
in the Start Menu->Programs->Startup folder.
From MIT:
* Auto-detection of loopback adapters. Use "AFS" as the netbios
name when a loopback adapter is installed.
* Support for responding to power management events. Used to
flush the cache when the machine is about to suspend, hibernate,
or shutdown
* Documentation of Registry entries
* Support for Extended SMB Requests
* Beginning of support for true Event Log reporting from a
message database
* Hidden Dot File support (configured via the HideDotFiles
registry option)
* Configurable Max number of Multiplexed Sessions (MaxMpxRequests
registry option)
* Configurable Max MTU size (RxMaxMTU registry option)
* Configurable Jumbogram support (RxNoJumbo registry option)
* Configurable Max number of Virtual Connections per Server
(MaxVCPerServer registry option)
* Win32 DNS API support
* Addition of SMB_ATTR_xxxx defines for use instead of hex numbers
* A variety of heap access and resource deallocation errors corrected
in the SMB code
* Support for recursive directory creation
* Modifications to the en_US version of the client configuration
dialog (need to port to other languages)
Notes on the current check-in:
* The KfW code will always be used when installed on the machine.
This code only supports Krb5 and will not work with Krb4 only
realms. A registry flag indicating whether or not KfW should be
used if found needs to be added.
* afscreds.exe needs to have a registry entry created to control
the parameter list it should be started with. There should be
a dialog to control this in the installer and within afscreds.exe
* The MIT method of auto-assigning the mount-root and the netbios
name is in conflict with the morgan stanley submissions in some
parts of the code. If you are using the loopback adapter with
this code both the "NetbiosName" = "AFS" and "Mountroot" = "/afs"
registry options must be specified. This will be fixed in coming
days.
add ignore_uid (like ignore_root) plus set_token (set token in auth step instead of setcred), refresh_token (no new pag), use_klog (fork a klog child), no_unlog, remainlifetime (sleep before deleting creds at logout)
"I noticed that the pdf documentation bundled with openafs doesn't include
the correct fonts to display properly (atleast with my acrobat). I've
generated afs-pdf:s with type1 fonts"
