Copied from the BIND Operator's Guide
--- [[DerrickBrashear]] - 24 Jan 2002
+-- Derrick Brashear - 24 Jan 2002
# <a name="AFS frequently asked questions"></a> AFS frequently asked questions
-This Wiki document is based on afs-faq, version 1.113, dated 19:50 Thursday 9th July 1998, by [[PaulBlackburn]] <mpb@acm.org>. It was divided into seven topics for easier editing. Feel free to make improvements.
+This Wiki document is based on afs-faq, version 1.113, dated 19:50 Thursday 9th July 1998, by Paul Blackburn <mpb@acm.org>. It was divided into seven topics for easier editing. Feel free to make improvements.
- [[PreambleFAQ]]
- [[GeneralFAQ]]
Updated:
-- Converted format of FAQ from Original to Wiki -- [[DanielClark]] - 21 Jan 2002
-- Enlivened Arla links. Fixed a few heading markers. Corrected Transarc address and phone numbers. Improved references to paths in the transarc.com cell. Added MANIFEST for many ftp links because anonymous can't use the "LIST" command. -- [[TedAnderson]] - 29 Jan 2002
-- Broke into seven more manageably-sized topics. -- [[TedAnderson]] - 04 Feb 2002
+- Converted format of FAQ from Original to Wiki -- Daniel Clark - 21 Jan 2002
+- Enlivened Arla links. Fixed a few heading markers. Corrected Transarc address and phone numbers. Improved references to paths in the transarc.com cell. Added MANIFEST for many ftp links because anonymous can't use the "LIST" command. -- Ted Anderson - 29 Jan 2002
+- Broke into seven more manageably-sized topics. -- Ted Anderson - 04 Feb 2002
--- [[JeffreyAltman]] - 14 Oct 2008
+-- Jeffrey Altman - 14 Oct 2008
Here are things we need to know for the Hackathon at Google on Monday October 27th and Tuesday October 28th.
The resulting TGT tickets use a proprietary authorization data format. There was a big flamefest on this issue, though [[KerberosDCE]] also uses the V5 ticket's authorization data field to store group membership data, the details of Microsoft's format was murky. It is now documented by a paper which essentially requires you to agree to never use the information if you read it, making it similarly useless.
-[[NathanNeulinger]] has used Windows 2000 to provide authentication for AFS. See his [message](http://lists.openafs.org/pipermail/openafs-info/2002-January/002893.html) to [[OpenAFSInfo]] for details.
+Nathan Neulinger has used Windows 2000 to provide authentication for AFS. See his [message](http://lists.openafs.org/pipermail/openafs-info/2002-January/002893.html) to [[OpenAFSInfo]] for details.
-[[DouglasEngert]] posted some [details](http://lists.openafs.org/pipermail/openafs-info/2002-March/003836.html) on doing this including a pointer to gsiklog which uses GSSAPI to get an K4/AFS token.
+Douglas Engert posted some [details](http://lists.openafs.org/pipermail/openafs-info/2002-March/003836.html) on doing this including a pointer to gsiklog which uses GSSAPI to get an K4/AFS token.
More from Douglas in the same [thread](http://lists.openafs.org/pipermail/openafs-info/2002-March/003904.html).
>
> You can then use the MIT ktutil addent -key to add this to a keytab file.
--- [[TedAnderson]] - 23 Jan 2002<br /> -- [[DerrickBrashear]] - 24 Jan 2002 added the information about the paper.<br /> -- [[TedAnderson]] - 18,22 Mar 2002 added Engert pointer.<br />
+-- Ted Anderson - 23 Jan 2002<br /> -- Derrick Brashear - 24 Jan 2002 added the information about the paper.<br /> -- Ted Anderson - 18,22 Mar 2002 added Engert pointer.<br />
----
<file:///afs/transarc.com/public/afs-contrib/pointers/UMich-lat-authenticated-batch-jobs> <ftp://ftp.transarc.com/pub/afs-contrib/pointers/UMich-lat-authenticated-batch-jobs>
-Another collection of tools was [mentioned](https://lists.openafs.org/pipermail/openafs-info/2002-October/006353.html) by [[DanielClark]]:
+Another collection of tools was [mentioned](https://lists.openafs.org/pipermail/openafs-info/2002-October/006353.html) by Daniel Clark:
Another option is [OpenPBS](http://www.openpbs.org/) and [Password Storage and Retrieval](http://www.lam-mpi.org/software/psr/) (PSR), where you encrypt your AFS password with a public key and put it in your home directory, and trusted machine(s) which have the private key on local disk then decrypt your password and run your job. MIT uses a variant of this (e.g. [a](http://web.mit.edu/longjobs/www/) & [b](http://mit.edu/longjobs-dev/notebook/)) that uses their own code (see [longjobs documentation](http://web.mit.edu/longjobs-dev/doc/netsec.txt) sections III and IV) instead of PSR.
- [[RedHat]] Linux: ([src](https://lists.openafs.org/pipermail/openafs-info/2002-July/005085.html)) change the last line of /etc/sysconfig/afs to `AFS_POST_INIT="/usr/bin/fs setcrypt on"`
- Windows ([src](https://lists.openafs.org/pipermail/openafs-info/2003-June/009416.html)) set the following registry value named `SecurityLevel` under `HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters` to 2.
-I have not tested either of these procedures. -- [[TedAnderson]] - 05 Jun 2003
+I have not tested either of these procedures. -- Ted Anderson - 05 Jun 2003
### <a name="3.29 What underlying filesystems"></a> 3.29 What underlying filesystems can I use for AFS ?
</tr>
</table>
--- [[JeffreyHutzelman]] - 18 Jan 2002 -- [[TedAnderson]] - 18 Jan 2002
+-- Jeffrey Hutzelman - 18 Jan 2002 -- Ted Anderson - 18 Jan 2002
Arla is an independent, free implementation of AFS by members of the [[StackenComputerClub]] at [[KungligaTekniskaH]]�gskolan. Its home page is <http://www.stacken.kth.se/projekt/arla/>.
--- [[TedAnderson]] - 16 Jan 2002 -- [[JeffreyHutzelman]] - 18 Jan 2002
+-- Ted Anderson - 16 Jan 2002 -- Jeffrey Hutzelman - 18 Jan 2002
--- [[JeffreyAltman]] - 16 Jun 2008
+-- Jeffrey Altman - 16 Jun 2008
The AFS File Server request throughput is limited by its current architecture which dedicates one thread per request for the lifetime of the request. Due to the fact that threads may become blocked on disk I/O and (more importantly) on Rx RPCs (VL\_\*, PR\_\*, RXAFSCB\_\*) the dedicated threads are frequently idle when they could be performing real work. The AFS File Server is therefore incapable of taking advantage of the CPU, disk I/O, and network I/O resources available to it.
There are more types of [[StringToKey]] functions in V5.
-[[CharlesClancy]] posted a Perl [script](http://lists.openafs.org/pipermail/openafs-info/2002-January/003060.html) that provides a kas interface to kadmin, so that existing scripts (and users) that use kas can easily work in a K5 environment.
+Charles Clancy posted a Perl [script](http://lists.openafs.org/pipermail/openafs-info/2002-January/003060.html) that provides a kas interface to kadmin, so that existing scripts (and users) that use kas can easily work in a K5 environment.
-[[DerekAtkins]] provides this handy mapping from [[KerberosVMIT]] to [[KaServer]]:
+Derek Atkins provides this handy mapping from [[KerberosVMIT]] to [[KaServer]]:
<table border="1" cellpadding="0" cellspacing="0">
<tr>
## <a name="HeimdalKTH -- International vers"></a> [[HeimdalKTH]] -- International version of Kerberos V5
-Here's some [mail](http://lists-openafs.central.org/pipermail/openafs-info/2001-April/000591.html) from [[DerrickBrashear]] for using [[HeimdalKTH]] for AFS authentication. An updated version of this document can be found [here](http://lost-contact.mit.edu/afs/net/project/afs32/andrew.cmu.edu/usr/shadow/ka2heim.txt): <file:/afs/andrew.cmu.edu/usr/shadow/ka2heim.txt>
+Here's some [mail](http://lists-openafs.central.org/pipermail/openafs-info/2001-April/000591.html) from Derrick Brashear for using [[HeimdalKTH]] for AFS authentication. An updated version of this document can be found [here](http://lost-contact.mit.edu/afs/net/project/afs32/andrew.cmu.edu/usr/shadow/ka2heim.txt): <file:/afs/andrew.cmu.edu/usr/shadow/ka2heim.txt>
The kas wrapper mentioned above maybe useful for Heimdal environments too.
See [[SettingUpAuthentication]]
--- [[TedAnderson]] - 23 Jan 2002 -- [[TedAnderson]] - 06 Feb 2002 -- [[TedAnderson]] - 07 Mar 2002
+-- Ted Anderson - 23 Jan 2002 -- Ted Anderson - 06 Feb 2002 -- Ted Anderson - 07 Mar 2002
From the latex sources you can build the manual into whatever format you wish. I believe the [User Guide](http://www.openafs.org/cgi-bin/cvsweb.cgi/openafs-doc/userGuide.tex) is done.
-Feel free to send patches, corrections, improvements and suggestions to [[RenatoArruda]]
+Feel free to send patches, corrections, improvements and suggestions to Renato Arruda.
--- [[RenatoArruda]] - 09 Jun 2003
+-- Renato Arruda - 09 Jun 2003
--- [[MarkEichin]] - 18 Jan 2002
[Boxed Penguin](http://www.boxedpenguin.com/) is a complete [[InstantInfrastructure]] system that allows one to start from an empty PC and bring up a small but scalable infrastructure server with a minimum of effort (installing Debian and then layering on a meta-package that configures and installs the rest.) Likewise it simplifies installing generic workstation-style clients.
Commercial support for Boxed Penguin is available from [Mekinok, Inc.](http://www.mekinok.com/), community support is available through the mailing lists on the Boxed Penguin website.
+
+-- Mark Eichin - 18 Jan 2002
There was a [discussion](http://lists.openafs.org/pipermail/openafs-devel/2001-December/002215.html) of this idea on [[OpenAFSDevel]].
-[[NathanNeulinger]] outlined a two stage approach. I outlined some ideas for handling the multi-client cache coherence problem. But the discussion died down leaving some uncertainty about the basic feasibility of the feature.
+Nathan Neulinger outlined a two stage approach. I outlined some ideas for handling the multi-client cache coherence problem. But the discussion died down leaving some uncertainty about the basic feasibility of the feature.
--- [[TedAnderson]] - 17 Jan 2002
+-- Ted Anderson - 17 Jan 2002
By no means a comprehensive list, but here's a few more links:
- [trying to make sense of afs\_vnop\_flock.c](http://lists.openafs.org/pipermail/openafs-devel/2002-December/003662.html)
- [making lock upgrades safer](http://lists.openafs.org/pipermail/openafs-devel/2002-December/003687.html)
--- [[TedAnderson]] - 23 Jan 2003
+-- Ted Anderson - 23 Jan 2003
--- [[MattBenjamin]] - 05 Apr 2010
+-- Matt Benjamin - 05 Apr 2010
The following notes were directed to a potential GSOC participant interested in porting the [[OpenAFS]] cache manager to [[NetBSD]]. There are some remarks specific to [[NetBSD]], and there's a lack of a high-level view of the ancestry of different ports and phases of work, that I think might be useful, among other things.
Some AFS sites have develop their own tools: CMU, Morgan Stanley, and others. (need list here and pointers to descriptions and tools) Some of these are in [afs-contrib](http://grand.central.org/twiki/bin/view/AFSLore/ResourcesFAQ#4_01_Is_there_an_anonymous_FTP_s) and others maybe available from the sites themselves.
-[[LeoShyhWeiLuan]] has proposed a [[JavaAPI]] to simplify writing and sharing tools.
+Leo Shyh WeiLuan has proposed a [[JavaAPI]] to simplify writing and sharing tools.
-There is also a Perl API, written by Roland Schemers and now maintained and developed by [[Norbert E. Gr�ner|NorbertGruener]] and described on his [AFS Perl Kwiki](http://www.mpa-garching.mpg.de/kwiki/nog/afsperl/), which provides access to most of the AFS programming API. It comes with extensive [documentation](http://www.mpa-garching.mpg.de/~nog/doc/afsperl.html).
+There is also a Perl API, written by Roland Schemers and now maintained and developed by Norbert Gruener and described on his [AFS Perl Kwiki](http://www.mpa-garching.mpg.de/kwiki/nog/afsperl/), which provides access to most of the AFS programming API. It comes with extensive [documentation](http://www.mpa-garching.mpg.de/~nog/doc/afsperl.html).
----
See [[AdminFAQ]], [[SettingUpAuthentication]].
--- [[TedAnderson]] - 14 Feb 2002
+-- Ted Anderson - 14 Feb 2002
Sites can request addition by mailing <cellservdb@grand.central.org>
--- [[DerrickBrashear]] - 24 Jan 2002
+-- Derrick Brashear - 24 Jan 2002
Coda is a version of AFS that branched before its development moved to [[TransarcCorporation]]. One of its claims to fame is that it supports [[DisconnectedOperation]]. The project home page is <http://www.coda.cs.cmu.edu/>.
--- [[TedAnderson]] - 16 Jan 2002
+-- Ted Anderson - 16 Jan 2002
--- [[StevenJenkins]] - 08 Jun 2007
+-- Steven Jenkins - 08 Jun 2007
This is an entry point into the code architecture. As always, the source for your release is the authoritative reference, but this wiki is designed to help navigate the source and point out relevant documentation.
--- [[StevenJenkins]] - 11 Jun 2007 [[VInitVolumePackage]] is the main setup program for the fileserver, salvageserver, and volserver (and some utilities). It initializes the data structures need by each to do their operations. Synchronization is done via `vol_glock_mutex`, `vol_trans_mutex`, `vol_put_volume_cond`, and `vol_sleep_cond`.
+-- Steven Jenkins - 11 Jun 2007 [[VInitVolumePackage]] is the main setup program for the fileserver, salvageserver, and volserver (and some utilities). It initializes the data structures need by each to do their operations. Synchronization is done via `vol_glock_mutex`, `vol_trans_mutex`, `vol_put_volume_cond`, and `vol_sleep_cond`.
- Called by:
- All calls to obtain a write lock have a unique reference number. This must be unique across the cache manager (lock numbers that are in a particular OS directory may be shared, but only between OS directories), and src/afs/lock.h must be updated with the highest number in use
- New locks should be registered in the list in afs\_callback.c, so their contents can be viewed via cmdebug
--- [[SimonWilkinson]] - 27 Jul 2009
+-- Simon Wilkinson - 27 Jul 2009
- [[KerberosVMIT]] krb524d not configured correctly
- des3 key in the database for the "afs" principal.
--- [[DerrickBrashear]] - 26 Nov 2002
+-- Derrick Brashear - 26 Nov 2002
-I am not the right person to write this page but here is summary from a pretty good note from [[DerekAtkins]] in a [thread](https://lists.openafs.org/pipermail/openafs-info/2002-January/002959.html) on the [[OpenAFSInfo]] mailing list.
+I am not the right person to write this page but here is summary from a pretty good note from Derek Atkins in a [thread](https://lists.openafs.org/pipermail/openafs-info/2002-January/002959.html) on the [[OpenAFSInfo]] mailing list.
In order to setup cross-realm:
I've augmented the description with other comments from the thread.
--- [[TedAnderson]] - 22 Jan 2002
+-- Ted Anderson - 22 Jan 2002
The mailing list for this port is <https://lists.openafs.org/mailman/listinfo/port-darwin> and archived at <http://lists.openafs.org/pipermail/port-darwin/>.
--- [[TedAnderson]] - 17 Jan 2002
+-- Ted Anderson - 17 Jan 2002
There are issues with the Finder in this port due to its desire to enumerate and traverse all directories to look for metadata and the poor interaction of this with a fully populated directory of mountpoints mounted as /afs.
--- [[DerrickBrashear]] - 24 Jan 2002
+-- Derrick Brashear - 24 Jan 2002
Some nice GUI stuff for OS X Jaguar:
<http://cf.ccmr.cornell.edu/publicdownloads/afs>
--- [[DaveBotsch]] - 14 Nov 2003
+-- Dave Botsch - 14 Nov 2003
To get AFS tokens automatically (equivalent of aklog) on kinit or console login, you can use one of three loginLogout Kerberos plugins, which install in /Library/Kerberos Plug-Ins and require a reference in /Library/Preferences/edu.mit.Kerberos:
You can read more about it here: <http://www.citi.umich.edu/techreports/reports/citi-tr-93-3.pdf>
--- [[DerrickBrashear]] - 24 Jan 2002
+-- Derrick Brashear - 24 Jan 2002
Instead of mounting the home cell's root.afs volume at the AFS mount point (typically /afs) a fake root is constructed from information available in the client's [[CellServDB]].
--- [[DerrickBrashear]] - 24 Jan 2002
+-- Derrick Brashear - 24 Jan 2002
A similar feature exists in the Windows clients, known as the [[FreelanceClient]] feature. The technical details are available [here](https://lists.openafs.org/pipermail/openafs-devel/2001-October/001927.html).
Then restart "IBM AFS Client" and the cells you touch get added to `%SystemRoot%\afs_freelance.ini`.
--- [[TedAnderson]] - 19 Mar 2003
+-- Ted Anderson - 19 Mar 2003
2. Double-Click on the downloaded .reg file; this will add the appropriate setting to your registry.
3. Restart your computer.
--- [[DanielClark]] - 04 Aug 2002
+-- Daniel Clark - 04 Aug 2002
uss add -user joe -admin admin -server server.example.com -uid 2001 -part a -dryrun
--- [[CraigCook]] - 31 Mar 2005
+-- Craig Cook - 31 Mar 2005
fs setacl -dir <dir> -acl <user> all
--- [[StevenPelley]] - 25 Jul 2007
+-- Steven Pelley - 25 Jul 2007
There is a mailing list for the port at <https://lists.openafs.org/mailman/listinfo/port-freebsd> and archived at <https://lists.openafs.org/pipermail/port-freebsd/>.
--- [[TedAnderson]] - 17 Jan 2002
+-- Ted Anderson - 17 Jan 2002
The Freelance client reads the available mount points from a file called afs\_freelance.ini. This file will be created if not found and the list of mount points will initially be empty. New mount points can be added using "fs mkmount" or the Explorer shell extension. Alternatively, a cell will be mounted at /afs automatically simply by visiting it in a DOS window.
--- [[LeoShyhWeiLuan]] - 07 Feb 2002
+-- Leo Shyh WeiLuan - 07 Feb 2002
More gory details at <http://www.openafs.org/cgi-bin/cvsweb.cgi/~checkout~/openafs/doc/txt/winnotes/afsdb-freelance-notes>.
--- [[TedAnderson]] - 07 Apr 2004
+-- Ted Anderson - 07 Apr 2004
Useful topics: [[SettingUpAuthentication]], [[CellAdministration]], [[CrossRealmAuthentication]], [[WWWtoAFS]]
--- [[TedAnderson]] - 22 Jan, 14 Feb 2002
+-- Ted Anderson - 22 Jan, 14 Feb 2002
<a name="38"> <a name="ProgRef"> [ProgRef] AFS Programmer's Reference Manual <ftp://ftp.transarc.com/pub/afsps/doc/progref/3.0/main.ps> <file:///afs/transarc.com/public/afsps/doc/progref/3.0/> </a></a>
-<a name="Katz94"> [Katz94] Eric Katz, Michelle Butler and Robert [[McGrath]], "A Scalable HTTP Server: The NCSA Prototype", National Center for Supercomputing Applications, University of Illinois, Urbana-Champaign, Il 61820, <http://archive.ncsa.uiuc.edu/InformationServers/Conferences/CERNwww94/www94.ncsa.html> </a>
+<a name="Katz94"> [Katz94] Eric Katz, Michelle Butler and Robert McGrath, "A Scalable HTTP Server: The NCSA Prototype", National Center for Supercomputing Applications, University of Illinois, Urbana-Champaign, Il 61820, <http://archive.ncsa.uiuc.edu/InformationServers/Conferences/CERNwww94/www94.ncsa.html> </a>
> Describes the use of AFS to create a scalable web server.
>
> --
>
-> [[TedAnderson]]
+> Ted Anderson
>
> - 01 Aug 2002
To build web pages for a release, /usr/local/sbin/make\_www\_release (version) (path)
path is where to write the web pages, it expects (path)/release/(version) to exist as a directory. Those files can be committed on grand in /data/htdocs/openafs/release/(version), except release/(version)/index.html which should be committed as /data/htdocs/openafs/release/openafs-(version).html
--- [[DerrickBrashear]] - 09 Jan 2008
+-- Derrick Brashear - 09 Jan 2008
- SSH -- There are two issues. First is mutually authenticating you and the SSH server to each other using Kerberos. See [[KerberosV]] for a link to patches to kerberize [[OpenSSH]]. Second is passing local AFS authentication to the remote shell (in this case an AFS Client) in the form of AFS service tickets (tokens).
- these instructions from [[CharlesClancy]] for building openssh might be useful <http://lists.openafs.org/pipermail/openafs-info/2002-January/002846.html>
- - another perspective from [[OwenLeBlanc]] <http://lists.openafs.org/pipermail/openafs-info/2002-January/002856.html>
+ - another perspective from Owen LeBlanc <http://lists.openafs.org/pipermail/openafs-info/2002-January/002856.html>
- [[SSHKeyAuthentication]]
- How to choose between [[KaServer]], [[KerberosVMIT]], [[HeimdalKTH]] and [[ActiveDirectory]].
- [[StringToKey]] issues.
- How to configure various authentication servers to issue tickets (tokens) with lifetimes longer than 25 hours.
- [[IntegrationWithNIS]]. See the [[GeneralFAQ#1_05_d_Improved_security]], but basically you use NIS vis NSS for names of users and Kerberos via PAM for authentication. There is still the question of integrating group management.
- [[OtherGroupServers]] are not well integrated as far as I know. The big ones are [[ActiveDirectory]] and [[NIS]] and maybe some LDAP systems. While one could imagine wrapping a [[PtServer]] interface around such a thing, there are probably some features that would make seamless integration difficult. Has anyone seriously looked into this?
- - In a 10-Oct-2002 message from [[DerrickBrashear]]: <q>...something to allow LDAP queries of the PTS database... /afs/andrew.cmu.edu/usr/shadow/back-pts.tar.gz / The README inside explains how it works.</q>
+ - In a 10-Oct-2002 message from Derrick Brashear: <q>...something to allow LDAP queries of the PTS database... /afs/andrew.cmu.edu/usr/shadow/back-pts.tar.gz / The README inside explains how it works.</q>
--- [[TedAnderson]] - 22-24, 29 Jan 2002<br /> -- [[JasonGarman]] - 30 Jan 2002<br /> -- [[TedAnderson]] - 06-07 Feb, 11 Oct 2002<br /> -- [[TedAnderson]] - 27 Feb 2003<br />
+-- Ted Anderson - 22-24, 29 Jan 2002<br /> -- Jason Garman - 30 Jan 2002<br /> -- Ted Anderson - 06-07 Feb, 11 Oct 2002<br /> -- Ted Anderson - 27 Feb 2003<br />
----
- [AFS intro doc at Stanford](http://www.stanford.edu/services/afs/intro/)
- [AFS into at IBM developerworks](http://www.ibm.com/developerworks/opensource/library/os-openafs-kerberos5/index.html)
--- [[JeffreyHutzelman]] - 18 Jan 2002<br /> -- [[TedAnderson]] - 11 Apr 2002<br /> -- [[TWikiGuest]] - 24 Apr 2004
+-- Jeffrey Hutzelman - 18 Jan 2002<br /> -- Ted Anderson - 11 Apr 2002<br /> -- [[TWikiGuest]] - 24 Apr 2004
----
Thanks to everyone who has reviewed this document, and offered corrections and contributions.
--- [[SimonWilkinson]] - 07 Jul 2009
+-- Simon Wilkinson - 07 Jul 2009
I'll document this when the release tool is done. Should be sometime before the next release ...
--- [[SimonWilkinson]] - 08 Jul 2009
+-- Simon Wilkinson - 08 Jul 2009
Build a persistent clone & checkout of the master in AFS. Get gerrit and/or cron to keep this constantly up to date.
--- [[SimonWilkinson]] - 06 Jun 2009
+-- Simon Wilkinson - 06 Jun 2009
Clients now have large local disks available to them, and fast local bandwidth. The issue, in particular in scientific applications with large datasets, is in the speed of the transport mechanism between the client and the server hosting the data. In a cluster environment, where a large number of clients are collaborating on processing the same read-only data, it shouldn't be necessary for each client to individually fetch the data from the server - instead a single client should be able to perform the data fetch, and share the results with all of the other clients in the cluster. This is a challenging project, developing a design and proof of concept for entirely new functionality. Skills learned will include the principals of peer-to-peer filesystems, developing cluster filesystems and kernel programming
--- [[SimonWilkinson]] - 06 Mar 2010 ~~~~
+-- Simon Wilkinson - 06 Mar 2010 ~~~~
When [[OpenAFS]] was released, 3 files with HP copyrighted code could not be released. 2, the Rx kernel support, were reimplemented by Derrick Brashear from previously released open source Rx, and other platforms' kernel Rx implementations. The remaining file appears to have been a literal copy of a kernel header from HP-UX for the VM system interface to VFS, and so far despite email and teleconferences nothing has happened. Headers included with HP-UX appear to be insufficient to create a loadable file system driver against, so unless HP decides to co-operate or someone attempts to reverse-engineer some structures, no further progress is possible.
--- [[DerrickBrashear]] - 18 Jan 2002
+-- Derrick Brashear - 18 Jan 2002
Thanks to Esther Filderman we found a useful contact within HP, and hopefully results will be forthcoming in the near future.
--- [[DerrickBrashear]] - 10 Jul 2002
+-- Derrick Brashear - 10 Jul 2002
HP intends to make this header available to their customers, and provided a copy for porting purposes. Carl Davidson from HP provided further help and guidance and after further communication with IBM and some help from Laura Stentz in obtaining one further file from IBM, we have a working HP-UX11Port though at this point no loadable module support.
--- [[DerrickBrashear]] - 30 Sep 2002
+-- Derrick Brashear - 30 Sep 2002
[[OpenAFS]] 1.2.8 included support for 11.0.
--- [[DerrickBrashear]] - 18 Dec 2002
+-- Derrick Brashear - 18 Dec 2002
<http://www.pdc.kth.se/heimdal/>
--- [[TedAnderson]] - 23 Jan 2002
+-- Ted Anderson - 23 Jan 2002
See also [[AncientHistory]].
--- [[TedAnderson]] - 18 Jan 2002
+-- Ted Anderson - 18 Jan 2002
Send comments, questions, bad links, &c. to [me](mailto:jhvilas@gmail.com) if you like, or fix them -- this is a Wiki, after all. And to the many people who've sent comments: Thank you! Your feedback has helped!
--- [[JosephHVilas]] - 03 Aug 2006
+-- Joseph H Vilas - 03 Aug 2006
Once you've verified that AFS works correctly, you may want to configure AFS to start automatically, via whatever mechanism you prefer.
--- [[DavidNolan]] - 29 Jul 2003
+-- David Nolan - 29 Jul 2003
#### <a name="Mac OS X 10.3"></a> Mac OS X 10.3
[http://www.ibiblio.org/macsupport/kerberos/kerberos10\_2.html](http://www.ibiblio.org/macsupport/kerberos/kerberos10_2.html)
--- [[ClarkHale]] - 20 Jan 2005 Removed Crap, and dead link.
+-- Clark Hale - 20 Jan 2005 Removed Crap, and dead link.
--- [[MarkEichin]] - 18 Jan 2002
See the [BoxedPenguin](http://www.boxedpenguin.com/) main page for a detailed description of the Instant Infrastructure "vision".
+
+-- Mark Eichin - 18 Jan 2002
-As [[CharlesClancy]] says in this [thread](http://lists.openafs.org/pipermail/openafs-info/2002-February/003258.html):
+As Charles Clancy says in this [thread](http://lists.openafs.org/pipermail/openafs-info/2002-February/003258.html):
_First, kill all your NIS passwords_ <font>(no doubt with a nod to [Shakespeare](http://firms.findlaw.com/LegalJournal/memo10.htm))</font>
--- [[TedAnderson]] - 07 Feb 2002
+-- Ted Anderson - 07 Feb 2002
In addition to enhancing the overall documentation, this latest revision incorporates a number of modifications and new features, several of which were either suggested or inspired by the valued feedback we have received from some of you. -- [[ManuelPereira]] - 02 Jul 2002
-Note: below is only the documentation for the API. The actual API source is included with the [[OpenAFS]] source distribution and is viewable on the web at <http://www.openafs.org/cgi-bin/cvsweb.cgi/openafs/src/JAVA/> -- [[DanielClark]] - 08 Jan 2003
+Note: below is only the documentation for the API. The actual API source is included with the [[OpenAFS]] source distribution and is viewable on the web at <http://www.openafs.org/cgi-bin/cvsweb.cgi/openafs/src/JAVA/> -- Daniel Clark - 08 Jan 2003
The Java AFS API (JAFS) has been updated, employing several fixes and improvements, with patches for [[OpenAFS]] 1.2.9 source and the current source (CVS/daily snapshots). The most recent API documents (v2) are posted below along with the recent source patches. -- [[ManuelPereira]] - 09 Jun 2003
See [[SettingUpAuthentication]], [[KerberosIV]], [[KerberosV]], and [[AuthCommands]]
--- [[TedAnderson]] - 23 Jan 2002
+-- Ted Anderson - 23 Jan 2002
Derrick wrote nice pages at: <http://www.cs.cmu.edu/afs/andrew.cmu.edu/usr/shadow/www/afs/afs-with-kerberos.html> <http://www.contrib.andrew.cmu.edu/~shadow/afs/afs-with-kerberos.html>
-[[DenizKanca]] [posted](https://lists.openafs.org/pipermail/openafs-info/2003-January/007799.html) her notes at [http://www.arayan.com/da/yazi/OpenAFS\_Kerberos\_5.html](http://www.arayan.com/da/yazi/OpenAFS_Kerberos_5.html).
+Deniz Kanca [posted](https://lists.openafs.org/pipermail/openafs-info/2003-January/007799.html) her notes at [http://www.arayan.com/da/yazi/OpenAFS\_Kerberos\_5.html](http://www.arayan.com/da/yazi/OpenAFS_Kerberos_5.html).
-[[JeffreyHutzelman]] posted a good [summary](https://lists.openafs.org/pipermail/openafs-info/2003-July/010159.html) of all these component to [[OpenAFS]]-info on 25-Jul-2003. Be sure to check to follow-ups for some minor clarifications.
+Jeffrey Hutzelman posted a good [summary](https://lists.openafs.org/pipermail/openafs-info/2003-July/010159.html) of all these component to [[OpenAFS]]-info on 25-Jul-2003. Be sure to check to follow-ups for some minor clarifications.
## <a name="Basics"></a> Basics
In its current state, you have to manually log into your AFS cell through kinit and possibly aklog (explain aklog..., debugging using "tokens" etc). There are several methods to enable transparent login to both local resources (the machine itself) and AFS through a single password. See [[KerberosV]] and [[SettingUpAuthentication]] for some information. The best option if you are using pam is probably the [pam\_krb5 project on sourceforge](http://sourceforge.net/projects/pam-krb5/).
--- [[JasonGarman]] - 05 Feb 2002 -- [[DerrickBrashear]] - 26 Nov 2002
+-- Jason Garman - 05 Feb 2002 -- Derrick Brashear - 26 Nov 2002
Where REALM.NAME and cell.name are the names of your [[KerberosRealm]] and [[AFSCell]] respectively.
-If you already have a working AFS cell using [[KaServer]], check out [[DerrickBrashear]]'s document for converting from the [[KaServer]] to [[HeimdalKTH]] [here](http://lost-contact.mit.edu/afs/net/project/afs32/andrew.cmu.edu/usr/shadow/ka2heim.txt): <file:/afs/andrew.cmu.edu/usr/shadow/ka2heim.txt>
+If you already have a working AFS cell using [[KaServer]], check out Derrick Brashear's document for converting from the [[KaServer]] to [[HeimdalKTH]] [here](http://lost-contact.mit.edu/afs/net/project/afs32/andrew.cmu.edu/usr/shadow/ka2heim.txt): <file:/afs/andrew.cmu.edu/usr/shadow/ka2heim.txt>
For now a few links... explanations to follow later:
- Setting up [[OpenSSH]] to use [[KerberosV]] authentication: you can either use PAM to authenticate people (boring) or you can add the patches at <http://www.sxw.org.uk/computing/patches/openssh.html> to use existing [[KerberosV]] tickets for single-sign-on and automatic ticket forwarding (interesting). Note that by default this patch won't grab tickets when logging in via password - post small patch to enable this later.
-- If you're having trouble with [[KenHornstein]]'s AFS-Kerberos5 migration kit available at <ftp://ftp.cmf.nrl.navy.mil/pub/kerberos5/>, see <http://www.mathematik.uni-karlsruhe.de/~iwrmm/Persons/Schulz/Unix/afs/afs-krb5.html> for tips. In particular check out the Makefile patches.
+- If you're having trouble with Ken Hornstein's AFS-Kerberos5 migration kit available at <ftp://ftp.cmf.nrl.navy.mil/pub/kerberos5/>, see <http://www.mathematik.uni-karlsruhe.de/~iwrmm/Persons/Schulz/Unix/afs/afs-krb5.html> for tips. In particular check out the Makefile patches.
- [[DenizKanca]] posted [Kerberos 5 and OpenAFS - Notes available](https://lists.openafs.org/pipermail/openafs-info/2003-January/007799.html) on 19-Jan-2003 saying
> ... I took some notes on what I did when I set up Kerberos 5 and
>
--- [[TedAnderson]] - 22 Jan 2002 -- [[DerrickBrashear]] - 23 Jan 2002 -- [[TedAnderson]] - 23 Jan 2002 -- [[JasonGarman]] - 30 Jan 2002 -- [[TedAnderson]] - 31 Jan 2002
+-- Ted Anderson - 22 Jan 2002 -- Derrick Brashear - 23 Jan 2002 -- Ted Anderson - 23 Jan 2002 -- Jason Garman - 30 Jan 2002 -- Ted Anderson - 31 Jan 2002
----
<http://web.mit.edu/kerberos/www/>
--- [[JasonGarman]] - 30 Jan 2002
+-- Jason Garman - 30 Jan 2002
A binary file containing fixed-length records consisting of a [[KeyVersionNumber]] (kvno) and a 56 bit DES key.
--- [[DerrickBrashear]] - 26 Nov 2002
+-- Derrick Brashear - 26 Nov 2002
Monatonically increasing (in most cases) key version identifier which is incremented each time a principal changes keys (typically involving a change password operation)
--- [[DerrickBrashear]] - 26 Nov 2002
+-- Derrick Brashear - 26 Nov 2002
--- [[JimmyEngelbrecht]] - 06 May 2004
The [[OpenAFS]] client for windows expects the DB-servers to respond to kerberosrequests(\*), which is not the case if you run for ex. a MIT or heimdal KDC on separate mashines. The krb-forward utility is installed on the DB-servers and acts as a proxy to the real KDC's.
the source builds on Linux, Digital UNIX and Solaris. The program was written by Love H�rnquist �strand
(\*) This is not true when MIT Kerberos for Windows <http://web.mit.edu/kerberos/> is installed on the machine. In that case, the Kerberos libraries look for the MIT or Heimdal KDC independent of the [[CellServDB]] entries.
+
+-- Jimmy Engelbrecht - 06 May 2004
Modify AFS clients and servers to support files bigger than 2<sup>31</sup>-1 bytes.
-Here is the way [[JeffreyHutzelman]] [described](http://lists.openafs.org/pipermail/openafs-devel/2002-January/002304.html) the project:
+Here is the way Jeffrey Hutzelman [described](http://lists.openafs.org/pipermail/openafs-devel/2002-January/002304.html) the project:
- Add a whole new set of fileserver RPC's that use 64-bit file sizes, offsets, and lengths. This would affect at least [[FetchData]], [[StoreData]], [[FetchStatus]], [[StoreStatus]], [[BulkStatus]], [[InlineBulkStatus]], and possibly some others.
----
-[[HartmutReuter]] responded in the same thread indicating that much of the client work has been done to support [[MultiResidentAFS]]. Doing the server part of the work is probably not as difficult.
+Hartmut Reuter responded in the same thread indicating that much of the client work has been done to support [[MultiResidentAFS]]. Doing the server part of the work is probably not as difficult.
--- [[TedAnderson]] - 17 Jan 2002
+-- Ted Anderson - 17 Jan 2002
This client-side work is available in the [[OpenAFSCVS]] tree and is expected to become available in the next series of stable releases after the 1.2 series.
--- [[DerrickBrashear]] - 24 Jan 2002
+-- Derrick Brashear - 24 Jan 2002
-I had a student working on this over the summer. [[HartmutReuter]] provided him with some further specifics:
+I had a student working on this over the summer. Hartmut Reuter provided him with some further specifics:
1) The 1st problem is: where to store the high order 32 bits of the file length in the vnode. My suggestion is:
I've picked up where my student left off, since we are very interested in having large file support. Since the CVS tree has been changing quite a bit lately, I've been working against the unstable 1.3.2 release. I've gotten much working, but not quite all the way yet.
--- [[LindsayTodd]] - 06 Nov 2002
+-- Lindsay Todd - 06 Nov 2002
--- [[JeremyStribling]] - 28 Jun 2002
## <a name="Linux _OpenAFS Installation Tool"></a> Linux [[OpenAFS]] Installation Tools
The tools now include support for [[KerberosVMIT]]. If you have an existing [[KerberosVMIT]] realm with the same name as the cell you are creating, you can use these tools to integrate them. Check out [[KerberosAFSInstall]] and the README below for details
- [[K5_README]]: Kerberos 5 support README
+
+-- Jeremy Stribling - 28 Jun 2002
See the [[DarwinPort]] page for relevant information.
--- [[DaveBotsch]] - 14 Nov 2003
+-- Dave Botsch - 14 Nov 2003
## <a name="Porting _OpenAFS to the Nokia N-"></a> Porting [[OpenAFS]] to the Nokia N-Series Internet Tablet (N800/N810) running the Maemo platform
-Developer: [[DerrickBrashear]]
+Developer: Derrick Brashear
-Tester: [[JasonEdgecombe]]
+Tester: Jason Edgecombe
Notes:
- Get Kerberos compiled for Maemo
- GUI for configuration and getting tickets/tokens
--- [[JasonEdgecombe]] - 08 Mar 2008
+-- Jason Edgecombe - 08 Mar 2008
The following are items known to be in progress, and, where available, a point of contact.
-- [[WindowsIFS]] -- Implement AFS as a Windows installable file system instead of as a virtual SMB server. In Progress. Contact [[JeffreyAltman]]
+- [[WindowsIFS]] -- Implement AFS as a Windows installable file system instead of as a virtual SMB server. In Progress. Contact Jeffrey Altman
-- [[WindowsAFSServers]] - Stabilize the AFS Servers running on Microsoft Windows. Contact [[JeffreyAltman]]
+- [[WindowsAFSServers]] - Stabilize the AFS Servers running on Microsoft Windows. Contact Jeffrey Altman
- [[DisconnectedOperation]] provides the ability to use AFS while not connected to a network.
- [[OpenBSDPort]] -- In progress. Cache manager available, not stable yet.
-- [[AutoConf]] with automake too. In progress. Contact [[DerrickBrashear]].
+- [[AutoConf]] with automake too. In progress. Contact Derrick Brashear.
-- [[AmandaBackup]] -- Support for backup using [Amanda](http://www.amanda.org). In progress. Contact [[MitchCollinsworth]].
+- [[AmandaBackup]] -- Support for backup using [Amanda](http://www.amanda.org). In progress. Contact Mitch Collinsworth.
-- [[BetterDocumentation]] -- Contact [[RussAllbery]]
+- [[BetterDocumentation]] -- Contact Russ Allbery
-- [[MaemoPort]] -- Porting to the Nokia N8x0 Internet Tablet. Contact [[DerrickBrashear]] or [[JasonEdgecombe]]
+- [[MaemoPort]] -- Porting to the Nokia N8x0 Internet Tablet. Contact Derrick Brashear or Jason Edgecombe
## <a name="Proposed Projects"></a> Proposed Projects
- [[VolumeDumpEditor]] -- Need tool to allow editing volume dumps.
-- [[BetterServerPreferences]] allow selectable continuous or on-demand server preferences in clients based on available information about Rx connection round trip times instead of classful networking approach currently used. Contact [[DerrickBrashear]]. _Do this for vldb servers too, or is that a separate project? [[TedAnderson]]_
+- [[BetterServerPreferences]] allow selectable continuous or on-demand server preferences in clients based on available information about Rx connection round trip times instead of classful networking approach currently used. Contact Derrick Brashear. _Do this for vldb servers too, or is that a separate project? Ted Anderson_
-- [[NFSTranslatorServer]] -- Create an AFS/NFS translator for [[OpenAFS]] because there were licensing issues with the code in the IBM/Transarc product. A Solaris-only version will be supported with and after 1.2.8. Another approach is a user-mode implementation. Contact [[JeffreyHutzelman]].
+- [[NFSTranslatorServer]] -- Create an AFS/NFS translator for [[OpenAFS]] because there were licensing issues with the code in the IBM/Transarc product. A Solaris-only version will be supported with and after 1.2.8. Another approach is a user-mode implementation. Contact Jeffrey Hutzelman.
-- [[PartitionUUID]] -- Create partition UUIDs such that the vldb can be rapdily updated if a disk is moved from one machine to another. Contact [[DerrickBrashear]].
+- [[PartitionUUID]] -- Create partition UUIDs such that the vldb can be rapdily updated if a disk is moved from one machine to another. Contact Derrick Brashear.
- [[ByteRangeLocks]] would improve support for applications that use them especially those on Windows platforms.
\* Revamping the Callback mechanism. See discussion on afs3-standardization at openafs.org mailing list.
-- [[AutomatedTests]] - Have buildbot automatically run unit tests on a regular basis. Contact [[JasonEdgecombe]]
+- [[AutomatedTests]] - Have buildbot automatically run unit tests on a regular basis. Contact Jason Edgecombe
----
-Copied by [[TedAnderson]] with some minor edits from <http://www.openafs.org/projects.html> (dated 17-Oct-2001).
+Copied by Ted Anderson with some minor edits from <http://www.openafs.org/projects.html> (dated 17-Oct-2001).
----
--- [[StevenJenkins]] - 01 Aug 2007
+-- Steven Jenkins - 01 Aug 2007
This is a place holder for notes on the redesign of the openafs.org website.
- What needs to be done? \* Bug tracker \* Project list and development roadmap \* Beginner project list \* Documentation to-do lists
- What are the requirements for contribution? \* Coding style \* Documentation style \* Review and approval process, role of gatekeepers
--- [[WarrenYenson]] - 02 Aug 2007
+-- Warren Yenson - 02 Aug 2007
Other AFS implementations: [[IBM/AFS]], [[Coda]], [[Arla]] and [kAFS](https://lists.openafs.org/pipermail/openafs-info/2002-August/005611.html).
--- [[TedAnderson]] - 16 Jan 2002
+-- Ted Anderson - 16 Jan 2002
Removed vandalized content.
--- [[RomanRozinov]] - 19 Feb 2005
+-- Roman Rozinov - 19 Feb 2005
The home of [[OpenAFS]] development, the [[OpenAFSCVS]] tree can be browsed at: <http://www.openafs.org/frameset/cgi-bin/cvsweb.cgi/openafs/> or can be accessed at :pserver:anonymous@cvs.openafs.org:/cvs as module openafs. The password for anonymous is anonymous.
--- [[DerrickBrashear]] - 24 Jan 2002
+-- Derrick Brashear - 24 Jan 2002
- Determine tag->delta relationship
--- [[MichaelMeffie]] - 28 Oct 2008
+-- Michael Meffie - 28 Oct 2008
- _dbrashear_ : Keep size of pinned data and don't let it exceed cache size (or percentage of it).
--- [[DragosTatulea]] - 09 Feb 2009
+-- Dragos Tatulea - 09 Feb 2009
The [[OpenAFS]] project has several [mailing lists](https://lists.openafs.org/mailman/listinfo/), one of which is [OpenAFS-devel](https://lists.openafs.org/mailman/listinfo/openafs-devel) is for technical discussion of [[OpenAFS]] development work and is archived at <http://lists.openafs.org/pipermail/openafs-devel/>.
--- [[TedAnderson]] - 17, 23 Jan 2002
+-- Ted Anderson - 17, 23 Jan 2002
void
VGetVolumePath(Error * ec, VolId volumeId, char **partitionp, char **namep)
--- [[MichaelMeffie]] - 10 Oct 2008
+-- Michael Meffie - 10 Oct 2008
The [[OpenAFS]] project has several [mailing lists](https://lists.openafs.org/mailman/listinfo/), one of which is [OpenAFS-info](https://lists.openafs.org/mailman/listinfo/openafs-info) is for general discussion of [[OpenAFS]] and is archived at <http://lists.openafs.org/pipermail/openafs-info/>.
--- [[TedAnderson]] - 23 Jan 2002
+-- Ted Anderson - 23 Jan 2002
Contact: Derrick Brashear <shadow@dementia.org>
--- [[DerrickBrashear]] - 09 Nov 2009
+-- Derrick Brashear - 09 Nov 2009
- Color scheme matching logo
- "Power to Serve" catchy, something to remember [[FreeBSD]] by, sort of superfluous?
--- [[JacobThebaultSpieker]] - 12 Nov 2008
+-- Jacob Thebault Spieker - 12 Nov 2008
----
\* [An old thread](http://lists.openafs.org/pipermail/openafs-info/2002-November/007117.html) from the openafs-info mailing list dealing with compilation on [[OpenBSD]] 3.1
--- [[ClarkHale]] - 16 Jan 2005
+-- Clark Hale - 16 Jan 2005
There's more recent thinking on this topic but [[FurtherReading#Everhart90]] is a start.
--- [[TedAnderson]] - 14 Feb 2002
+-- Ted Anderson - 14 Feb 2002
See [[ProcessAuthenticationGroup]].
--- [[TedAnderson]] - 07 Feb 2002
+-- Ted Anderson - 07 Feb 2002
----
--- [[TedAnderson]] - 25 Apr 2003
+-- Ted Anderson - 25 Apr 2003
-Some [words](https://lists.openafs.org/pipermail/openafs-info/2002-February/003281.html) from [[RussAllbery]] on [[process authentication groups|ProcessAuthenticationGroup]] ([[PAG]]s) with edits:
+Some [words](https://lists.openafs.org/pipermail/openafs-info/2002-February/003281.html) from Russ Allbery on [[process authentication groups|ProcessAuthenticationGroup]] ([[PAG]]s) with edits:
A PAG holds the authentication information (i.e. tokens or basically AFS service tickets) needed by the [[CacheManager]] to identify you to AFS servers and visa versa (i.e. Kerberos provides [[MutualAuthentication]]). Each PAG is represented by a number, typically encoded as a pair of "funny" groups in your group list. Thus, because it is part of your credentials, it is naturally (on Unix systems at least) and automatically propagated to child processes. These children will have access to your tokens even if they have a diffenent UID (e.g. set uid root programs like lpr can still access your files).
Use `klog -setpag` to create a (new) PAG after logging in. In a [[KerberosV]] environment, use `aklog -setpag`. There's also [[pagsh|UsageFAQ#2_06_What_is_pagsh_]].
--- [[TedAnderson]] - 07 Feb 2002
+-- Ted Anderson - 07 Feb 2002
----
- [[RxKadAuthenticatorTypes]] - to deal with a [cryptographic weakness in Kerberos 4 involving cross-cell authentication](http://www.openafs.org/frameless/security/OPENAFS-SA-2003-001.txt) a new version of rxkad has been defined that works with Kerberos 5 tickets and doesn't require any client changes. It is called rxkad 2b and is described in <http://grand.central.org/dl/doc/protocol/rx/rxkad-2b.html>.
- [fcrypt](http://surfvi.com/~ota/fcrypt-paper.txt) - encryption algorithm used for communication security used by rxkad.
--- [[DerrickBrashear]] - 26 Nov 2002<br /> -- [[TedAnderson]] - 10 Apr 2003<br /> -- [[TedAnderson]] - 27 Jun 2006<br />
+-- Derrick Brashear - 26 Nov 2002<br /> -- Ted Anderson - 10 Apr 2003<br /> -- Ted Anderson - 27 Jun 2006<br />
- [[Ve may bay|http://didaudidau.vn/ve-may-bay/]]
"Managing AFS: The Andrew File System" by Richard Campbell was published by Prentice-Hall in February, 1998. It is supposedly out of print, but somehow there is always a copy or two available from Amazon [here.](http://www.amazon.com/exec/obidos/ASIN/0138027293/qid%3D1023720253/ref%3Dsr%5F11%5F0%5F1/104-0953845-2989550.)
-Recently a new book has come out, "Distributed Services with [[OpenAFS]]: for Enterprise and Education" by Wolfgang A. Gehrke and Franco Milicchio. It's also available [through Amazon](http://www.amazon.com/Distributed-Services-OpenAFS-Enterprise-Education/dp/3540366334/ref=pd_sim_b) and probably through most other on-line and brick-and-mortar stores. I ([[SteveSimmons]]) checked with a co-worker who has read it. He describes it as good for people who've not seen AFS before and might be setting up from scratch.
+Recently a new book has come out, "Distributed Services with [[OpenAFS]]: for Enterprise and Education" by Wolfgang A. Gehrke and Franco Milicchio. It's also available [through Amazon](http://www.amazon.com/Distributed-Services-OpenAFS-Enterprise-Education/dp/3540366334/ref=pd_sim_b) and probably through most other on-line and brick-and-mortar stores. I (Steve Simmons) checked with a co-worker who has read it. He describes it as good for people who've not seen AFS before and might be setting up from scratch.
### <a name="4.12 Where can I find tools to u"></a> 4.12 Where can I find tools to use with AFS?
# <a name="Using Samba as an AFS gateway"></a> Using Samba as an AFS gateway
-Recently I've been researching methods of using Samba as an AFS gateway. Below are my findings so far. Please feel free to add/correct stuff. -- [[DanielClark]] - 04 Aug 2002
+Recently I've been researching methods of using Samba as an AFS gateway. Below are my findings so far. Please feel free to add/correct stuff. -- Daniel Clark - 04 Aug 2002
## <a name="Plain text passwords sent over n"></a> Plain text passwords sent over network
There's not really much else to say here, because all these patches do is revert OpenSSH to its previous well-documented behaviour.
--- [[RayLink]] - 26 Feb 2003
+-- Ray Link - 26 Feb 2003
<http://www.stacken.kth.se/>
--- [[DerrickBrashear]] - 24 Jan 2002
+-- Derrick Brashear - 24 Jan 2002
The function that maps a password to an encryption key is called [[StringToKey]]. The AFS standard one uses the realm name as a salt. The MIT standard is different from this and there were changes between v4 and v5 as well, I think.
--- [[TedAnderson]] - 23 Jan 2002
+-- Ted Anderson - 23 Jan 2002
The MIT v5 [[StringToKey]] uses the same underlying algorithm as the v4 [[StringToKey]], but adds a salt based on the principal name.
--- [[DerrickBrashear]] - 24 Jan 2002
+-- Derrick Brashear - 24 Jan 2002
- [[Replacing the fsck Program on Digital UNIX Systems|ReplacingTheFsckProgramOnDigitalUNIXSystems]]
- [[Replacing the fsck Program Helper on AIX Systems|ReplacingTheFsckProgramHelperOnAIXSystems]]
--- [[CraigCook]] - 29 Apr 2005
+-- Craig Cook - 29 Apr 2005
You can easily see that you are using an NAMEI file server if there is a directory named `AFSIDat` and with subdirectories like `+` and `+1` in your `/vicep*`.
--- [[TinoSchwarze]] - 25 Jul 2003
+-- Tino Schwarze - 25 Jul 2003
## <a name="Recommended Partition Types for"></a><a name="Recommended Partition Types for "></a> Recommended Partition Types for use with [[OpenAFS]]
- **Question:** Does this table imply that clients can't use the NAMEI backend and still need a specific filesystem? Will this ever change?
--- [[ToddLewis]] - 06 Nov 2002
+-- Todd Lewis - 06 Nov 2002
- **Another Question:** Does this mean that you can use an NFS mount point as a /vicexx if you use a NAMEI fileserver?
--- [[ChrisMcClimans]] - 25 Jul 2003
+-- Chris McClimans - 25 Jul 2003
</tr>
</table>
--- [[DerrickBrashear]] - 8 Feb 2002 Resorted Windows platforms by sys name. Split [[NetBSD]] entry into 1.4 and 1.5 as [[OpenAFS]] has partial support for the latter. Noted IBM support of AIX 5.0
+-- Derrick Brashear - 8 Feb 2002 Resorted Windows platforms by sys name. Split [[NetBSD]] entry into 1.4 and 1.5 as [[OpenAFS]] has partial support for the latter. Noted IBM support of AIX 5.0
--- [[LeoShyhWeiLuan]] - 8 Feb 2002 Added Windows platforms
+-- Leo Shyh WeiLuan - 8 Feb 2002 Added Windows platforms
--- [[JeffreyHutzelman]] - 18 Jan 2002
+-- Jeffrey Hutzelman - 18 Jan 2002
Copied the Arla data from <http://www.stacken.kth.se/projekt/arla/>
--- [[TedAnderson]] - 18 Jan 2002
+-- Ted Anderson - 18 Jan 2002
-Some papers on Ubik written by [[MikeKazar]].
+Some papers on Ubik written by Mike Kazar.
- [Quorum Completion](http://www-2.cs.cmu.edu/afs/cs.cmu.edu/academic/class/15612-s98/projects/Scraw/www/design/ubik.ps), Mike Kazar.
- [Ubik](http://www-2.cs.cmu.edu/afs/cs.cmu.edu/academic/class/15612-s98/projects/Scraw/www/design/rpc2-manual.ps) -- A Library for Managing Ubiquitous Data.
- M. L. Kazar, "Ubik: Replicated Servers Made Easy", Proceedings of the Second Workshop on Workstation Operating Systems, Pacific Grove, CA, September, 27-29, 1989, pp. 60-67. [CiteSeer](http://citeseer.nj.nec.com/context/37463/0) does not have this document on-line, but IEEE members can get it at <http://ieeexplore.ieee.org/iel5/267/3322/00109269.pdf>.
--- [[TedAnderson]] - 23 Jan 2002
+-- Ted Anderson - 23 Jan 2002
- http://lost-contact.mit.edu/afs/net/project/afs32/<cell>/<rest>
--- [[TedAnderson]] - 24 Jan 2002
+-- Ted Anderson - 24 Jan 2002
WebNotify is a subscription service to be automatically notified by email when topics change in the **%WIKITOOLNAME%.%WEB%** web. This is a convenient service, so you do not have to come back and check all the time if something has changed. To subscribe to the service, please put yourself on the list below. The format is: `3 spaces * Main.yourWikiName - yourEmailAddress`
-- [[TedAnderson]] - <ota@transarc.com>
-- [[JosephHVilas]] - <jhvilas@gmail.com>
+- Ted Anderson - <ota@transarc.com>
+- Joseph H Vilas - <jhvilas@gmail.com>
- [[KimKimball]] - <afs@ccre.com>
- [[LeoShyhWeiLuan]] - <luan@almaden.ibm.com>
- [[NicholasHenke]] - <henken@seas.upenn.edu>
- [[NorbertGruener]] - <nog@MPA-Garching.MPG.de>
-- [[DanielClark]] - <dclark@pobox.com>
+- Daniel Clark - <dclark@pobox.com>
**_Note:_** It is helpful to insert your name in alphabetical order (by first name -- ignore the "Main.") -- then you can find your name (or not) more easily if you wish to remove it or confirm that you are on the list.
-- _I assume this page used to work, but stopped notifying folks at some point. I doubt the minor change I just made will help; if someone can fix it for real, that would be nice._ -- [[JosephHVilas]] - 10 Aug 2005
+- _I assume this page used to work, but stopped notifying folks at some point. I doubt the minor change I just made will help; if someone can fix it for real, that would be nice._ -- Joseph H Vilas - 10 Aug 2005
**_Related topics:_** [[TWikiUsers]], [[TWikiRegistration]]
- A list of of project ideas, or a list of upcoming projects could be provided by a roadmap
- a "requested feature list" might also be warranted, could fit in with the list of project ideas (Google Summer of Code)
--- [[JacobThebaultSpieker]] - 12 Nov 2008
+-- Jacob Thebault Spieker - 12 Nov 2008
- details on each
- wiki page vs. site?
--- [[JacobThebaultSpieker]] - 24 Nov 2008
+-- Jacob Thebault Spieker - 24 Nov 2008
Please provide any feedback you may have as to other online survey options, or your experiences with any of the services being considered.
--- [[JacobThebaultSpieker]] - 12 Nov 2008
+-- Jacob Thebault Spieker - 12 Nov 2008
- What is important to you when viewing a website?
- The last three times you visited openafs.org, what questions were you trying to answer?
--- [[JacobThebaultSpieker]] - 12 Nov 2008
+-- Jacob Thebault Spieker - 12 Nov 2008
----
MORE TO COME ....
--- [[MoosE]] - 29 Nov 2008
+-- Moos E - 29 Nov 2008
Elsewhere on this site are a guide to [[GettingStarted]] with AFS, some [[AncientHistory]], and a variety of AFS3 [[ProtocolInfo]].
--- [[JeffreyHutzelman]] - 18 Jan 2002
+-- Jeffrey Hutzelman - 18 Jan 2002
This page is for information about individuals and companies who are willing to provide AFS support and/or consulting services. If you or your company are interested in providing such services, please add yourself.
--- [[JeffreyHutzelman]] - 18 Jan 2002
+-- Jeffrey Hutzelman - 18 Jan 2002
#### <a name="Sine Nomine Associates"></a> [Sine Nomine Associates](http://www.sinenomine.net/)
It is clear that Wiki vandalizers or spammers have been targetting AFSLore. There has been some discussion on the [[OpenAFSInfo]] mailing list: [wiki docs contain spam](https://lists.openafs.org/pipermail/openafs-devel/2004-October/011121.html), [Wiki SPAM problems](https://lists.openafs.org/pipermail/openafs-info/2005-January/016269.html), [twiki vandalized](https://lists.openafs.org/pipermail/openafs-info/2005-February/016571.html), [Re: twiki vandalized](https://lists.openafs.org/pipermail/openafs-info/2005-February/016786.html) and others. I don't know what the solution is, but perhaps it would be good to collect, discuss and coordinate strategies for short term repair and long term prevention. To that end, I've created this page.
-The good news is that TWiki's revision control system makes it fairly easy to undo the bogus changes, but it is certainly tedious. I see that [[JosephHVilas]] has been fixing pages recently and others have done so earlier. Others who have tackled the problem should feel free to add their names here and comment on any techniques they've used to help in the process.
+The good news is that TWiki's revision control system makes it fairly easy to undo the bogus changes, but it is certainly tedious. I see that Joseph H Vilas has been fixing pages recently and others have done so earlier. Others who have tackled the problem should feel free to add their names here and comment on any techniques they've used to help in the process.
-- _I had some luck on my last de-spamming pass by searching for <code>**'\\.cn/'**</code> . OTOH, I probably could have done a better job of resurrecting some user pages. OT Third Tentacle, it might be nice were someone to fix TWikiUsers by removing the, uh, spurious entries._ -- [[JosephHVilas]] - 10 Aug 2005
+- _I had some luck on my last de-spamming pass by searching for <code>**'\\.cn/'**</code> . OTOH, I probably could have done a better job of resurrecting some user pages. OT Third Tentacle, it might be nice were someone to fix TWikiUsers by removing the, uh, spurious entries._ -- Joseph H Vilas - 10 Aug 2005
The vandals clearly use automated techniques, we need some repair automation as well. It might be pretty easy to write a Perl script that takes a [[WikiName]] and a revision number and just resets the topic to that contents.
-One prevention strategy is to require more checking at registration time. Though this puts more burden on the admins, the pace of new, legitimate registration on AFSLore is probably pretty low. Maybe a volunteer system to monitor new registrations as [[JeffreyHutzelman]] [suggested](https://lists.openafs.org/pipermail/openafs-info/2005-March/016813.html) would be a good idea.
+One prevention strategy is to require more checking at registration time. Though this puts more burden on the admins, the pace of new, legitimate registration on AFSLore is probably pretty low. Maybe a volunteer system to monitor new registrations as Jeffrey Hutzelman [suggested](https://lists.openafs.org/pipermail/openafs-info/2005-March/016813.html) would be a good idea.
Deploying some kind of fuzzy GIF interpretation (sometimes termed a [captcha](http://en.wikipedia.org/wiki/Captcha)) step during registration might also be helpful, but I don't know how hard it would be to find and deploy such a system.
- [WikiSpam](http://twiki.org/cgi-bin/view/Codev/WikiSpam) on [TWiki.org](http://twiki.org/) has summary of information on this topic. It is particularly relevant since AFSLore runs on (old) TWiki software.
--- [[TedAnderson]] - 27 Apr 2005
+-- Ted Anderson - 27 Apr 2005
- _Boy, it sure is nice not to see that spam all over the place any more. Thanks, Derrick_.
--- [[JosephHVilas]] - 04 Aug 2006
+-- Joseph H Vilas - 04 Aug 2006
--- [[JeffreyAltman]] - 14 Jun 2008
+-- Jeffrey Altman - 14 Jun 2008
This page provides a partial list of the work that must be done to update the AFS Servers on the Microsoft Windows platform.
The reason one would do this is during the transition to K5. Once you have your K5 servers and your [[KeyFile]] configured to contain the old afs kaserver principal and the new K5 service principal you can continue to run the kaserver until your afs clients are configured to use K5 only and wean yourself off the kaserver. The downside of this is having 2 passwords, one in the kaserver and one in the K5 server and not confusing the users.
--- [[JohnSopko]] - 24 Jul 2007
+-- John Sopko - 24 Jul 2007
There is a very good sounding discussion of storing roaming profiles in AFS on the [[OpenAFSInfo]] mailing list: <https://lists.openafs.org/pipermail/openafs-info/2003-February/008013.html>
--- [[TedAnderson]] - 07 Feb 2003
+-- Ted Anderson - 07 Feb 2003
kauth, auth, et al -> lwp
--- [[DaveBotsch]] - 15 Nov 2003
+-- Dave Botsch - 15 Nov 2003