From: Steven Jenkins Date: Mon, 18 May 2009 21:42:26 +0000 (+0000) Subject: man-page-cellservdb-updates-20090518 X-Git-Tag: openafs-devel-1_5_61~312 X-Git-Url: http://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=6df60468130977744fea0499fba2351ef74175d8 man-page-cellservdb-updates-20090518 FIXES 124794 LICENSE IPL10 Note in CellServDB man page that it's also used to populate root.afs for a -dynroot client. Also document the dynamic lookup of database servers with -afsdb and provide some more information about when CellServDB has to contain the cell and when it doesn't. Mark the backup server as optional, and indicate that the authentication server is deprecated and CellServDB isn't required for authentication if Kerberos v5 and aklog are used. --- diff --git a/doc/man-pages/README b/doc/man-pages/README index 70e8e3e..9bdb093 100644 --- a/doc/man-pages/README +++ b/doc/man-pages/README @@ -232,7 +232,6 @@ Known Problems * The following installed commands have no man pages: klog.krb - krb.conf pagsh.krb tokens.krb @@ -260,8 +259,6 @@ Known Problems * The salvager actually creates a bunch of SalvageLog files and then combines them, but the SalvageLog man page doesn't reflect this. - * The CellServDB documentation hasn't been updated for -dynroot. - * In the suite introduction pages (pts, vos, etc.), each of the subcommands in the initial list should be a link to the relevant page in the HTML output. This has been done for the fs intro page diff --git a/doc/man-pages/pod5/CellServDB.pod b/doc/man-pages/pod5/CellServDB.pod index 4e68375..da4c664 100644 --- a/doc/man-pages/pod5/CellServDB.pod +++ b/doc/man-pages/pod5/CellServDB.pod @@ -15,10 +15,10 @@ servers and lists only the database servers in the local cell. Along with AFSDB entries in DNS, the client version of the CellServDB file lists the database server machines in the local cell and any foreign cell that is to be accessible from the local client machine. Database server -machines run the Authentication Server (optional), Backup Server, -Protection Server, and Volume Location (VL) Server (the B, -B, B, and B) processes, which maintain the -cell's administrative AFS databases. +machines run the Authentication Server (optional), Backup Server +(optional), Protection Server, and Volume Location (VL) Server (the +B, B, B, and B) processes, which +maintain the cell's administrative AFS databases. The Cache Manager and other processes running on a client machine use the list of a cell's database server machines when performing several common @@ -33,16 +33,25 @@ the location of the volume containing a requested file or directory. =item * -Authenticating users. Client-side authentication programs (such as an -AFS-modified login utility or the B command interpreter) contact the -Authentication Server to obtain a server ticket, which the AFS server -processes accept as proof that the user is authenticated. +Creating, viewing, and manipulating protection groups. The B command +interpreter contacts the Protection Server when users create protection +groups or request information from the Protection Database. + +=item * + +Populating the contents of the fake F volume mounted at F +(or the alternative mount point specified in F) when B is +run in C<-dynroot> mode. The default contents of this directory will +match the cells listed in the client F file. =item * -Creating protection groups. The B command interpreter contacts the -Protection Server when users create protection groups or request -information from the Protection Database. +Authenticating users. Client-side authentication programs (such as an +AFS-modified login utility or the B command interpreter) contact the +Authentication Server to obtain a server ticket, which the AFS server +processes accept as proof that the user is authenticated. This only +applies to AFS cells using the deprecated Authentication Server instead of +Kerberos v5 and B. =back @@ -54,6 +63,14 @@ machine is added to or removed from a cell. To update the kernel-resident list of database server machines without rebooting, use the B command. +If the client attempts to access an AFS cell not listed in F +and B was started with the B<-afsdb> option, the Cache Manager will +attempt an AFSDB DNS record lookup and dynamically add the database server +locations for that cell based on the result of the DNS query. If the +B<-afsdb> option was not used, all AFS cells that will be accessed by a +client machine must either be listed in F or added with the +B command. + The F file is in ASCII format and must reside in the F directory on each AFS client machine. Use a text editor to create and maintain it. @@ -69,15 +86,15 @@ server machines. The server version of the F file lists the local cell's database server machines. These machines run the Authentication Server -(optional), Backup Server, Protection Server, and Volume Location (VL) -Server (the B, B, B, and B) -processes, which maintain the cell's administrative AFS databases. The -initial version of the file is created with the B command -during the installation of the cell's server machine, which is -automatically recorded as the cell's first database server machine. When -adding or removing database server machines, be sure to update this file -appropriately. It must reside in the F directory on each AFS -server machine. +(optional), Backup Server (optional), Protection Server, and Volume +Location (VL) Server (the B, B, B, and +B) processes, which maintain the cell's administrative AFS +databases. The initial version of the file is created with the B command during the installation of the cell's server machine, +which is automatically recorded as the cell's first database server +machine. When adding or removing database server machines, be sure to +update this file appropriately. It must reside in the F +directory on each AFS server machine. The database server processes consult the F file to learn about their peers, with which they must maintain constant connections in