1 Openafs News -- history of user Visible changes. 11 July 2001
3 * Changes since Openafs 1.0
5 ** AFS now builds with configure. The README for building has been
6 updated and includes full details.
8 ** A client system can now have multiple sysname values for @sys.
9 They will be searched in order when looking up files in AFS. The
10 -newsysname argument to fs sysname can be repeated to set multiple
13 ** A new system group is created for new cells (system:ptsviewers
14 with id -203). If this group exists, members of this group can
15 examine and read the entire protection database. They can examine
16 all users and groups and can get the membership of any group.
18 ** A new program, pt_util has been added to the distribution. This
19 program allows users to print the contents of the protection
20 database or to edit the protection database without running a
21 ptserver. It can be used to set up a new cell without ever running
22 in noauth mode. Run pt_util -h for help.
24 ** The fs setcrypt and fs getcrypt commands have been added. These
25 commands allow the system administrator to require that the client
26 encrypt all authenticated traffic between the client workstation
27 and AFS. The encryption used is weak, but is likely better than
28 sending unencrypted traffic in most environments. Some functions,
29 such as looking for a volume may not be encrypted, but data
30 transfer certainly is. By default data is not encrypted. At this
31 time no significant experimentation with server performance has
34 ** By default AFS is compiled with AFS_AFSDB_ENV, enabling the -afsdb
35 option to be given to afsd on startup. If this option is used, then new
36 cells will be looked up using AFSDB records stored in DNS if they
37 are not found in CellServDB. This means that users can create
38 cross-cell mountpoints in directories they control to access cells
39 not in root.afs, and that cells in root.afs need not be in the
42 ** AFS database servers can be marked as read-only clones. Surround
43 the hostname in square brackets on the bos addhost command and the
44 database server will never be elected sync site. This is useful
45 for cells distributed over a wide region.
47 ** The AFS servers now support the -syslog flag. This flag causes
48 them to log to syslog rather than to files. This flag is not
49 supported on NT. For all servers besides the salvager, the flag can
50 also be specified as -syslog=facility, where facility is an integer
51 facility code from syslog.h. A -syslogfacility option is provided for
52 the salvager to accomplish the same goal.
54 ** If the --enable-fast-restart flag is given when configuring AFS,
55 then the salvager supports the -dontsalvage flag which causes it to
56 exit without salvaging any volumes. If this is configured into the
57 third command of a fs process, then the fileserver will start without
58 salvaging. It will fail to attach volumes that need salvaging and they
59 can be salvaged manually. This provides significantly better server
60 startup performance at the cost of administrative complexity.
62 ** If the --enable-bitmap-later flag is given when configuring AFS,
63 then the fileserver creates bitmaps for free vnodes on demand, allowing
66 ** If bosserver finds a BosConfig.new file at startup, it reads this
67 file and renames it to BosConfig. This allows bosserver to be
68 reconfigured at next restart.
70 ** The bosserver can be placed in a restricted mode in
71 which AFS superusers are only granted limited access to the server
72 host. The following functionality is disabled when restricted mode is in
76 bos getlog (except for files with no '/'s in their name)*
82 specific exceptions are made for functionality that "bos salvage"
85 a cron bnode who's name is "salvage-tmp", time is now, and command
86 begins with "/usr/afs/bin/salvager" may be created. This bnode
87 deletes itself when complete, so no special "delete" support is needed.
88 This functionality may be removed in the future if a "Salvage" RPC is
91 The file with the exact path /usr/afs/logs/SalvageLog may be fetched,
92 since that is how bos salvage [...] -showlog is implimented.
94 Restricted mode is enabled using a new bos command (bos setrestricted)
95 or bossever command line switch (bosserver -restricted). Restricted
96 mode can be disabled by a) sending the bosserver process a SIGFPE (which
97 will then allow restricted operations until the next restart or
98 setrestricted command) or b) editing /usr/afs/local/BosConfig
99 (or BosConfig.new), and restarting the bosserver.
101 ** The bos UserList of trusted administrators can now contain
102 cross-realm Kerberos principals.
104 ** udebug now takes --server not --servers.
106 ** Several error messages have been improved to include volume
109 ** Several new ports have been included for UNIX platforms: Darwin
110 (ppc_darwin_12 and ppc_darwin_13), Linux 2.4 (i386_linux24), Linux on
111 the Powerpc (ppc_linux22 and ppc_linux24), Linux on the Sparc
112 (sparc_linux22, sparc64_linux22 and sparc64_linux24) .
114 ** Incomplete FreeBSD and Alpha Linux ports are included. The
115 FreeBSD port has a working server and the Alpha Linux port has a
116 partially working client.
118 ** A native client for Windows 95/98/ME has been added to the distribution.
119 With this program, a gateway machine is no longer required for Windows 9x
120 to access AFS files. One drive letter will be created on your machine by
121 default - Z:. The Z: drive will be the root of the AFS tree, allowing you
122 to browse all sites that have AFS servers available. Additional drive
123 letters can be defined for other AFS directories. A Windows Explorer
124 shell extension is included that allows you to right click on items
125 within an AFS tree to bring up an "AFS" menu item and perform various
126 operations on a file or directory. The most useful item is "Access
127 Control Lists", which allows you to view and edit the permissions of a
128 particular directory. Command line tools are also available in the
129 install directory. These commands include klog, unlog, tokens, kpasswd,
130 symlink, fs and pts. The installable includes a readme file that contains
131 more information on how to use the client program and known issues.