<?xml version="1.0" encoding="utf-8"?>
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook V4.3//EN"
- "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"[
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook V4.3//EN" "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"[
<!ENTITY version SYSTEM "version.xml">
]>
<book>
<bookinfo>
<title>OpenAFS for Windows Release Notes</title>
<copyright>
- <year>2003-2012</year>
+ <year>2003-2013</year>
<holder>Secure Endpoints Inc. and Your File System Inc.</holder>
</copyright>
<legalnotice>
\\AFS UNC server name.</para>
<para>OpenAFS is the product of an open source development effort begun on 1 November 2000.
OpenAFS is maintained and developed by a group of volunteers with the support of the end user
- community. When OpenAFS is used as part of your computing infrastructure, please <link
- linkend="Contributing_to_OpenAFS">contribute</link> to its continued growth. </para>
+ community. When OpenAFS is used as part of your computing infrastructure, please <link linkend="Contributing_to_OpenAFS">contribute</link> to its continued growth. </para>
</preface>
<chapter id="chap_1">
<title id="Installer_Options">Installer Options</title>
<listitem>
<para>Microsoft Windows XP Professional (pre-SP2)</para>
</listitem>
+ <listitem>
+ <para>Microsoft Windows 8 RT (ARM)</para>
+ </listitem>
</itemizedlist>
</para>
- <para>Older releases of OpenAFS are available for download if unsupported operating systems must be used. The last version of OpenAFS with support for Win9x is 1.2.2b. The last version with support for Windows NT 4.0 is 1.2.10. The last version to support Windows 2000 and XP SP1 is 1.6.x.</para>
+ <para>Older releases of OpenAFS are available for download if unsupported operating systems
+ must be used. The last version of OpenAFS with support for Win9x is 1.2.2b. The last version
+ with support for Windows NT 4.0 is 1.2.10. The last version to support Windows 2000 and XP
+ SP1 is 1.6.1.</para>
</section>
<section>
<title id="Disk_Space">2.2 Disk Space</title>
<indexterm significance="normal">
<primary>disk space required</primary>
</indexterm> Up to 60mb required for the OpenAFS binaries plus 100MB for the default
- AFSCache file. The size of the AFSCache file may be adjusted via <link
- linkend="Regkey_TransarcAFSDaemon_Parameters_CacheSize">the Registry</link> after
+ AFSCache file. The size of the AFSCache file may be adjusted via <link linkend="Regkey_TransarcAFSDaemon_Parameters_CacheSize">the Registry</link> after
installation. The maximum cache size for 32-bit Windows is approximately 1.2GB. On 64-bit
Windows there is no enforced limit on the cache size. </para>
</section>
</indexterm>
<para>The OpenAFS distribution ships with its own implementation of Kerberos v4 and although
it is Kerberos v5 capable, it relies on third-party Kerberos v5 libraries. The OpenAFS 1.4
- series (and later) integrates with <ulink url="https://www.secure-endpoints.com/heimdal"
- >Heimdal</ulink> or <ulink url="http://web.mit.edu/kerberos/">MIT Kerberos for
+ series (and later) integrates with <ulink url="https://www.secure-endpoints.com/heimdal">Heimdal</ulink> or <ulink url="http://web.mit.edu/kerberos/">MIT Kerberos for
Windows</ulink> 2.6.5 and above. OpenAFS Kerberos v5 capable functionality includes
integrated logon, the AFS Authentication Tool, the Network Identity Manager AFS provider,
and the aklog command. These tools provide support for Kerberos v5 authentication including
<indexterm significance="normal">
<primary>network identity manager</primary>
</indexterm>
- <para>The recommended versions of <ulink url="https://www.secure-endpoints.com/heimdal"
- >Heimdal</ulink> and <ulink url="http://web.mit.edu/kerberos/">MIT Kerberos for
+ <para>The recommended versions of <ulink url="https://www.secure-endpoints.com/heimdal">Heimdal</ulink> and <ulink url="http://web.mit.edu/kerberos/">MIT Kerberos for
Windows</ulink> are distributed by <ulink url="https://www.secure-endpoints.com/">Secure
Endpoints Inc.</ulink>. As of this writing, the Secure Endpoints Inc. distribution
provides 64-bit Windows support which is unavailable from MIT. KFW 3.2.2 includes Network
- Identity Manager 1.3.1 which integrates with the <link
- linkend="Network_Identity_Manager_Provider">AFS Provider</link> installed as part of
+ Identity Manager 1.3.1 which integrates with the <link linkend="Network_Identity_Manager_Provider">AFS Provider</link> installed as part of
OpenAFS for Windows. The most recent version of Network Identity Manager is version 2.1
which is available as an independent upgrade to MIT Kerberos for Windows. Heimdal does not
include a version of Network Identity Manager.</para>
<para> There are two things to consider when using an Active Directory as the Kerberos
realm that issues the AFS service ticket. First, the Kerberos v5 tickets issued by
Active Directory can be quite large when compared to tickets issued by traditional
- UNIX KDCs due to the inclusion of Windows specific authorization data <ulink
- url="http://msdn.microsoft.com/en-us/library/cc237917%28v=prot.10%29.aspx">(the
+ UNIX KDCs due to the inclusion of Windows specific authorization data <ulink url="http://msdn.microsoft.com/en-us/library/cc237917%28v=prot.10%29.aspx">(the
Microsoft PAC)</ulink>. If the issued tickets are larger than 344 bytes, OpenAFS
1.2.x servers will be unable to process them and will issue a RXKADBADTICKET error.
OpenAFS 1.4 (and beyond) servers can support the largest tickets that Active
the resulting Kerberos v5 tokens. Windows 2000 Active Directory issues tickets with
the DES-CBC-CRC enctype. Windows Server 2008 R2 Active Directory domain by default
disables use of DES-CBC-MD5 and it must be enabled. </para>
- <para>Microsoft has documented in <ulink url="http://support.microsoft.com/kb/832572/"
- >Knowledge Base article 832572</ulink> a new NO_AUTH_REQUIRED flag that can be set
+ <para>Microsoft has documented in <ulink url="http://support.microsoft.com/kb/832572/">Knowledge Base article 832572</ulink> a new NO_AUTH_REQUIRED flag that can be set
on the account mapped to the AFS service principal. When this flag is set, the PAC
authorization data will not be included in the ticket. Setting this flag is
recommended for all accounts that are associated with non-Windows services and that
</listitem>
<listitem>
<para>Starting with Windows 7 and Windows Server 2008 R2, Microsoft has disabled the
- single DES encryption types,<ulink
- url="http://technet.microsoft.com/en-us/library/dd560670(WS.10).aspx">TechNet:
+ single DES encryption types,<ulink url="http://technet.microsoft.com/en-us/library/dd560670(WS.10).aspx">TechNet:
Changes in Kerberos Authentication</ulink>. DES must be enabled via Group Policy
in order for Active Directory to be used as a KDC for OpenAFS. Enable weak
encryption becuase of AFS... Start > Administrative Tools > Group Policy
<primary>network identity manager</primary>
</indexterm>
<para>As of release 1.5.9, OpenAFS for Windows includes a Network Identity Manager Provider
- for obtaining AFS tokens. This plug-in is a contribution from <ulink
- url="https://www.secure-endpoints.com/">Secure Endpoints Inc.</ulink> Network Identity
- Manager is a multiple identity credential management tool that ships with <ulink
- url="http://web.mit.edu/kerberos/">MIT Kerberos for Windows</ulink> version 3.0 and
- above. The OpenAFS plug-in requires <ulink url="https://www.secure-endpoints.com/heimdal"
- >Heimdal</ulink> or <ulink url="http://web.mit.edu/kerberos/">MIT Kerberos for
+ for obtaining AFS tokens. This plug-in is a contribution from <ulink url="https://www.secure-endpoints.com/">Secure Endpoints Inc.</ulink> Network Identity
+ Manager is a multiple identity credential management tool that ships with <ulink url="http://web.mit.edu/kerberos/">MIT Kerberos for Windows</ulink> version 3.0 and
+ above. The OpenAFS plug-in requires <ulink url="https://www.secure-endpoints.com/heimdal">Heimdal</ulink> or <ulink url="http://web.mit.edu/kerberos/">MIT Kerberos for
Windows</ulink> version 3.1 or above. </para>
<para>
<inlinemediaobject>
<imageobject>
- <imagedata format="JPG" fileref="relnotes00.jpg" />
+ <imagedata format="JPG" fileref="relnotes00.jpg"/>
</imageobject>
</inlinemediaobject>
</para>
<para>
<inlinemediaobject>
<imageobject>
- <imagedata format="JPG" fileref="relnotes01.jpg" />
+ <imagedata format="JPG" fileref="relnotes01.jpg"/>
</imageobject>
</inlinemediaobject>
</para>
<para>
<inlinemediaobject>
<imageobject>
- <imagedata format="JPG" fileref="relnotes02.jpg" />
+ <imagedata format="JPG" fileref="relnotes02.jpg"/>
</imageobject>
</inlinemediaobject>
</para>
</itemizedlist>
</section>
<section>
- <title>3.2.4. Heimdal 1.5 and Weak Encryption Types</title>
+ <title>3.2.4. Heimdal 1.5, MIT 4.x, and Weak Encryption Types</title>
<para>Just as Microsoft disabled the use of Weak Encryption Types in Windows 7 and Windows
Server 2008 R2, Heimdal and MIT have disabled the use of weak encryption types in their
- latest releases. In order to use Heimdal 1.5 or MIT Kerberos 1.9 or later with OpenAFS,
- the weak encryption types including DES-CBC-CRC and DES-CBC-MD5 must be enabled. In
+ latest releases. In order to use Heimdal 1.5 or MIT Kerberos 1.9 or later with OpenAFS,
+ the weak encryption types including DES-CBC-CRC and DES-CBC-MD5 must be enabled. In
Heimdal, this is performed by adding "allow_weak_crypto = true" to the [libdefaults]
- section of the %SystemRoot%\ProgramData\krb5.conf file.</para>
+ section of the %SystemRoot%\ProgramData\Kerberos\krb5.conf file. In MIT KFW 4.x, this is
+ performed by adding "allow_weak_crypto = true" to the [libdefaults] section of the
+ %SystemRoot%\ProgramData\MIT\Kerberos5\krb5.ini file.</para>
<para>Futures versions of OpenAFS will not have this requirement.</para>
</section>
</section>
servers.</para>
<para>Integrated Logon is required if roaming user profiles are stored within the AFS file
system. OpenAFS does not provide tools for synchronizing the Windows and Kerberos user
- accounts and passwords. Integrated Logon can be enabled or disabled via the <link
- linkend="Value_LogonOptions">LogonOptions</link> registry value.</para>
+ accounts and passwords. Integrated Logon can be enabled or disabled via the <link linkend="Value_LogonOptions">LogonOptions</link> registry value.</para>
<para>When Heimdal or KFW is installed, Integrated Logon will use it to obtain tokens using
Kerberos v5. If you must use the <emphasis role="italic">deprecated</emphasis> kaserver for
- authentication instead of Kerberos v5, the use of KFW can be disabled via the <link
- linkend="Value_EnableKFW">EnableKFW</link> registry value. </para>
+ authentication instead of Kerberos v5, the use of KFW can be disabled via the <link linkend="Value_EnableKFW">EnableKFW</link> registry value. </para>
<para>Integrated Logon will not transfer Kerberos v5 tickets into the user's logon session credential cache. This is no longer possible on Vista and Windows 7.</para>
<para>Integrated Logon does not have the ability to cache the username and password for the
purpose of obtaining tokens if the Kerberos KDC is inaccessible at logon time.</para>
<para>Integrated Logon supports the ability to obtain tokens for multiple cells. For further
- information on how to configure this feature, read about the <link
- linkend="Value_TheseCells">TheseCells</link> registry value. </para>
+ information on how to configure this feature, read about the <link linkend="Value_TheseCells">TheseCells</link> registry value. </para>
<para>Depending on the configuration of the local machine, it is possible for logon
authentication to complete with one of the following user account types:</para>
<para>
</indexterm>
<para>The OpenAFS client supports UNC paths everywhere. UNC paths provide a canonical name for resources stored within AFS. UNC paths should be used instead of drive letter mappings whenever possible. This is especially true when specifying the location of roaming profiles and redirected folders.</para>
<para>Power users that make extensive use of the command line shell, cmd.exe, should consider
- using JP Software's 4NT or Take Command command processors. Unlike cmd.exe, the JPSoftware
- shells fully support UNC paths as the current directory. JPSoftware added special
- recognition for OpenAFS to its command shells, 4NT 7.0 and Take Command 7.0. AFS paths can
- be entered in UNIX notation (e.g., /afs/openafs.org/software), space utilization reports the
- output of the volume status for the specified path, and many AFS specific functions and
- variables have been added to the command language. Take Command 14.03 includes support for
- OpenAFS IFS Reparse Points and Hard Links.</para>
+ using JP Software's Take Command command processor. Unlike cmd.exe, the JPSoftware shells
+ fully support UNC paths as the current directory. JPSoftware added special recognition for
+ OpenAFS to its command shells starting in version 7.0. AFS paths can be entered in UNIX
+ notation (e.g., /afs/openafs.org/software), space utilization reports the output of the
+ volume status for the specified path, and many AFS specific functions and variables have
+ been added to the command language. Take Command 14.03 includes support for OpenAFS IFS
+ Reparse Points and Hard Links.</para>
<para>JPSoftware's web site is
<ulink url="http://www.jpsoft.com/">http://www.jpsoft.com</ulink>.
</para>
- <para>Microsoft PowerShell 1.0 and 2.0 will also support UNC paths as the current directory. </para>
+ <para>Microsoft PowerShell 1.0, 2.0 and 3.0 also support UNC paths as the current directory. </para>
+ <para>The Cygwin environment also supports UNC paths as the current directory. Enter AFS paths
+ with two leading forward slashes: //afs/grand.central.org/software/openafs/. As of Cygwin
+ 1.7.18-1, AFS Symbolic Links are supported natively by the Cygwin environment.</para>
</section>
<section>
<title id="aklog.exe">3.10. aklog.exe</title>
<para>OpenAFS for Windows implements an SMB server which is used as a gateway to the AFS filesystem. Because of limitations of the SMB implementation in pre-1.5.50 releases, Windows stored all files into AFS using OEM code pages such as CP437 (United States) or CP850 (Western Europe). These code pages are incompatible with the ISO Latin-1 or Unicode (UTF-8) character sets typically used as the default on UNIX systems in both the United States and Western Europe. Filenames stored by OpenAFS for Windows were therefore unreadable on UNIX systems if they include any of the following characters:</para>
<informaltable frame="all">
<tgroup rowsep="1" align="left" colsep="1" cols="1">
- <colspec colwidth="442pt" colname="c1" />
+ <colspec colwidth="442pt" colname="c1"/>
<tbody>
<row>
<entry>
<para>OpenAFS on 64-bit Windows benefits from the lifting of the 2GB process memory restriction that is present in 32-bit Windows. Without this restriction the AFS Cache File can become arbitrarily large limited only by available disk space.</para>
</section>
<section>
- <title id="Windows_Vista_Known_Issues">3.43. Known Issues with Microsoft Windows Vista, Windows 7, and Server 2008 [R2]</title>
+ <title id="Windows_Vista_Known_Issues">3.43. Known Issues with Microsoft Windows Vista,
+ Windows 7, Server 2008 [R2], Windows 8 and Server 2012</title>
<indexterm significance="normal">
<primary>windows vista</primary>
</indexterm>
<ulink url="http://www.microsoft.com/technet/windowsvista/library/0d75f774-8514-4c9e-ac08-4c21f5c6c2d9.mspx">User Account Control</ulink> (UAC), a new security feature that implements least user privilege. With UAC, applications only run with the minimum required privileges. Even Administrator accounts run applications without the "Administrator" access control credentials. One side effect of this is that existing applications that mix user and system configuration capabilities must be re-written to separate those functions that require "Administrator" privileges into a separate process space. Future updates to OpenAFS will incorporate the necessary privilege separation, until that time some functions such as the Start and Stop Service features of the AFS Authentication Tool and the AFS Control Panel will not work unless they are "Run as Administrator". When a Vista user account that is a member of the "Administrators" group is used to access the AFS Control Panel (afs_config.exe), the process must be "Run as Administrator". Otherwise, attempts to modify the OpenAFS configuration will appear to succeed but in reality will have failed due to Vista's system file and registry virtualization feature.
</para>
<para>The help files provided with OpenAFS are in .HLP format. <ulink
- url="http://support.microsoft.com/kb/917607">Windows Vista, Windows 7, and Server 2008
- [R2] do not include a help engine for this format.</ulink>
+ url="http://support.microsoft.com/kb/917607">Windows Vista, Windows 7, Server 2008 [R2],
+ Windows 8 and Server 2012 do not include a help engine for this format.</ulink>
</para>
<para><emphasis>The following items only apply when the OpenAFS Service is manually configured as an SMB Gateway.</emphasis></para>
<para>OpenAFS for Windows works with Microsoft Windows Vista, Windows 7 and Server 2008 [R2] from both the command prompt and the Explorer Shell.
<indexterm significance="normal">
<primary>symlinks</primary>
</indexterm>
- <para>
- The IFS redirector driver represents all AFS mount points and AFS symlinks as reparse points within the file system name space
- using a Microsoft assigned tag value. Tools that are OpenAFS reparse point aware can create, query
- and remove AFS symlinks and mount points without requiring knowledge
- of AFS pioctls. The explorer shell will be able to delete a mount
- point or symlink as part of a recursive directory tree removal without
- crossing into the reparse point target.
- </para>
+ <para> The AFS redirector driver represents all AFS mount points and AFS symlinks as reparse
+ points within the file system name space using a Microsoft assigned tag value. Tools that
+ are OpenAFS reparse point aware can create, query and remove AFS symlinks and mount points
+ without requiring knowledge of AFS pioctls. The explorer shell will be able to delete a
+ mount point or symlink as part of a recursive directory tree removal without crossing into
+ the reparse point target. </para>
<para>The Explorer Shell displays Symlinks and Mount Points using overlay icons.</para>
<para><inlinegraphic fileref="relnotes03.jpg" align="center" arch=""/></para>
+ <para>Beginning with 1.7.22, AFS Symlinks are represented as Microsoft Symlink reparse points
+ instead of an OpenAFS specific reparse point. Symlinks can now be created using the Win32
+ <ulink
+ url="http://msdn.microsoft.com/en-us/library/windows/desktop/aa363866%28v=vs.85%29.aspx"
+ >CreateSymbolicLink</ulink> API and follow all of the behaviors of Microsoft Windows'
+ <ulink
+ url="http://msdn.microsoft.com/en-us/library/windows/desktop/aa365680%28v=vs.85%29.aspx"
+ >Symbolic Links</ulink>. Any tool capable of creating symbolic links on NTFS can now do
+ so within AFS.</para>
+ <para>Symbolic Links to Files are not supported by all Microsoft Windows applications because
+ directory enumerations, GetFileAttributes and GetFileAttributesEx return the attributes and
+ size of the Symbolic Link and not that of the target file. Applications that treat the
+ size of the Symbolic Link as the size of the target file will misbehave. All Java releases
+ 1.6.x and earlier and all .NET applications as of this writing use the Symbolic Link size as
+ the size of the target file. Java 1.7 correctly processes Symbolic Links.</para>
</section>
<section>
<para>The Windows <ulink url="https://secure.wikimedia.org/wikipedia/en/wiki/Shadow_Copy">Volume Shadow Copy Service</ulink> is not implemented. As a result, AFS backup volumes are not accessible via the Explorer Shell.</para>
</listitem>
<listitem>
- <para>
- There is no support for storing DOS attributes such as Hidden, System, or Archive.
- </para>
+ <para>There is no support for storing DOS attributes such as Hidden, System, or Archive. </para>
</listitem>
<listitem>
- <para>
- There is no support for Alternate Data Streams as required by Windows User Account Control to store Zone Identity data.
- </para>
+ <para>There is no support for Alternate Data Streams as required by Windows User Account
+ Control to store Zone Identity data. </para>
</listitem>
<listitem>
- <para>
- There is no support for Extended Attributes.
- </para>
+ <para>There is no support for Extended Attributes. </para>
</listitem>
<listitem>
- <para>
- There is no support for <ulink url="https://blogs.technet.com/b/hugofe/archive/2010/06/21/windows-2008-access-based-enumeration-abe.aspx">Access Based Enumeration</ulink>.
- </para>
+ <para>There is no support for <ulink
+ url="https://blogs.technet.com/b/hugofe/archive/2010/06/21/windows-2008-access-based-enumeration-abe.aspx"
+ >Access Based Enumeration</ulink>. </para>
</listitem>
<listitem>
- <para>
- There is no support for <ulink url="https://secure.wikimedia.org/wikipedia/en/wiki/Windows_Management_Instrumentation">Windows Management Instrumentation</ulink>
- </para>
+ <para>There is no support for <ulink
+ url="https://secure.wikimedia.org/wikipedia/en/wiki/Windows_Management_Instrumentation"
+ >Windows Management Instrumentation</ulink>
+ </para>
</listitem>
<listitem>
- <para>
- There is no support for <ulink url="http://msdn.microsoft.com/en-us/library/aa363997%28v=vs.85%29.aspx">Distributed Link Tracking and Object Identifiers</ulink>
- </para>
+ <para>There is no support for <ulink
+ url="http://msdn.microsoft.com/en-us/library/aa363997%28v=vs.85%29.aspx">Distributed
+ Link Tracking and Object Identifiers</ulink>
+ </para>
</listitem>
<listitem>
- <para>
- There is no support for storing <ulink url="http://msdn.microsoft.com/en-us/magazine/cc982153.aspx">Windows Access Control Lists</ulink>. Only the AFS ACLs are enforced.
- </para>
- </listitem>
+ <para>There is no support for storing <ulink
+ url="http://msdn.microsoft.com/en-us/magazine/cc982153.aspx">Windows Access Control
+ Lists</ulink>. Only the AFS ACLs are enforced. </para>
+ </listitem>
+ <listitem>
+ <para>There is a bug in the Explorer Shell which can result in the Shell responding to a
+ Ctrl-V (Paste) operation with an out of space error. The bug is that the Shell
+ queries the root directory of the UNC Path or Drive Letter for free space instead of
+ the path in which the Paste is being performed. To work around the bug, select a
+ directory in another volume under the same root and then return to the target
+ directory before initiating the Paste. Performing the Paste using the Context Menu
+ instead of Ctrl-V will avoid triggering the bug.</para>
+ </listitem>
+ <listitem>
+ <para>Windows file systems support a maximum of 31 reparse points (mount points or
+ symbolic links) within a path.</para>
+ </listitem>
</itemizedlist>
</para>
</section>
The OpenAFS file system has followed suit and is disabling automatic generation of 8.3 compatible names on Windows 8 and Server 2012.
</para>
</section>
+ <section>
+ <title id="explorer_read_only_volume_bug">3.57. The Explorer Shell, Drive Letter Mappings, and Read Only Volumes</title>
+ <indexterm significance="normal">
+ <primary>explorer shell</primary>
+ </indexterm>
+ <indexterm significance="normal">
+ <primary>drive letter mappings</primary>
+ </indexterm>
+ <indexterm significance="normal">
+ <primary>.readonly volumes</primary>
+ </indexterm>
+ <para>File systems can expose a variety of information about the underlying volumes they serve
+ to applications. All AFS volumes are described as supporting Case Preservation, Hard Links,
+ Reparse Points and Unicode characters. For .readonly volumes the file system can indicate
+ that the volume is a Read Only Volume. The benefit of doing so is that applications such as
+ the Explorer Shell can alter their behavior to improve the user experience. For example,
+ when the volume is reported as read-only the Explorer Shell can remove the Rename, Delete,
+ and other file modifying operations from the user interface. Unfortunately, the Windows 7
+ Explorer Shell is broken with regards to Volume Information queries when issued on Network
+ Mapped Drive Letters. Instead of performing a volume information query on the current
+ directory, the Explorer Shell only queries the root directory of the mapped drive letter.
+ As a result, if the drive letter is mapped to a .readonly volume, all paths accessed via the
+ drive letter are considered to be read-only even when they are not. This behavior is fixed
+ in Windows 8 and Server 2012.</para>
+ <para>Due to this bug, OpenAFS on Windows 7 and below does not report the
+ <ulink url="http://msdn.microsoft.com/en-us/library/windows/desktop/aa964920%28v=vs.85%29.aspx">FILE_READ_ONLY_VOLUME</ulink>
+ flag as part of the volume information. The Explorer Shell properly
+ queries the volume information for UNC paths. If network mapped drive letters are not used,
+ it is often convenient if the FILE_READ_ONLY_VOLUME flag is reported. This can be
+ configured using the <link linkend="Regkey_TransarcAFSDaemon_Parameters_VolumeInfoReadOnlyFlag">VolumeInfoReadOnlyFlag</link> registry value.</para>
+ </section>
</chapter>
<chapter id="chap_4">
<primary>TraceOption</primary>
</indexterm>
<para>If you are having trouble with the Integrated Logon operations it is often useful to be
- able to obtain a log of what it is attempting to do. Setting the <link
- linkend="Value_AFSLogon_Debug">Debug</link> registry value: </para>
+ able to obtain a log of what it is attempting to do. Setting the <link linkend="Value_AFSLogon_Debug">Debug</link> registry value: </para>
<para> [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]</para>
<para> REG_DWORD Debug = 0x01</para>
<para>will instruct the Integrated Logon Network Provider and Event Handlers to log information to the Windows Event Log: Application under the name "AFS Logon".</para>
</para>
<informaltable frame="none">
<tgroup rowsep="1" align="left" colsep="1" cols="1">
- <colspec colwidth="405pt" colname="c1" />
+ <colspec colwidth="405pt" colname="c1"/>
<tbody>
<row>
<entry>
<indexterm significance="normal">
<primary>openafs-info</primary>
</indexterm>
- <para>If you wish to participate in OpenAFS for Windows development, please join the <ulink
- url="mailto:openafs-win32-devel@openafs.org?subject=OpenAFS%20for%20Windows%20Development%20Contribution"
- >openafs-win32-devel@openafs.org</ulink> mailing list. </para>
+ <para>If you wish to participate in OpenAFS for Windows development, please join the <ulink url="mailto:openafs-win32-devel@openafs.org?subject=OpenAFS%20for%20Windows%20Development%20Contribution">openafs-win32-devel@openafs.org</ulink> mailing list. </para>
<para>
<emphasis role="bold">https://lists.openafs.org/mailman/listinfo/openafs-win32-devel</emphasis>
</para>
<title id="MSI_OAFW_Properties">7.2.1.2 OpenAFS for Windows Properties</title>
<informaltable frame="all">
<tgroup rowsep="1" align="left" colsep="1" cols="1">
- <colspec colwidth="447pt" colname="c1" />
+ <colspec colwidth="447pt" colname="c1"/>
<tbody>
<row>
<entry>
<para>These properties are used to set the values of registry entries associated with OpenAFS for Windows.</para>
<informaltable frame="all">
<tgroup rowsep="1" align="left" colsep="1" cols="1">
- <colspec colwidth="447pt" colname="c1" />
+ <colspec colwidth="447pt" colname="c1"/>
<tbody>
<row>
<entry>
<para>These properties are combined to add a command line option to the shortcut that will be created in the Start:Programs:OpenAFS and Start:Programs:Startup folders (see CREDSSTARTUP). The method of specifying the option was chosen for easy integration with the Windows Installer user interface. Although other methods can be used to specify options to AFSCREDS.EXE, it is advised that they be avoided as transforms including such options may not apply to future releases of OpenAFS.</para>
<informaltable frame="all">
<tgroup rowsep="1" align="left" colsep="1" cols="1">
- <colspec colwidth="447pt" colname="c1" />
+ <colspec colwidth="447pt" colname="c1"/>
<tbody>
<row>
<entry>
<para>Enter the following :</para>
<informaltable frame="all">
<tgroup rowsep="1" align="left" colsep="1" cols="2">
- <colspec colwidth="84pt" colname="c1" />
- <colspec colwidth="318pt" colname="c2" />
+ <colspec colwidth="84pt" colname="c1"/>
+ <colspec colwidth="318pt" colname="c2"/>
<tbody>
<row>
<entry>
<para>Condition</para>
</entry>
<entry>
- <para></para>
+ <para/>
</entry>
</row>
<row>
<para>Add a new row (Ctrl-R or 'Tables'->'Add Row') with the following values:</para>
<informaltable frame="all">
<tgroup rowsep="1" align="left" colsep="1" cols="2">
- <colspec colwidth="94pt" colname="c1" />
- <colspec colwidth="307pt" colname="c2" />
+ <colspec colwidth="94pt" colname="c1"/>
+ <colspec colwidth="307pt" colname="c2"/>
<tbody>
<row>
<entry>
<para>Title</para>
</entry>
<entry>
- <para></para>
+ <para/>
</entry>
</row>
<row>
<para>Description</para>
</entry>
<entry>
- <para></para>
+ <para/>
</entry>
</row>
<row>
<para>Directory_</para>
</entry>
<entry>
- <para></para>
+ <para/>
</entry>
</row>
<row>
<para>Add a new row with the following values:</para>
<informaltable frame="all">
<tgroup rowsep="1" align="left" colsep="1" cols="2">
- <colspec colwidth="90pt" colname="c1" />
- <colspec colwidth="312pt" colname="c2" />
+ <colspec colwidth="90pt" colname="c1"/>
+ <colspec colwidth="312pt" colname="c2"/>
<tbody>
<row>
<entry>
<para>Add a new row with the following values:</para>
<informaltable frame="all">
<tgroup rowsep="1" align="left" colsep="1" cols="2">
- <colspec colwidth="91pt" colname="c1" />
- <colspec colwidth="311pt" colname="c2" />
+ <colspec colwidth="91pt" colname="c1"/>
+ <colspec colwidth="311pt" colname="c2"/>
<tbody>
<row>
<entry>
<para>Add a row with the following values :</para>
<informaltable frame="all">
<tgroup rowsep="1" align="left" colsep="1" cols="2">
- <colspec colwidth="93pt" colname="c1" />
- <colspec colwidth="309pt" colname="c2" />
+ <colspec colwidth="93pt" colname="c1"/>
+ <colspec colwidth="309pt" colname="c2"/>
<tbody>
<row>
<entry>
<para> We create a new feature and component to hold the new registry keys.</para>
<informaltable frame="all">
<tgroup rowsep="1" align="left" colsep="1" cols="1">
- <colspec colwidth="448pt" colname="c1" />
+ <colspec colwidth="448pt" colname="c1"/>
<tbody>
<row>
<entry>
<para> We create a new feature and component to hold the new registry keys.</para>
<informaltable frame="all">
<tgroup rowsep="1" align="left" colsep="1" cols="1">
- <colspec colwidth="447pt" colname="c1" />
+ <colspec colwidth="447pt" colname="c1"/>
<tbody>
<row>
<entry>
<primary>AFSCache</primary>
</indexterm>
<para id="Value_CachePath">Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
- <para>Type: REG_SZ or REG_EXPAND_SZ
- </para>
- <para>
-Default: "%TEMP%\AFSCache"
- </para>
+ <para>Type: Use REG_SZ if the path contains no expansion variables or REG_EXPAND_SZ if it
+ does.</para>
+ <para> Default: "%TEMP%\AFSCache" (REG_EXPAND_SZ)</para>
<para>
Variable: cm_CachePath</para>
<para>Location of on-disk cache file. The default is the SYSTEM account's TEMP directory. The attributes assigned to the file are HIDDEN and SYSTEM.</para>
<para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
<para>Type: DWORD {0, 1}
</para>
- <para>
- Default: 0 on Windows 8 and Server 2012, 1 otherwise</para>
+ <para> Default: 0 on Windows 7, Windows 8, Server 2008 R2 and Server 2012, 1
+ otherwise</para>
<para>Determines whether or not the AFS Cache Manager will generate 8.3 compatible shortnames for all objects stored in AFS. Short names are disabled by default on Windows 8 and Server 2012. All prior operating systems enable short names by default.</para>
<para>0: do not generate 8.3 compatible short names.</para>
<para>1: generate 8.3 compatible short names.</para>
<para>0: use the older I/O processing mechanism.</para>
<para>1: use the new Direct I/O processing mechanism.</para>
</section>
+ <section>
+ <title id="Regkey_TransarcAFSDaemon_Parameters_VolumeInfoReadOnlyFlag">Value: VolumeInfoReadOnlyFlag</title>
+ <indexterm significance="normal">
+ <primary>VolumeInfoReadOnlyFlag</primary>
+ </indexterm>
+ <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para>Type: DWORD {0, 1}
+ </para>
+ <para>
+ Default: 1</para>
+ <para>The Win32 GetVolumeInformation and GetVolumeInformationByHandle APIs permit
+ applications to query volume attributes such as Case Preserving, Case Insensitive
+ lookups, support for hard links, support for reparse points, support for Unicode and
+ whether or not the volume is read only. The FILE_READ_ONLY_VOLUME flag when set permits
+ applications such as the Explorer Shell to disable the "Delete" and "Rename" options and
+ prevent copying files into the volume without issuing the request to the file system.
+ Unfortunately, the Windows 7 explorer shell has a bug when a drive letter is mapped to a
+ UNC path. If the mapped path refers to a read only volume, then all volumes accessible
+ via the drive letter are also treated as read only. This bug is fixed in Windows 8 and
+ Server 2012. To improve application compatibility the setting of the
+ FILE_READ_ONLY_VOLUME flag is disabled by default on Windows 7 and below and enabled on
+ Windows 8 and above.</para>
+ <para>0: prevent setting the FILE_READ_ONLY_VOLUME flag. (default on Win7 and below).</para>
+ <para>1: permit setting the FILE_READ_ONLY_VOLUME flag. (default on Win8 and above)</para>
+ </section>
+ <section>
+ <title id="Regkey_TransarcAFSDaemon_Parameters_ReparsePointPolicy">Value: ReparsePointPolicy</title>
+ <indexterm significance="normal">
+ <primary>ReparsePointPolicy</primary>
+ </indexterm>
+ <para>Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]</para>
+ <para>Type: DWORD {0, 1}
+ </para>
+ <para>
+ Default: 0</para>
+ <para>Windows file systems use <ulink
+ url="http://msdn.microsoft.com/en-us/library/windows/desktop/aa365503%28v=vs.85%29.aspx"
+ >reparse points</ulink> to represent special file system objects such as NTFS
+ Junctions, Symbolic Links and AFS Mount Points. Windows applications must be designed
+ to work with <ulink
+ url="http://msdn.microsoft.com/en-us/library/windows/desktop/aa365680%28v=vs.85%29.aspx"
+ >Symbolic Links</ulink> because <ulink
+ url="http://msdn.microsoft.com/en-us/library/windows/desktop/aa365682%28v=vs.85%29.aspx"
+ >several standard file system functions</ulink> behave differently when the provided
+ path specifies a reparse point. Although there is not a significant impact for Symbolic
+ Links to Directories and Mount Points to volume root directories, Symbolic Links to
+ Files can result in applications misinterpreting the file size and attributes.</para>
+ <para>The ReparsePointPolicy value permits alternate behaviors for reparse point objects
+ on a global basis. In this version, there is only one policy option which permits
+ Symbolic Links to Files to be represented with the target file's size and attributes in
+ the output of FindFirstFile, GetFileAttributes, and GetFileAttributesEx
+ operations.</para>
+ <para>0: All Reparse Points are treated as reparse points.</para>
+ <para>1: Reparse Points to Files treated as the target File.</para>
+ </section>
</section>
<section>
<title id="Regkey_TransarcAFSDaemon_Parameters_GlobalAutoMapper">Regkey:
<indexterm significance="normal">
<primary>LogonOptions</primary>
</indexterm>
- <para id="Value_LogonOptions"
- >[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]</para>
+ <para id="Value_LogonOptions">[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
name>]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
<indexterm significance="normal">
<primary>Realm</primary>
</indexterm>
- <para id="Value_Realm"
- >[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]</para>
+ <para id="Value_Realm">[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
name>]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
<indexterm significance="normal">
<primary>TheseCells</primary>
</indexterm>
- <para id="Value_TheseCells"
- >[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]</para>
+ <para id="Value_TheseCells">[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
name>]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
<indexterm significance="normal">
<primary>Username</primary>
</indexterm>
- <para id="Value_Username"
- >[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
+ <para id="Value_Username">[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\<domain
name>\<user name>]</para>
<para>[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST\<user name>]</para>
<para>Type: REG_SZ </para>
git://git.openafs.org / openafs.git / blobdiff