source in, you will only have an src/ directory.
1. Pick a system to build for, and note its default AFS sys_name.
- A directory will be automatically created for binaries to be written
+ A directory will be automatically created for binaries to be written
into with this name when you build.
alpha_dux40, alpha_dux50, alpha_dux51 (client does not work)
B Building
- 1. Now, you can build OpenAFS.
+ 1. Now, you can build OpenAFS.
% make
- 2. Install your build using either "make install" to install
+ 2. Install your build using either "make install" to install
into the current system (you will need to be root, and files
will be placed as appropriate for Transarc or standard paths),
- "make install DESTDIR=/some/path" to install into an alternate
+ "make install DESTDIR=/some/path" to install into an alternate
directory tree, or if you configured with --enable-transarc-paths
- make dest to create a complete binary tree in the dest directory
+ make dest to create a complete binary tree in the dest directory
under the directory named for the sys_name you built for,
- e.g. sun4x_57/dest or i386_linux22/dest
+ e.g. sun4x_57/dest or i386_linux22/dest
3. As appropriate you can clean up or, if you're using Linux, build for
another kernel version.
C Problems
If you have a problem building this source, you may want to visit
- http://www.openafs.org/ to see if any problems have been reported
+ http://www.openafs.org/ to see if any problems have been reported
or to find out how to get more help.
Mailing lists have been set up to help; More details can be found
% ./configure --with-afs-sysname=<sysname> \
--with-linux-kernel-headers=/usr/src/linux-2.2.19-i686
- % make
+ % make
Your build tree will now include an additional kernel module for your
additional kernel headers. Be aware that if the kernel version string
You also need access to your kernel build directory for the opt_global.h
include file. Use the --with-bsd-kernel-build= configure option if your
- kernel build is not GENERIC in the standard place. If
- /usr/src/sys/${CPUARCH}/compile/GENERIC does not point to
- /usr/obj/usr/src/sys/GENERIC you may need to resolve that and retry the
+ kernel build is not GENERIC in the standard place. If
+ /usr/src/sys/${CPUARCH}/compile/GENERIC does not point to
+ /usr/obj/usr/src/sys/GENERIC you may need to resolve that and retry the
build.
There is no server package, but I am told that "make install" will put
License. For details, see the LICENSE file in the top-level source
directory or on-line at http://www.openafs.org/dl/license10.html
-The document now provides a step by step procedure that takes the user
-from a basic Windows 2000/XP/2003/Vista/2008 workstation to an OpenAFS
-development environment. Details are provided so that a 'beginning'
-windows developer can build an OpenAFS installable package for Windows
+The document now provides a step by step procedure that takes the user
+from a basic Windows 2000/XP/2003/Vista/2008 workstation to an OpenAFS
+development environment. Details are provided so that a 'beginning'
+windows developer can build an OpenAFS installable package for Windows
2000/XP/2003/Vista/2008.
NOTE 1:
* Windows XP
* Windows XP SP2
- * Windows 2003
+ * Windows 2003
* Windows 2003 SP1
* Windows XP 64
* Windows 2003 64
* Windows 7 (32 or 64)
* Windows 2008 R2 (64)
-The build process is controlled by a nmake file that generates the
+The build process is controlled by a nmake file that generates the
necessary binaries and binds them into an install package.
The following steps describe how to configure the development environment:
J. Build Wix MSI Install Package
K. Final Results
L. Optional Items
-
+
The Microsoft development tools require anywhere from 660 MB to 1.8GB
-of storage depending on which compilers are selected. The following
+of storage depending on which compilers are selected. The following
versions are supported:
Microsoft Visual Studio .NET 2005
Microsoft Windows Driver Kit 7600
-NOTE: Not all combinations of Visual Studio, SDK, and DDK/WDK are
+NOTE: Not all combinations of Visual Studio, SDK, and DDK/WDK are
known to work. OpenAFS for Windows is packaged by Secure Endpoints Inc.
using the following configurations:
http://www.stack.nl/~dimitri/doxygen/
-The NSIS installer requires about 14 MB of storage. The following
+The NSIS installer requires about 14 MB of storage. The following
version is supported:
Nullsoft Scriptable Installation System 2.44
http://sourceforge.net/project/showfiles.php?group_id=22049&package_id=15374
(Be sure to use the strlen 8192 binaries)
-The WiX installer requires about 18 MB of storage. The following
+The WiX installer requires about 18 MB of storage. The following
version is supported:
Wix 2.0.5325.0
For example "Pkzip for Windows" from Pkware will uncompress tar files.
(http://www.pkware.com/)
-Expand the downloaded tar files into target directory (c:\OpenAFS),
+Expand the downloaded tar files into target directory (c:\OpenAFS),
the unzip routine will expand the source into a subdirectory tree:
- c:\OpenAFS\OpenAFS-1.5.61\
+ c:\OpenAFS\OpenAFS-1.5.61\
-Copy the files 'NTMakefile' and 'ntbuild.bat' from the 'src'
+Copy the files 'NTMakefile' and 'ntbuild.bat' from the 'src'
subdirectory to the OpenAFS base directory (aka %AFSROOT%):
From a DOS command prompt window, enter the following copy commands:
STEP B. Install compiler and development tools.
-Install a copy of Microsoft Visual Studio .NET, Visual Studio .NET 2003,
+Install a copy of Microsoft Visual Studio .NET, Visual Studio .NET 2003,
or Visual Studio .NET 2005. Visual Studio 2008 can be used to produce
builds but the resulting binaries cannot be used on Windows 2000.
Files from Microsoft's Platform SDK for Windows Server 2003 SP1 are
required to complete a build on Windows 2000/XP/2003. At a minimum the
-following components are known to be required:
+following components are known to be required:
* Core
* Data Access
STEP D. Configure NTBUILD.BAT.
-The NTBUILD.BAT file copied to the OpenAFS base directory must be
+The NTBUILD.BAT file copied to the OpenAFS base directory must be
customized for use on your development system. The provided NTBUILD.BAT
was developed for use with Visual Studio 2003 and the Windows Server 2003
Platform SDK. It requires significant modification to construct a build
-environment for use with other tools.
+environment for use with other tools.
The following variables must be defined to match your configuration:
MSVCVer: Set to 8.0 if using Visual Studio 8
CODESIGN_DESC: Product Name
-
+
CODESIGN_TIMESTAMP: Time Stamp Service for Code Signing Certificate
-
+
CODESIGN_URL: Support URL Displayed to End Users
CODESIGN_CROSS_CERT: Path to Microsoft Cross Signing Certificate
AFSPRODUCT_VER_PATCH - Version Patch Number
AFSPRODUCT_VER_BUILD - Version Build Number
CELLSERVDB_INSTALL - The default file name for the CellServDB
- included in the install Package.
+ included in the install Package.
CELLNAME_DEFAULT - The default home cell name.
CELLSERVDB_WEB - The default web address to obtain CellServDB
IMPORTANT: When building your own binaries, you must set the AFSPRODUCT_VER_BUILD
value to a number greater than 1023. All values 0 to 1023 are reserved for use
-by official OpenAFS.org releases. A failure to do so will result in Windows
+by official OpenAFS.org releases. A failure to do so will result in Windows
Crash Reports for your binaries being delivered to OpenAFS.org for analysis.
While the build is running you will see many compile warnings. This
behavior is normal; the build process is successful as long as the build
process doesn't terminate with an error ("nmake.exe return code 0x2")
-and it displays 'Build Finished Successfully'. Note that although the
+and it displays 'Build Finished Successfully'. Note that although the
the build target is "install", it does not install OpenAFS.
(5) Before rebuilding you must clean the work area:
http://nsis.sourceforge.net/home/
Run the nsis-2.33.exe installer and install to "C:\Program Files\NSIS".
-Then download the large strings build zip file and replace the installed
-files with the versions from the zip file. These versions increase
-the maximum string length from 1024 characters to 8192 characters.
-This is necessary for installation on systems with long PATH environment
+Then download the large strings build zip file and replace the installed
+files with the versions from the zip file. These versions increase
+the maximum string length from 1024 characters to 8192 characters.
+This is necessary for installation on systems with long PATH environment
strings.
Note: The NSIS installer can only be used to produce 32-bit installers.
STEP I. Install Wix MSI Installer
-Download the Wix 2.0.5325.0 installer from
+Download the Wix 2.0.5325.0 installer from
http://prdownloads.sourceforge.net/wix/sources-2.0.5325.0.zip
#ifndef AFS_SRC_DDD_PROTO_H
#define AFS_SRC_DDD_PROTO_H
-
+
/* filename.c */
prototypes
probably ok as well.
The declaration of the routines should be done in ANSI style. If at some
-later date, it is determined that prototypes don't work on some platform
+later date, it is determined that prototypes don't work on some platform
properly, we can use ansi2knr during the compile.
- rettype
+ rettype
routine(argtype arg)
{
Header files should not contain macros or other definitions unless they
are used across multiple source files.
-All routines should be declared static if they are not used outside that
+All routines should be declared static if they are not used outside that
source file.
Compiles on gcc-using machines should strive to handle using
-Wstrict-prototypes -Werror. (this may take a while)
-Routines shall be defined in source prior to use if possible, and
+Routines shall be defined in source prior to use if possible, and
prototyped in block at top of file if static.
API documentation in the code should be done using Qt-style Doxygen
prevent warnings from creeping back in, we now have the ability to break the
build when new warnings appear.
-This is only available for systems with gcc 4.2 or later, and is disabled
+This is only available for systems with gcc 4.2 or later, and is disabled
unless the --enable-checking option is supplied to configure. Because we
can't remove all of the warnings, we permit file by file (and warning by
warning) disabling of specific warnings. The --enable-checking=all prevents
You can disable a single warning type in a particular file by using GCC
pragmas. If a warning can be disabled with a pragma, then the switch to use
will be listed in the error message you receive from the compiler. Pragmas
-should be wrapped in IGNORE_SOME_GCC_WARNINGS, so that they aren't used
+should be wrapped in IGNORE_SOME_GCC_WARNINGS, so that they aren't used
with non-gcc compilers, and can be disabled if desired. For example:
#ifdef IGNORE_SOME_GCC_WARNINGS
# pragma GCC diagnostic warning "-Wold-style-definition"
#endif
-If a pragma isn't available for your particular warning, you will need to
+If a pragma isn't available for your particular warning, you will need to
disable all warnings for the file in question. You can do this by supplying
-the autoconf macro @CFLAGS_NOERROR@ in the build options for the file. For
+the autoconf macro @CFLAGS_NOERROR@ in the build options for the file. For
example:
lex.yy.o : lex.yy.c y.tab.c
${CC} -c ${CFLAGS} @CFLAGS_NOERROR@ lex.yy.c
To enable this feature, afsd must be run with the -rmtsys switch. OpenAFS
client utilities will use this feature automatically if the AFSSERVER
environment variable is set to the address or hostname of the translator
-system, or if the file ~/.AFSSERVER or /.AFSSERVER exists and contains the
+system, or if the file ~/.AFSSERVER or /.AFSSERVER exists and contains the
translator's address or hostname.
On systems running the client PAG manager (afspag.ko), AFS system calls
## Dynamic Mount Points
-This patch introduces a special directory ".:mount", which can be found
+This patch introduces a special directory ".:mount", which can be found
directly below the AFS root directory. This directory always appears to
be empty, but any name of the form "cell:volume" will resolve to a mount
point for the specified volume. The resulting mount points are always
JAFS is an open source API designed to allow Java programmers the ability
to create applications for the administration or use of OpenAFS file systems.
-It works by accessing libadmin and libuafs (administrative and user-level
-libraries that come with OpenAFS) through JNI. It consists of a Java package
+It works by accessing libadmin and libuafs (administrative and user-level
+libraries that come with OpenAFS) through JNI. It consists of a Java package
called org.openafs.jafs, and two shared libraries libjafsadm.so and libjafs.so.
---------------------------------------------------------------------------
*
---------------------------------------------------------------------------
-There is a version of JAFS that has been compiled on Red Hat Linux 7.3,
+There is a version of JAFS that has been compiled on Red Hat Linux 7.3,
and can be directly used without compilation. It was compiled using
-OpenAFS 1.2.10a libraries (with a modified version of libjuafs.a). It
-consists of a JAR file (jafs-1.2.10a.jar) and two shared libraries
-(libjafsadm.so and libjafs.so). It was compiled using the
---enable-transarc-paths on compilation (for use with the OpenAFS RPMs),
+OpenAFS 1.2.10a libraries (with a modified version of libjuafs.a). It
+consists of a JAR file (jafs-1.2.10a.jar) and two shared libraries
+(libjafsadm.so and libjafs.so). It was compiled using the
+--enable-transarc-paths on compilation (for use with the OpenAFS RPMs),
gcc 2.96, and Java Classic VM version 1.4.1_02.
When you write Java code to use this API, import the
-org.openafs.jafs package. During compilation of your Java code,
+org.openafs.jafs package. During compilation of your Java code,
ensure one of the following conditions are met:
- Use the "-classpath" option to javac to specify the jafs.jar file.
- Change your $CLASSPATH environment variable to include the
When running an application that uses JAFS, the shared libraries
need to be found by Java's library loader. The easiest way to
accomplish this is to copy these files into the /usr/local/lib/ directory,
-or create symbolic links from that directory to the files. Alternatively,
+or create symbolic links from that directory to the files. Alternatively,
the directory containing the libraries can also be added to the
LD_LIBRARY_PATH environment variable.
You also need to have an OpenAFS client set up on your machine
(preferably version 1.2.10a, but it should work for some past versions as well).
-You can obtain the OpenAFS client and view installation documentation at
-http://www.openafs.org (the RPMs are easiest to use for Linux). Also any
+You can obtain the OpenAFS client and view installation documentation at
+http://www.openafs.org (the RPMs are easiest to use for Linux). Also any
cells you plan to access through the API must have entries in your
client's CellServDB file (located in the /usr/vice/etc/ directory in most
setups).
for the source you download:
** APPLY THE APPROPRIATE PATCH
- You can apply the appropriate JAFS patch with the following command,
- executed from the root directory of the download code
+ You can apply the appropriate JAFS patch with the following command,
+ executed from the root directory of the download code
(i.e. openafs-1.2.10a/):
patch -p1 < xxx.diff
OpenAFS 1.2.7 Source (openafs-1.2.7-src.tar.gz)
OpenAFS 1.2.8 Source (openafs-1.2.8-src.tar.gz)
- jafs-1.2.6-8.diff
+ jafs-1.2.6-8.diff
* OpenAFS 1.2.9 Source (openafs-1.2.9-src.tar.gz)
- jafs-1.2.9.diff
+ jafs-1.2.9.diff
* OpenAFS 1.2.10a Source (openafs-1.2.10a-src.tar.gz)
- jafs-1.2.10a.diff
+ jafs-1.2.10a.diff
* Daily Snapshot / CVS (example: openafs-snap-2003-05-21.tar.gz)
** RUN CONFIGURE
- From the same directory, run the configure script as you normally would
+ From the same directory, run the configure script as you normally would
to compile OpenAFS, but run it with a java-home argument so the script can
find your java distribution. For example:
./configure [other options] --java-home=/usr/java/jdk
NOTE: If the configure script is not within the root source directory,
- then you will need to first run ./regen.sh to generate the
+ then you will need to first run ./regen.sh to generate the
configure script. In this case you will need to manually
modify the JAFS Makefile by setting the JAVA_HOME variable
to your local system's JAVA_HOME. (i.e. /usr/java/jdk)
- The configure script will ensure that this directory contains bin/ and lib/
- subdirectories, and that there are /bin/javac and/bin/javah executables and
- an include/jni.h file. If you don't supply a command line argument for the
+ The configure script will ensure that this directory contains bin/ and lib/
+ subdirectories, and that there are /bin/javac and/bin/javah executables and
+ an include/jni.h file. If you don't supply a command line argument for the
java home, the script will look for it in environment variables: first in
$JAVA_HOME and then in $JDK_HOME. Also, note that if you have installed
(or are planning to install) OpenAFS by using the RPMs for Linux, you
** RUN MAKE
Finally, do a full build of OpenAFS by executing 'make' in the current
directory. After it finishes, you are ready to compile JAFS. Execute
- 'make jafs' from that same directory. Afterward, there will be
- libjafsadm.so and libjafs.so in the lib/ directory, and a jafs.jar in the
- jlib/ directory. These can be used according to the instructions in the
- 'USE' section of this document.
+ 'make jafs' from that same directory. Afterward, there will be
+ libjafsadm.so and libjafs.so in the lib/ directory, and a jafs.jar in the
+ jlib/ directory. These can be used according to the instructions in the
+ 'USE' section of this document.
For additional make options, please refer to the next section "MAKE OPTIONS"
*
---------------------------------------------------------------------------
-Additional make options are available by running 'make' from the
+Additional make options are available by running 'make' from the
src/JAVA/libjafs directory; they are as follows:
make - Perform a full make of all Java classes, jar archive, and JNI
make clean_libs - Delete both JNI shared libraries (lib/libjafs.so and
lib/libjafsadm.so)
make install - Performs a full make of all components and then installs all
- necessary components to your local system. This option
- prepares the required '/usr/afswsp/' directory for use by
+ necessary components to your local system. This option
+ prepares the required '/usr/afswsp/' directory for use by
the native library.
make javadocs - Generate Java API documents (in javadoc format). Docs are
saved to src/JAVA/javadocs
make jar - Builds the Java archive library (containing all Java classes)
make libjafs - Builds the user-space library (used for ACL and file access)
-make libjafsadm - Builds the administrative library (used for all admin related
+make libjafsadm - Builds the administrative library (used for all admin related
functions)
---------------------------------------------------------------------------
'buildinfo.pl', and a subdirectory 'etc'.
acltest.c - A test program that allows testing of the native libraries
- ACL calls without going through Java.
+ ACL calls without going through Java.
- *Usage information for this program is available by simply
+ *Usage information for this program is available by simply
invoking './acltest' without any parameters.
buildinfo.pl - A perl script that automatically updates the build information
the native libraries (found in VersionInfo.h). It may also
be used to programatically query for build information.
- *Usage information for this program is available by simply
+ *Usage information for this program is available by simply
invoking 'perl buildinfo.pl' without any parameters.
- etc/ - A directory containing user-space configuration files. These
- files are used for user-space initialization and cache
+ etc/ - A directory containing user-space configuration files. These
+ files are used for user-space initialization and cache
configuration and are copied to '/usr/afswsp/etc' if a
'make install' is issued.
src/JAVA/classes:
- Within the src/JAVA/classes directory you will find the root of the Java
+ Within the src/JAVA/classes directory you will find the root of the Java
package, the error message catalog file, and a test program:
*.java - Java classes that comprise the test program.
adminTest - A script that invokes the Java console-based test program.
- This program can be used to exercise all major API calls
+ This program can be used to exercise all major API calls
from Java, thus testing JNI libraries as well as Java code.
*Usage information for this program is available via its
---------------------------------------------------------------------------
If you'd like to edit the source code, you'll find the native C code in
-the src/JAVA/libjafs directory, and the Java code in the
-src/JAVA/classes/org/openafs/jafs/ directory. Please reference the
+the src/JAVA/libjafs directory, and the Java code in the
+src/JAVA/classes/org/openafs/jafs/ directory. Please reference the
src/TechNotes-JavaAPI document for more information.
I. Introduction
-The AFS Web Security Pack is an extension available for selected Web servers
-that enables system administrators to provide secure access via a
-Web browser to documents stored in the AFS filespace. This document
+The AFS Web Security Pack is an extension available for selected Web servers
+that enables system administrators to provide secure access via a
+Web browser to documents stored in the AFS filespace. This document
provides information specific to this release of the AFS Web Security Pack.
-Note: Due the long filenames and file extensions used for the AFS Web
-Secure distribution files, download of the AFS Web Secure product to
-a PC sometimes results in incorrect filenames. Note that all AFS Web
-Secure distribution files are g-zipped tar files, even if the *.tar.gz
-file extension is lost during the download process.
+Note: Due the long filenames and file extensions used for the AFS Web
+Secure distribution files, download of the AFS Web Secure product to
+a PC sometimes results in incorrect filenames. Note that all AFS Web
+Secure distribution files are g-zipped tar files, even if the *.tar.gz
+file extension is lost during the download process.
II. Installation Prerequisites
-Note: If you have installed a previous version of the AFS Web Security Pack,
-you must first remove the previous version, including any modifications made
-to your Apache Web server configuration and runtime configuration files
+Note: If you have installed a previous version of the AFS Web Security Pack,
+you must first remove the previous version, including any modifications made
+to your Apache Web server configuration and runtime configuration files
before installing this version of the product.
-Your system must meet the following software and disk space requirements
+Your system must meet the following software and disk space requirements
to install this version of the AFS Web Security Pack.
-Operating system: Solaris 2.5.1, AIX 4.2x, AIX 4.3, or AIX 4.3.1
-Web server: Apache 1.2.6 or Apache 1.3.1
-AFS (client): AFS Client 3.4a
-Disk Space: 650 KB
+Operating system: Solaris 2.5.1, AIX 4.2x, AIX 4.3, or AIX 4.3.1
+Web server: Apache 1.2.6 or Apache 1.3.1
+AFS (client): AFS Client 3.4a
+Disk Space: 650 KB
Note: Due to security considerations, OpenAFS strongly recommends that the
-AFS Web Security Pack be used only on a server enabled with Secure Sockets
+AFS Web Security Pack be used only on a server enabled with Secure Sockets
Layer (SSL).
-IV. Known Defects and Limitations
+IV. Known Defects and Limitations
-* Due to a preexisting problem in the AFS UNIX product, the Apache
-server Fancy Indexing option does not function as expected when AFS
-directories are displayed. If the Fancy Indexing option is enabled
-on the Apache server, when a user initially browses an ACL-protected
-directory (with "system:anyuser l" access), the user is able to see
-file details for directories and links, but not for files. Once the
-user selects a file and enters a username and password, details for
+* Due to a preexisting problem in the AFS UNIX product, the Apache
+server Fancy Indexing option does not function as expected when AFS
+directories are displayed. If the Fancy Indexing option is enabled
+on the Apache server, when a user initially browses an ACL-protected
+directory (with "system:anyuser l" access), the user is able to see
+file details for directories and links, but not for files. Once the
+user selects a file and enters a username and password, details for
the files are then displayed. This problem is not caused by the AFS Web
-Security Pack or the Apache server, but is due to a defect in the UNIX-based
-AFS code. We are working to address this problem and will make an
-announcement when a corrected version is available. In the interim,
+Security Pack or the Apache server, but is due to a defect in the UNIX-based
+AFS code. We are working to address this problem and will make an
+announcement when a corrected version is available. In the interim,
please be aware of this limitation as you use the AFS Web Security Pack.
-*If the AFS Web Security Pack is used on the Apache server version 1.3.1, user
+*If the AFS Web Security Pack is used on the Apache server version 1.3.1, user
directories cannot be directly accessed through the use of a special character
-such as a tilde (~) despite use of the Apache server User Directory directive.
+such as a tilde (~) despite use of the Apache server User Directory directive.
VII. AFS Web Security Pack Documentation
Postscript and HTML versions of the documentation for the AFS Web Security
-Pack are available in the doc directory.
+Pack are available in the doc directory.
VIII. Additional Information about Apache and SSL
-The following sites on the World Wide Web provide additional information
+The following sites on the World Wide Web provide additional information
about the Apache Web Server and SSL.
-* Apache Home Page http://www.apache.org
-* Stronghold Home http://www.c2.net
-* Stronghold International http://www.int.c2.net
-* Apache-SSL Home http://www.apache-ssl.org
+* Apache Home Page http://www.apache.org
+* Stronghold Home http://www.c2.net
+* Stronghold International http://www.int.c2.net
+* Apache-SSL Home http://www.apache-ssl.org
* SSLeay FAQ http://www.psy.uq.edu.au:8080/~ftp/Crypto/
License. For details, see the LICENSE file in the top-level source
directory or online at http://www.openafs.org/dl/license10.html
-Installation instructions for Apache AFS Web Secure
+Installation instructions for Apache AFS Web Secure
(Version 1 for Apache version 1.2.6)
Prerequisites:-
Ensure the following files exist:-
- - weblog
+ - weblog
- weblog_starter
- libapacheafs.a
- mod_afs.c
libsys.a
-The mod_afs.c file should be in the apache src directory with all the other
+The mod_afs.c file should be in the apache src directory with all the other
module files. weblog and weblog_starter should be in the same directory - this
-could be any directory (preferably outside AFS - if it is in AFS then
+could be any directory (preferably outside AFS - if it is in AFS then
system:anyuser should have the appropriate ACL on that directory).
Editing the following files in the apache src and conf directories:-
1. Configuration (or the current Configuration file)
- EXTRA_LIBS= <whatever you had here before> libapacheafs.a libsys.a
+ EXTRA_LIBS= <whatever you had here before> libapacheafs.a libsys.a
NOTE - specify the full path of these libraries - libsys.a is probably
in /usr/afsws/lib/afs/libsys.a and you can put libapacheafs.a wherever you
server will continue running but AFS authentication will always fail.
2. httpd.conf (or whatever configuration file the server uses on startup
- with the -f flag)
+ with the -f flag)
NOTE: ensure that you provide the entire path for the ErrorLog and PidFile
Directives instead of attempting to have apache prepend ServerRoot.
SetAFSDefaultCell [cell]
SetAFSMountpointDir [dir]
-SetAFSCacheExpiration [time]
+SetAFSCacheExpiration [time]
SetAFSTokenExpiration [time]
SetAFSWeblogPath [path]
SetAFSLocation [loc]
NOTE:- SetAFSLocation <text> should be the same as the Location <text>
and should be a path relative to the server-document-root
-NOTE: loc and dir should *NOT* be the same. There should be no symbolic link,
-file or directory in the DocumentRoot directory with the same name as the loc
+NOTE: loc and dir should *NOT* be the same. There should be no symbolic link,
+file or directory in the DocumentRoot directory with the same name as the loc
directive.
cell: REQUIRED directive.
dir: REQUIRED directive.
Path to the directory or symbolic link relative to the server document
root directory where the AFS cell mount points are. If you want symbolic
- links to be followed make sure you have the
+ links to be followed make sure you have the
Options FollowSymLinks
- directive set.
+ directive set.
-time: OPTIONAL directive
+time: OPTIONAL directive
Seconds for AFS token cache expiration (cacheExpiration is for the local
cache and tokenExpiration is for the AFS kernel cache manager).
-
+
path: REQUIRED directive.
The full or relative (to server binary) path for weblog binary.
loc: REQUIRED directive.
Some location relative to the server root
MAKE SURE THAT THERE DOESN"T ALREADY EXIST A DIRECTORY BY
- THIS SAME NAME. This should be the same (case sensitive)
+ THIS SAME NAME. This should be the same (case sensitive)
as the argument to the Location directive. Eg. /afs
Configure and make apache and start it up with the new config file.
-NOTE: Add the following to the shutdown or stopd file to shutdown the
+NOTE: Add the following to the shutdown or stopd file to shutdown the
weblog_starter process BEFORE the kill -TERM for httpd.pid
kill -TERM `cat <path to httpd.pid>.afs`
-Eg. if the httpd.pid file is in /local/stronghold/apache/logs/httpd.pid
+Eg. if the httpd.pid file is in /local/stronghold/apache/logs/httpd.pid
then the stopd file should look something like this
kill -TERM `cat /local/stronghold/apache/logs/httpd.pid.afs`
-
- kill -TERM `cat /local/stronghold/apache/logs/httpd.pid`
+
+ kill -TERM `cat /local/stronghold/apache/logs/httpd.pid`
POINTERS TO APACHE AND SSL:-
I. Introduction
-AFS Web Security Pack is an extension available for selected Web servers
-that enables system administrators to provide secure access via a
-Web browser to documents stored in the AFS filespace. This document
-summarizes the changes made to AFS Web Security for this release, and
-provides installation and configuration instructions.
+AFS Web Security Pack is an extension available for selected Web servers
+that enables system administrators to provide secure access via a
+Web browser to documents stored in the AFS filespace. This document
+summarizes the changes made to AFS Web Security for this release, and
+provides installation and configuration instructions.
-Note: Due the long filenames and file extensions used for the AFS Web
+Note: Due the long filenames and file extensions used for the AFS Web
Security Pack distribution files, download of the AFS Web Security Pack
- product to a PC sometimes results in incorrect filenames. Note that all
-AFS Web Security Pack distribution files are g-zipped tar files, even if the
-*.tar.gz file extension is lost during the download process.
+ product to a PC sometimes results in incorrect filenames. Note that all
+AFS Web Security Pack distribution files are g-zipped tar files, even if the
+*.tar.gz file extension is lost during the download process.
II. Installation Prerequisites
-Your system must meet the following software and disk space requirements
+Your system must meet the following software and disk space requirements
to install this version of AFS Web Security Pack.
-Operating system: Solaris 2.5.1, AIX 4.1, AIX 4.2, or AIX 4.2.1
-Web server: Apache 1.2.6
-AFS (client): AFS Client 3.4a
-Disk Space: 650 KB
+Operating system: Solaris 2.5.1, AIX 4.1, AIX 4.2, or AIX 4.2.1
+Web server: Apache 1.2.6
+AFS (client): AFS Client 3.4a
+Disk Space: 650 KB
-Note: Due to security considerations, OpenAFS strongly recommends that
-AFS Web Security Pack be used only on a server enabled with Secure
+Note: Due to security considerations, OpenAFS strongly recommends that
+AFS Web Security Pack be used only on a server enabled with Secure
Sockets Layer (SSL).
III. New Features and Product Changes
-The following list describes new features and changes that are included
+The following list describes new features and changes that are included
in this version of AFS Web Security Pack.
-* Configuration of AFS Web Security Pack is now easier and more flexible. The
-AFSMountPointDir and AFSLocation directives are no longer required.
-Instead, during configuration of AFS Web Security Pack, an authorization type
-(AFSAuthType) of AFS is now specified. (See the Installation and Configuration
+* Configuration of AFS Web Security Pack is now easier and more flexible. The
+AFSMountPointDir and AFSLocation directives are no longer required.
+Instead, during configuration of AFS Web Security Pack, an authorization type
+(AFSAuthType) of AFS is now specified. (See the Installation and Configuration
instructions that follow for additional details.)
-* The Log In dialog box that is displayed when users attempt to access
-the AFS file space via a web browser can now be customized adding the
-AFSLoginPrompt directive to the Apache server runtime configuration
-file. (See the Installation and Configuration instructions that follow for
+* The Log In dialog box that is displayed when users attempt to access
+the AFS file space via a web browser can now be customized adding the
+AFSLoginPrompt directive to the Apache server runtime configuration
+file. (See the Installation and Configuration instructions that follow for
additional details.)
-* AFS Web Security Pack now provides the ability to log attempts to
-access AFS in which permission is denied. This logging can be used to
+* AFS Web Security Pack now provides the ability to log attempts to
+access AFS in which permission is denied. This logging can be used to
determine if users are attempting to access information that they are not
authorized to view. To configure this logging, you must add the
- SetAFSAccessLog directive to the Apache server runtime configuration file.
-(See the Installation and Configuration instructions that follow for
+ SetAFSAccessLog directive to the Apache server runtime configuration file.
+(See the Installation and Configuration instructions that follow for
additional details.)
-* AFS Web Security Pack now provides the ability to translate and access user
-directories that are specified with a special character such as a tilde (~),
-for example. http://www.yourcompany.com/~smith. To enable this feature, you
-must add the User Directory directive to the Apache server runtime
-configuration file. (See the Installation and Configuration instructions
+* AFS Web Security Pack now provides the ability to translate and access user
+directories that are specified with a special character such as a tilde (~),
+for example. http://www.yourcompany.com/~smith. To enable this feature, you
+must add the User Directory directive to the Apache server runtime
+configuration file. (See the Installation and Configuration instructions
that follow for additional details.)
-* The previous version of AFS Web Security Pack did not correctly permit
-directory indexing of directories for which a user was assigned lookup
-permission. In addition, the Parent Link in directory indexes did not
-always work correctly. This version of AFS Web Security Pack corrects these
+* The previous version of AFS Web Security Pack did not correctly permit
+directory indexing of directories for which a user was assigned lookup
+permission. In addition, the Parent Link in directory indexes did not
+always work correctly. This version of AFS Web Security Pack corrects these
problems.
-* This version of AFS Web Security Pack corrects a problem with the token cache
+* This version of AFS Web Security Pack corrects a problem with the token cache
that occasionally caused access to AFS to be incorrectly denied.
-* The previous version of AFS Web Security Pack did not accept AFS passwords
+* The previous version of AFS Web Security Pack did not accept AFS passwords
that included a space. This version of AFS Web Security Pack corrects this problem.
-* This version of AFS Web Security Pack corrects a communication (pipe) problem
-that occasionally caused the message SERVER_ERROR to be returned. In
+* This version of AFS Web Security Pack corrects a communication (pipe) problem
+that occasionally caused the message SERVER_ERROR to be returned. In
addition, this version improves performance of AFS Web Security Pack.
-IV. Known Defects and Limitations
-
-* Due to a preexisting problem in the AFS UNIX product, the Apache
-server Fancy Indexing option does not function as expected when AFS
-directories are displayed. If the Fancy Indexing option is enabled
-on the Apache server, when a user initially browses an ACL-protected
-directory (with "system:anyuser l" access), the user is able to see
-file details for directories and links, but not for files. Once the
-user selects a file and enters a username and password, details for
-the files are then displayed. This problem is not caused by AFS Web
-Security Pack or the Apache server, but is due to a defect in the UNIX-based
-AFS code. We are working to address this problem and will make an
-announcement when a corrected version is available. In the interim,
-please be aware of this limitation as you continue testing.
-
-V. Upgrade Instructions for AFS Web Security Pack for the Apache Web Server
-
-Note: Use the following instructions to upgrade AFS Web Security Pack on
-your Apache Web Server if Beta Version 1 or Beta Version 2 of the product
-is already installed. (If this is the first time you are installing AFS Web
-Security Pack, follow the instructions in the next section, Installing and
+IV. Known Defects and Limitations
+
+* Due to a preexisting problem in the AFS UNIX product, the Apache
+server Fancy Indexing option does not function as expected when AFS
+directories are displayed. If the Fancy Indexing option is enabled
+on the Apache server, when a user initially browses an ACL-protected
+directory (with "system:anyuser l" access), the user is able to see
+file details for directories and links, but not for files. Once the
+user selects a file and enters a username and password, details for
+the files are then displayed. This problem is not caused by AFS Web
+Security Pack or the Apache server, but is due to a defect in the UNIX-based
+AFS code. We are working to address this problem and will make an
+announcement when a corrected version is available. In the interim,
+please be aware of this limitation as you continue testing.
+
+V. Upgrade Instructions for AFS Web Security Pack for the Apache Web Server
+
+Note: Use the following instructions to upgrade AFS Web Security Pack on
+your Apache Web Server if Beta Version 1 or Beta Version 2 of the product
+is already installed. (If this is the first time you are installing AFS Web
+Security Pack, follow the instructions in the next section, Installing and
Configuring AFS Web Security PAck 1.0 for the Apache Web Server.)
-1. Replace the existing versions of the weblog, weblog_starter and
-libapacheafs.a files with the new files provided with this version
-of AFS Web Security Pack 1.0. Also, in the Apache src directory,
+1. Replace the existing versions of the weblog, weblog_starter and
+libapacheafs.a files with the new files provided with this version
+of AFS Web Security Pack 1.0. Also, in the Apache src directory,
replace the mod_afs.c or afs_module.c file with the new AFS Web Security Pack
-Module, afs_module.c.
+Module, afs_module.c.
-2. In the Apache server Configuration file, change the line that
-references the AFS Web Security Pack module so that the line appears as
+2. In the Apache server Configuration file, change the line that
+references the AFS Web Security Pack module so that the line appears as
follows:
Module afs_module afs_module.o
Note: If you want to enable AFS Web Security Pack to translate and access user
- home directories, you must include the userdir_module when you build
-the Apache server. For information on including modules when building
+ home directories, you must include the userdir_module when you build
+the Apache server. For information on including modules when building
the Apache server, consult you Apache server documentation.
-3. In the Apache server src directory, run the Configure script to
-create a new configuration Makefile for your operating system.
+3. In the Apache server src directory, run the Configure script to
+create a new configuration Makefile for your operating system.
-4. Stop the Apache server process (httpd). Then, issue the make
-command to compile the Apache server.
+4. Stop the Apache server process (httpd). Then, issue the make
+command to compile the Apache server.
-5. In the Apache server runtime configuration file, remove (or comment
+5. In the Apache server runtime configuration file, remove (or comment
out) the following two lines:
SetAFSMountpointDir /afs_mountpoint_directory
SetAFSLocation /afs_location
-6. In the Apache server runtime configuration file, replace (or
-comment out) the SetHandler afs-authentication parameter with the
-AFSAuthType AFS parameter, so that the Location directive appears as
+6. In the Apache server runtime configuration file, replace (or
+comment out) the SetHandler afs-authentication parameter with the
+AFSAuthType AFS parameter, so that the Location directive appears as
follows:
<Location /afs>
AFSAuthType AFS
</Location>
-where /afs is the directory (or symbolic link to the directory)
-that contains the mount points to AFS to be used by the Apache
-server and AFS Web Security Pack.
+where /afs is the directory (or symbolic link to the directory)
+that contains the mount points to AFS to be used by the Apache
+server and AFS Web Security Pack.
-Note: You can specify AFSAuthType AFS for multiple locations to indicate
+Note: You can specify AFSAuthType AFS for multiple locations to indicate
that AFS Web Security Pack authentication must be used when a user attempts to
-access a specific location. (In specifying a location, you can use wildcard
+access a specific location. (In specifying a location, you can use wildcard
characters if desired.)
-7. (Optional) To customize the authorization dialog box that is
-displayed when users attempt to access the AFS file space via a
+7. (Optional) To customize the authorization dialog box that is
+displayed when users attempt to access the AFS file space via a
web browser, add the following line within the Location directive:
AFSLoginPrompt [Custom Text]
-where [Custom Text] is the text that you want to appear in the dialog
-box that prompts users to enter a user name and password to access AFS
+where [Custom Text] is the text that you want to appear in the dialog
+box that prompts users to enter a user name and password to access AFS
filespace.
-8. (Optional) To enable AFS Web Security Pack to access user directories,
-add the following lines to the Apache server runtime configuration
-file. This directive specifies the syntax used to access user
-directories and indicates that attempts to access user directories
+8. (Optional) To enable AFS Web Security Pack to access user directories,
+add the following lines to the Apache server runtime configuration
+file. This directive specifies the syntax used to access user
+directories and indicates that attempts to access user directories
in the AFS filespace must be passed to AFS Web Security Pack:
<Location /~*>
AFSAuthtype AFS
</Location>
-Then, add the following line to the Apache server runtime configuration
+Then, add the following line to the Apache server runtime configuration
file to indicate the location of user directories in AFS:
UserDir [Users Directory]
where Users Directory indicates the location of user's home directories.
-Note: To enable user directory access in this manner, the Apache Server
-must include the UserDir module. For information on including this
-module when building the Apache server, consult you Apache server
+Note: To enable user directory access in this manner, the Apache Server
+must include the UserDir module. For information on including this
+module when building the Apache server, consult you Apache server
documentation.
-9. (Optional) To enable logging of attempts to access AFS in which
-permission is denied, add the SetAFSAccessLog directive to the Apache
+9. (Optional) To enable logging of attempts to access AFS in which
+permission is denied, add the SetAFSAccessLog directive to the Apache
server runtime configuration file as follows:
SetAFSAccessLog [Access Log File]
-where [Access Log File] is the full path log file in which failed access
-attempts are to be recorded.
+where [Access Log File] is the full path log file in which failed access
+attempts are to be recorded.
-10. If necessary, rename the symbolic link to the AFS filespace in the
-Apache server's document root directory with the name specified in the
-Location directive for the AFS filespace in the server's runtime
-configuration file.
+10. If necessary, rename the symbolic link to the AFS filespace in the
+Apache server's document root directory with the name specified in the
+Location directive for the AFS filespace in the server's runtime
+configuration file.
VI. Installing and Configuring AFS Web Security Pack 1.0 for the Apache Web Server
-This section provides brief installation and configuration instructions
-for Apache AFS Web Security Pack (Version 1.0 for Apache version 1.2.6
-and Apache version 1.3.1). See the product documentation for complete installation
-and configuration instructions and for details about using the configuration script to
+This section provides brief installation and configuration instructions
+for Apache AFS Web Security Pack (Version 1.0 for Apache version 1.2.6
+and Apache version 1.3.1). See the product documentation for complete installation
+and configuration instructions and for details about using the configuration script to
set up AFS Web Security Pack on the Apache server.
-1. Uncompress and extract the files from the .tar.gz file, placing the
-files in the following locations, where Apache Installation Directory
-is the full pathname of the directory where the Apache Web server is
+1. Uncompress and extract the files from the .tar.gz file, placing the
+files in the following locations, where Apache Installation Directory
+is the full pathname of the directory where the Apache Web server is
installed:
-- Place both the weblog and weblog_starter files in one directory,
-for example, Apache Installation Directory/afswebsecurity. These files
-can be placed in any directory as long as they remain together. However,
-if the weblog and weblog_starter files are placed in a directory in AFS,
-ensure that either the user that the Apache Web server runs as, or the
-AFS group system:anyuser is designated as having read and lookup privileges
-on the directory's Access Control List (ACL).
+- Place both the weblog and weblog_starter files in one directory,
+for example, Apache Installation Directory/afswebsecurity. These files
+can be placed in any directory as long as they remain together. However,
+if the weblog and weblog_starter files are placed in a directory in AFS,
+ensure that either the user that the Apache Web server runs as, or the
+AFS group system:anyuser is designated as having read and lookup privileges
+on the directory's Access Control List (ACL).
-- Place the libapacheafs.a file in any directory, for example,
-Apache Installation Directory/afswebsecurity.
+- Place the libapacheafs.a file in any directory, for example,
+Apache Installation Directory/afswebsecurity.
- Place the afs_module.c file in the Apache src directory (Apache version 1.2.6)
or in the src/modules/extra directory (Apache version 1.3.1)
-(generally located directly beneath the Apache Installation Directory).
+(generally located directly beneath the Apache Installation Directory).
-In addition, note the location of the AFS library file, libsys.a. This
-file is installed with the AFS client, and is generally located in the
-/usr/afsws/lib/afs directory.
+In addition, note the location of the AFS library file, libsys.a. This
+file is installed with the AFS client, and is generally located in the
+/usr/afsws/lib/afs directory.
2. Modify the Apache Server Configuration File as follows.
-Locate the EXTRA_LIBS line in the file, and add the paths to the
-libapacheafs.a and libsys.a libraries so that the line reads as follows:
+Locate the EXTRA_LIBS line in the file, and add the paths to the
+libapacheafs.a and libsys.a libraries so that the line reads as follows:
EXTRA_LIBS=[full path to libapacheafs.a] [full path to libsys.a]
-In the Module configuration section of the file, add a reference to the
-AFS Web Security Pack module. It is recommended that the AFS Web Security Pack
+In the Module configuration section of the file, add a reference to the
+AFS Web Security Pack module. It is recommended that the AFS Web Security Pack
module be the first Authentication module.
-To add the AFS module to the list of Apache server modules, add the following line
-to the Configuration file:
+To add the AFS module to the list of Apache server modules, add the following line
+to the Configuration file:
Module afs_module afs_module.o
-Note: If you want the server to attempt to stop completely if AFS
-initialization fails, also add -DSHUTDOWN_IF_AFS_FAILS to the
-EXTRA_CFLAGS line in this file. Otherwise, on startup if the
-initialization procedure fails on startup, the Apache server
+Note: If you want the server to attempt to stop completely if AFS
+initialization fails, also add -DSHUTDOWN_IF_AFS_FAILS to the
+EXTRA_CFLAGS line in this file. Otherwise, on startup if the
+initialization procedure fails on startup, the Apache server
will continue to run but AFS authentication will always fail.
-3. Modify the Apache Server Runtime Configuration File (for example,
+3. Modify the Apache Server Runtime Configuration File (for example,
httpd.conf) as follows.
-Add the following lines to the runtime configuration file:
+Add the following lines to the runtime configuration file:
SetAFSDefault [Cell cellname]
SetAFSCacheExpiration [cache_expiration]
SetAFSTokenExpiration [token_expiration]
SetAFSWeblogPath [weblog_starter_path]
-where the arguments for these Apache server directives are as follows:
+where the arguments for these Apache server directives are as follows:
-[cellname] - The name of the default AFS cell to be accessed via the
+[cellname] - The name of the default AFS cell to be accessed via the
Apache server and AFS Web Security Pack.
-[cache_expiration] -The maximum lifetime in seconds of an AFS token
-that is stored in the local cache. The default recommendation for
-this argument is 300 seconds (5 minutes).
+[cache_expiration] -The maximum lifetime in seconds of an AFS token
+that is stored in the local cache. The default recommendation for
+this argument is 300 seconds (5 minutes).
-[token_expiration] -The maximum lifetime in seconds of an AFS token
-that is stored in the AFS kernel Cache Manager. The default
-recommendation for this argument is 60 seconds (1 minute).
+[token_expiration] -The maximum lifetime in seconds of an AFS token
+that is stored in the AFS kernel Cache Manager. The default
+recommendation for this argument is 60 seconds (1 minute).
-[weblog_starter_path] -The path to the AFS Web Security Pack weblog_starter program.
+[weblog_starter_path] -The path to the AFS Web Security Pack weblog_starter program.
Specify the full path or a path relative to the path set by the ServerRoot Apache
-directive.
+directive.
-Note: To enable logging of failed attempts to access AFS in which permission
+Note: To enable logging of failed attempts to access AFS in which permission
is denied, also add the directive:
SetAFSAccessLog [Access Log File]
-where [Access Log File] is the full path of the log file in which
+where [Access Log File] is the full path of the log file in which
failed access attempts are to be recorded.
Then, add the following additional lines to the runtime configuration file:
AFSAuthType AFS
</Location>
-where [afs] is the request provided by users in combination with the
+where [afs] is the request provided by users in combination with the
server hostname and domain in order to access AFS filespace.
Note: This directive only works within Location (and LocationMatch for Apache 1.3.1)
tags and not in any other tags such as Directory or File.
-Note: You can specify AFSAuthType AFS for multiple locations to indicate
+Note: You can specify AFSAuthType AFS for multiple locations to indicate
that AFS Web Security Pack authentication must be used when a user attempts to
-access a specific location. (In specifying a location, you can use wildcard
+access a specific location. (In specifying a location, you can use wildcard
characters if desired.)
-(Optional) To customize the authorization dialog box that is displayed
-when a user attempts to access the AFS file space via a web browser,
-add the following line to the Location directive added in the previous
-step. The Location directive then appears as follows:
+(Optional) To customize the authorization dialog box that is displayed
+when a user attempts to access the AFS file space via a web browser,
+add the following line to the Location directive added in the previous
+step. The Location directive then appears as follows:
AFSLoginPrompt [Custom Text]
-where [Custom Text] is the text that you want to appear in the dialog box
-that prompts users to enter an AFS user name and password to access the
-AFS filespace.
+where [Custom Text] is the text that you want to appear in the dialog box
+that prompts users to enter an AFS user name and password to access the
+AFS filespace.
-(Optional) To enable AFS Web Security Pack to access user directories, add the
-following additional Location directive to the Apache server runtime
-configuration file.
+(Optional) To enable AFS Web Security Pack to access user directories, add the
+following additional Location directive to the Apache server runtime
+configuration file.
<Location /~*>
AFSAuthType AFS
</Location>
-Then, also add the following additional line to the Apache server runtime
-configuration file to indicate the location of user directories in AFS.
+Then, also add the following additional line to the Apache server runtime
+configuration file to indicate the location of user directories in AFS.
UserDir [Users Directory]
-where [Users Directory] indicates the location of user's home
-directories in AFS. The location is specified relative to the
-server document root directory.
+where [Users Directory] indicates the location of user's home
+directories in AFS. The location is specified relative to the
+server document root directory.
-Note: To enable user directory access in this manner, the Apache
-server must include the User Dir module.
+Note: To enable user directory access in this manner, the Apache
+server must include the User Dir module.
-Save and close the modified runtime configuration file.
+Save and close the modified runtime configuration file.
-4. Stop the Apache server process (httpd). Then, configure and make
-the Apache server and start it up with the new runtime configuration
+4. Stop the Apache server process (httpd). Then, configure and make
+the Apache server and start it up with the new runtime configuration
file.
-5. Add the following to the shutdown or stopd file to shutdown the
+5. Add the following to the shutdown or stopd file to shutdown the
weblog_starter process BEFORE the kill -TERM for httpd.pid:
kill -TERM `cat [path to httpd.pid].afs`
-For example, if the httpd.pid file is in
-/local/stronghold/apache/logs/httpd.pid, then the stopd file should
+For example, if the httpd.pid file is in
+/local/stronghold/apache/logs/httpd.pid, then the stopd file should
look something like this:
kill -TERM `cat /local/stronghold/apache/logs/httpd.pid.afs`
- kill -TERM `cat /local/stronghold/apache/logs/httpd.pid`
+ kill -TERM `cat /local/stronghold/apache/logs/httpd.pid`
VII. AFS Web Security Pack Documentation
-Postscript and HTML versions of the documentation for the initial
-Beta release AFS Web Security Pack are available in the doc directory.
+Postscript and HTML versions of the documentation for the initial
+Beta release AFS Web Security Pack are available in the doc directory.
VIII. Additional Information about Apache and SSL
-The following sites on the World Wide Web provide additional information
+The following sites on the World Wide Web provide additional information
about the Apache Web Server and SSL.
-* Apache Home Page http://www.apache.org
-* Stronghold Home http://www.c2.net
-* Stronghold International http://www.int.c2.net
-* Apache-SSL Home http://www.apache-ssl.org
+* Apache Home Page http://www.apache.org
+* Stronghold Home http://www.c2.net
+* Stronghold International http://www.int.c2.net
+* Apache-SSL Home http://www.apache-ssl.org
* SSLeay FAQ http://www.psy.uq.edu.au:8080/~ftp/Crypto/
thread safety in these libraries is to lock/unlock a recursive global
mutex at the entry point of every public function in the library.
-However, not all public functions are made thread safe since not all
+However, not all public functions are made thread safe since not all
functions are needed by the NT admin work. In particular, there are
many public functions that make up descendants of the functions
-we wish to use that weren't modified, since these functions will be
+we wish to use that weren't modified, since these functions will be
protected by the locking at a higher level function.
-To prevent people from using non-thread safe functions, platform
-specific methods are used to limit the functions exported by the
-library (using def files under NT and mapfiles under Solaris). For
-most non-exported functions, it should be trivial to make the
-transformation to thread safe by simply locking/ unlocking the
+To prevent people from using non-thread safe functions, platform
+specific methods are used to limit the functions exported by the
+library (using def files under NT and mapfiles under Solaris). For
+most non-exported functions, it should be trivial to make the
+transformation to thread safe by simply locking/ unlocking the
global mutex at the beginning/end of the function.
### INTRODUCTION ###
-This Makefile generates two libraries, the standard libuafs.a and
+This Makefile generates two libraries, the standard libuafs.a and
libjuafs.a, a libuafs.a variant that is designed for use with Java
enabled applications (as used with libjafsadm, see
src/JAVA/libjafsadm/JAFSADM_README). The libuafs.a library facilitates
-user authentication at a process level and enables access and
-manipulation of the files and access control lists (ACLs). By way of
-the libuafs.a klog function (uafs_klog), the authenticated user's
-credentials are bound to the executing process and therefore is granted
+user authentication at a process level and enables access and
+manipulation of the files and access control lists (ACLs). By way of
+the libuafs.a klog function (uafs_klog), the authenticated user's
+credentials are bound to the executing process and therefore is granted
permission to act on behalf of the authenticated user.
### LIBUAFS ###
-As of 05/13/2002 the libuafs.a library remains unchanged with respect
+As of 05/13/2002 the libuafs.a library remains unchanged with respect
to OpenAFS release 1.2.3.
### LIBJUAFS ###
-The libjuafs.a is a new addition to the libuafs.a build as of 05/10/2002 and has
+The libjuafs.a is a new addition to the libuafs.a build as of 05/10/2002 and has
been added for the following reasons:
- To avoid function name collisions with other libraries
- To ensure that existing applications using libuafs.a will not be affected.
- Utilize libuafs.a functionality in Java-based applications.
-The libjuafs.a library implements the AFS_WEB_ENHANCEMENTS and UKERNEL
-(user space kernel) definitions, which are used to enable functions
+The libjuafs.a library implements the AFS_WEB_ENHANCEMENTS and UKERNEL
+(user space kernel) definitions, which are used to enable functions
such as:
- afs_setpag_val*
### BUILD ###
-A simple "make" will build both libuafs.a and libjuafs.a. Optionally, you
+A simple "make" will build both libuafs.a and libjuafs.a. Optionally, you
can make each library independently by issuing:
make UAFS/libuafs.a
The libuafs/UAFS directory is generated by the Makefile and contains the
object files and local copy of libuafs.a resulting from the build process.
-The libuafs/JUAFS directory is the same as libuafs/UAFS, however it
+The libuafs/JUAFS directory is the same as libuafs/UAFS, however it
contains output files respective to libjuafs.a.
### CONSIDERATIONS ###
-The libjuafs.a library has only been tested using RedHat Linux 7.3 and
+The libjuafs.a library has only been tested using RedHat Linux 7.3 and
OpenAFS 1.2.6, OpenAFS 1.2.7, OpenAFS 1.2.8, and OpenAFS 1.2.9.
****
This software has been released by its original author, Keir Fraser,
-with permission from his advisors, under a BSD license. For details,
+with permission from his advisors, under a BSD license. For details,
please see README.LICENSE.
-- Matt Benjamin, 07/24/2009
CFArrayRef arrayRef;
if (!CFDictionaryGetValueIfPresent(login_dict, CFSTR("mechanisms"),
- &arrayRef))
+ &arrayRef))
exit(1);
CFMutableArrayRef newMechanisms = CFArrayCreateMutableCopy(NULL, 0,
- arrayRef);
+ arrayRef);
if (!newMechanisms)
exit(1);
CFIndex index = CFArrayGetFirstIndexOfValue(newMechanisms,
- CFRangeMake(0, CFArrayGetCount(newMechanisms)), CFSTR("authinternal"));
+ CFRangeMake(0, CFArrayGetCount(newMechanisms)), CFSTR("authinternal"));
if (index == -1)
exit(1);
CFArraySetValueAtIndex(newMechanisms, index, CFSTR("newmech"));
- CFMutableDictionaryRef new_login_dict
- = CFDictionaryCreateMutableCopy(NULL, 0, login_dict);
+ CFMutableDictionaryRef new_login_dict
+ = CFDictionaryCreateMutableCopy(NULL, 0, login_dict);
CFDictionarySetValue(new_login_dict, CFSTR("mechanisms"), newMechanisms);
status = AuthorizationRightSet(authRef, LOGIN_RIGHT, new_login_dict,
- NULL, NULL, NULL);
+ NULL, NULL, NULL);
if (status) exit(1);
}
# This code depends on heimdal's asn1_compile generated krb5 decoding
# stuff. The code is originally from rxkad that Björn Grönvall
# <bg@sics.se> for kth-krb and was included in Arla.
-#
+#
# The first file, v5der.c are part for of support functions
# that all generated files depends on.
-#
+#
# The second file (v5gen.h) is the header file that is generated for
# the decoding functions.
-#
+#
# The third file (v5gen.c) is the subset of the generated functions we
# need to decode the authenticator.
-#
+#
# The forth file (v5gen-rewrite.h) is used to make sure we don't
# pollute the namespace.
-#
+#
# All files are modified to build within OpenAFS environment without
# any external dependencies. Below is the shell script that is used to
# import the code into the four files.
-#
+#
# All internal symbols are rewritten to _rxkad_v5_.
#
# Make sure we don't export too much
-#
-# : lha@nutcracker ; nm ticket5.o | grep T | grep -v _rxkad_v5
+#
+# : lha@nutcracker ; nm ticket5.o | grep T | grep -v _rxkad_v5
# 00005748 T tkt_DecodeTicket5
#
Prerequisites
-1) A Kerberos KDC should already be configured
+1) A Kerberos KDC should already be configured
2) An afs key should be in the KeyFile the AFS binaries will use
(/usr/afs/etc/KeyFile in an IBM-style installation; bos_util can be used
to set it up)
3) 2 srvtabs or keytabs with user keys, one for the user "admin"
- and one for the user "user" that can be used for authenticated testing
+ and one for the user "user" that can be used for authenticated testing
of the AFS installation
4) The necessary tools for getting an AFS token from the installed Kerberos
(typically aklog) should be available.
* Copyright (c) 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- *
+ *
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-This is a (potentially) modified version of the AFSTools perl suite.
+This is a (potentially) modified version of the AFSTools perl suite.
You should visit grand.central.org for the official version.
-F Append / to filenames for directories, @ for symlinks,
and * for files which have the execute bits set.
-R Recurse through all subdirectories.
-
+
cd Change the current directory
cp Copy a file from the dump. Note that globbing is NOT
supported, and you must give a filename (the Unix
idiom of just giving a destination directory for the
second argument to cp will NOT work).
-
+
vcp Copy a file from the dump, by the vnode. The first
argument is the vnode number, optionally followed by
the uniquifier. E.g:
vcp 126278 /tmp/file1
vcp 126278.43289 /tmp/file2
-
+
quit Exits dumptool.
exit
-f Force dump processing. Attempt to continue processing
a dump even when some errors are detected. Not completely
tested.
-
+
-i Inode dump. Dump a list of all files in the volume,
with their volume/vnode/uniquifier information.
-d Dump all residency filenames in the dump file to standard
output.
-
+
-t Residency tag information. Allows a user to specify the
tag of a residency if the rsserver is not available.
Format of option is Residency/Tag
-
+
-r Residency filesystem information. Allows a user to specify
the residency filesystem information if dumptool is not
run on the same host as the residency in the dump. Format
License. For details, see the LICENSE file in the top-level source
directory or online at http://www.openafs.org/dl/license10.html
-/* Tool for listing /vicepX partition
+/* Tool for listing /vicepX partition
**
*/
-listVicepx -p < partitionName> -v <volumeName>
+listVicepx -p < partitionName> -v <volumeName>
[-ls | -lsl | -ld | -dir <directoryInode> ]
Without any input options, it prints out the names of symlinks and
inside the volume.
With the -lsl option, it prints out metadata about all file/symlink.
-This metadata includes the inode number(Ind), UNIX mode bits(Mod),
+This metadata includes the inode number(Ind), UNIX mode bits(Mod),
link count(Lnk), the owner(Own), the group(Grp) and the file size(Siz).
With the -ld option, it prints out metadata about all directories
in this volume. This metadata includes the directory inode(Ind) and
-the directory vnode(Vnd) along with the directory name. The root
+the directory vnode(Vnd) along with the directory name. The root
directory of the volume is indicated as ~.
-With the -dir <directory inode> option, this tool prints out the
+With the -dir <directory inode> option, this tool prints out the
contents of this directory. The inode number has to be a directory inode.
COMPILATION:
ln -s ../DEST DEST
make install
-The executable name is listVicepx.
+The executable name is listVicepx.
to recurse into any new directories. See util/Makefile.in for an example
of how to write a Makefile.in for a new test directory.
-The files comprising the test harness are sourced from the C TAP Harness
+The files comprising the test harness are sourced from the C TAP Harness
distribution using the src/external mechanism. The upstream site for that
distribution is at:
git://git.openafs.org / openafs.git / commitdiff