Re: [OpenAFS] OpenAFS Release 1.8.10 available

2023-07-07 Thread Dave Botsch 
Congrats to you and the team on 1.8.10 !!

On Fri, Jul 07, 2023 at 07:28:02PM +0200, Stephan Wiesand wrote:
> The OpenAFS Release Team is pleased to announce the availability of OpenAFS
> version 1.8.10 for UNIX/Linux. Source files can be accessed via the web at
> 
>   http://www.openafs.org/release/1.8.10/
> 
> or via AFS at:
> 
>   UNIX: /afs/grand.central.org/software/openafs/1.8.10/
>   UNC: \\afs\grand.central.org\software\openafs\1.8.10\
> 
> OpenAFS 1.8.10 is the next release in the current stable series of OpenAFS
> releases for UNIX/Linux systems. It brings performance and reliablity 
> improvements,
> improved diagnostics, support for the latest Linux mainline kernel (currently 
> 6.4),
> Apple Silicon and macOS releases up to 13 ("Ventura"), much improved support 
> for
> the AIX platform, including releases 7.1, 7.2 and 7.3, as well as a number of 
> bug
> fixes and minor new features.
> 
> For the full list of user visible changes in this release, please see
> 
>   http://dl.openafs.org/dl/1.8.10/RELNOTES-1.8.10
> 
> Bug reports should be filed to openafs-b...@openafs.org.
> 
> Stephan Wiesand, OpenAFS Release Manager
> on behalf of the OpenAFS Release Team
> 
> -- 
> Stephan Wiesand
> DESY - DV -
> Platanenallee 6
> 15738 Zeuthen, Germany
> 
> 
> 
> 
> 
> -- 
> Stephan Wiesand
> DESY - DV -
> Platanenallee 6
> 15738 Zeuthen, Germany
> 
> 
> 
> ___
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

David William Botsch
Programmer/Analyst
@CornellCNF
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] RFC: Altering the processing of IPv4 (aka Host) ACLs to enforce negative rights

2023-03-23 Thread Dave Botsch 
I'm generally in favor of considering this a bug and fixing it.

Thanks!

On Mon, Mar 20, 2023 at 04:21:12PM -0400, Jeffrey E Altman wrote:
> On 7 March Andrew Deason submitted a patch to OpenAFS documenting the
> existing behavior of the OpenAFS fileserver when computing Anonymous and
> Caller Access Rights if the IPv4 address from which the RXAFS RPC was
> received matches a PTS host entry and that PTS entry matches an Access
> Control Entry (ACE).
> 
> https://gerrit.openafs.org/#/c/15340/
> 
> Quoting Andrew's submission to the fs_setacl man page:
> 
>"Combining _Negative rights_ granted from machine entries (IP
>addresses) and _Normal rights_ granted from non-machine entries (or
>vice versa) will generally not work as expected. Permissions granted
>by machine entries and by non-machine entries are calculated
>separately, and both sets of permissions are given to an accessing
>user. For example, if permissions are granted to an authenticated
>user or group (or _system:anyuser_), you cannot remove those
>permissions from specific hosts by adding machine entries to a group
>in an ACL in the _Negative rights_> section."
> 
> The IBM AFS Administrator's Guide "Protecting Data in AFS" section states:
> 
>"When determining what type of access to grant to a user, theFile
>Server first compiles a set of permissions by examiningall of the
>entries in the Normal rights section of the ACL. Itthen subtracts
>any permissions associated with the user (orwith groups to which the
>user belongs) on the Negative rightssection of the ACL. Therefore,
>negative permissions alwayscancel out normal permissions."
> 
> IBM/Transarc AFS 3.2 introduced the granting of permissions based upon the
> host's IPv4 address in addition to those granted to the caller. The
> implementation evaluates the caller's rights independently of the host's
> rights and then ORs the results. This approach violates the statement that
> negative permissions always cancel out normal (aka positive) permissions. If
> a caller is granted "read" but there is a matching negative "read" ACE (aka
> permission) for the host, the negative "read" ACE is ignored. Likewise if
> "lookup" is granted to the host but the caller matches a negative "lookup"
> ACE, then the caller's negative "lookup" ACE is ignored.
> 
> The problem can be demonstrated with a couple of examples.   First, lets
> define some PTS entities and membership relations:
> 
>  * user: jane = 1000
>  o member: system:authusers
>  o member: system:anyuser
>  o member: no-admin
>  * user: 128.66.0.130 = 2000
>  o member: local-hosts
>  * group: no-admin = -100
>  o member: jane
>  * group: local-hosts = -500
>  o member: 128.66.0.130
> 
> Example 1:  RXAFS RPC received from a host that is not a member of
> local-hosts
> 
> ACL
> 
>  * system:anyuser: l; -none
>  * system:authuser: lrk; -none
>  * jane: none; -r
>  * local-hosts: r; -none
> 
> Rights:
> 
>  * system:anyuser: lookup
>  * system:authuser: lookup, read, lock
>  * jane: lookup, lock
> 
> When "jane" accesses a file with this ACL the granted rights will be "lk"
> because the negative read permission cancels the positive read permission
> granted by the membership in the system:authuser group.
> 
> 
> Example 2: RXAFS RPC received from a host that is a member of local-hosts
> 
> ACL
> 
>  * system:anyuser: l; -none
>  * system:authuser: lrk; -none
>  * jane: none; -r
>  * local-hosts: r; -none
> 
> Rights:
> 
>  * system:anyuser: lookup, read
>  * system:authuser: lookup, read, lock
>  * jane: lookup, read, lock
> 
> In this case, even though "jane" is denied the "read" permission granted to
> members of "system:authuser" because of the negative "read" in the "jane"
> ACE she is granted the permission because of the positive read permission
> granted to "local-hosts" members. The granting of "read" permission to
> "jane" is an unexpected result!
> 
> 
> Example 3: RXAFS RPC received from a host that is not a member of
> local-hosts
> 
> ACL
> 
>  * system:anyuser: l; -none
>  * system:authuser: lrk; -none
>  * jane: lrkwid; -none
>  * local-hosts: none; -wida
> 
> Rights:
> 
>  * system:anyuser: lookup
>  * system:authuser: lookup, read, lock
>  * jane: lookup, read, lock, write, insert, delete
> 
> In this case, "jane" is granted all of the permissions other than "admin".
> 
> 
> Example 4: RXAFS RPC received from a host that is a member of local-hosts
> 
> ACL
> 
>  * system:anyuser: l; -none
>  * system:authuser: lrk; -none
>  * jane: lrkwid; -none
>  * local-hosts: none; -wida
> 
> Rights:
> 
>  * system:anyuser: lookup
>  * system:authuser: lookup, read, lock
>  * jane: lookup, read, lock, write, insert, delete
> 
> In this case, "jane" is granted all of the permissions other than "admin".  
> However, because the RPC was issued from a host that is a member of
> "local-hosts" the expected result would be "jane" receiving only the
> "lookup, read, lock"

[OpenAFS] appropriate -cb numbers for fileservers?

2022-09-08 Thread Dave Botsch 
What's the best way to determine appropriate -cb numbers for
fileservers? And is there a max that is "bad" like with -p ?

Note I'm still on 1.6 servers at the moment, which might change the
answers to the above.

thanks.

-- 

David William Botsch
Programmer/Analyst
@CornellCNF
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Question for admins regarding pts membership output

2022-07-13 Thread Dave Botsch 
I suspect our user deprovisioning scripts would break by trying to
explicitly remove users from those groups. Though would be easy enough
to fix. And I'm in favor of having this extra output.

Two questions/thoughts would be:

1) If this is a "backwards-incompatible" change (is it?) should it be
reserved for the next major version upgrade (2.0) ?

2) Use of a flag to pts membership to include (or not include) explicit
and implicit membership, as I might very well want to filter the
output... the question then becomes which way should be the "default"? 

thanks.

On Wed, Jul 13, 2022 at 09:49:29AM -0400, Jeffrey E Altman wrote:
> The Protection Service groups fall into two categories.   Those with
> explicit membership lists and those with implicit membership lists.   For
> example, the "system:anyuser" and "system:authuser" groups are implicit
> whereas "system:administrators", "system:ptsviewers", and
> "system:authuser@foreign-realm" groups are explicit.
> 
> The output of "pts membership" only includes memberships in explicit
> membership groups.   This has a negative impact inexperienced end users that
> might be unaware that they are members of the "system:anyuser" and
> "system:authuser" groups. This behavior also leads to an inconsistency
> between the behavior for foreign and local users because foreign users are
> not members of "system:authuser" and are members of
> "system:authuser@foreign" which is included in the membership list because
> that group has an explicit membership list.
> 
> The AuriStorFS  Protection service also makes a distinction between "user"
> and "machine" or "network" entities where "machine" and "network" entities
> are not members of the "system:authuser" or "system:authuser@foreign"
> groups.   This distinction is not apparent from the output of "pts
> membership" because of the exclusion of implicit groups.
> 
> AuriStor is considering a change to "pts membership" output to include
> implicit memberships in the output of "pts membership". With this change the
> output of these commands
> 
>   $ pts membership anonymous
>   Groups anonymous (id: 32766) is a member of:
> 
>   $ pts membership testuser
>   Groups anonymous (id: 112) is a member of:
> 
>   $ pts membership testuser@foreign
>   Groups anonymous (id: 43282) is a member of:
>     system:authuser@foreign
> 
> becomes
> 
>   $ pts membership anonymous
>   Groups anonymous (id: 32766) is a member of:
>     system:anyuser
> 
>   $ pts membership testuser
>   Groups anonymous (id: 112) is a member of:
>     system:anyuser
>     system:authuser
> 
>   $ pts membership testuser@foreign
>   Groups anonymous (id: 43282) is a member of:
>     system:authuser@foreign
>     system:anyuser
> 
> The question for cell admins is whether anyone is aware of any internal
> scripts which process the output of "pts membership" which will break as a
> result of the inclusion of the implicit groups "system:anyuser" and
> "system:authuser" in output.
> 
> Your assistance is appreciated.
> 
> Jeffrey Altman
> AuriStor, Inc.
> 



-- 

David William Botsch
Programmer/Analyst
@CornellCNF
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] How to replace pam_krb5 on RHEL 8 systems

2022-07-11 Thread Dave Botsch 
Not surprised that they patched something useful in. And it is a useful
option.

thanks

On Mon, Jul 11, 2022 at 12:40:57PM -0700, Carson Gaspar wrote:
> This is a Red Hat patch: openssh-7.7p1-gssapi-new-unique.patch
> 
> On 7/11/2022 12:26 PM, Dirk Heinrichs wrote:
> > Dave Botsch:
> > 
> > > Maybe it's not in newer release of openssh?
> > Nope. Also looked up Debian Stretch's man page for OpenSSH 7.9. Doesn't
> > have it. See
> > https://manpages.debian.org/stretch/openssh-server/sshd_config.5.en.html
> > 
> > Bye...
> > 
> >      Dirk
> > 
> ___
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

David William Botsch
Programmer/Analyst
@CornellCNF
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] How to replace pam_krb5 on RHEL 8 systems

2022-07-11 Thread Dave Botsch 
Yup, I see that that option is not there on rhel6 with
openssh-server-5.3p1-124.el6_10.x86_64

so must be a new option. And something that was clearly handled
differently on RHEL6.

thanks!

On Mon, Jul 11, 2022 at 09:26:54PM +0200, Dirk Heinrichs wrote:
> Dave Botsch:
> 
> > Maybe it's not in newer release of openssh?
> 
> Nope. Also looked up Debian Stretch's man page for OpenSSH 7.9. Doesn't
> have it. See
> https://manpages.debian.org/stretch/openssh-server/sshd_config.5.en.html
> 
> Bye...
> 
>     Dirk
> 
> -- 
> Dirk Heinrichs 
> Matrix-Adresse: @heini:chat.altum.de
> GPG Public Key: 80F1540E03A3968F3D79C382853C32C427B48049
> Privacy Handbuch: https://www.privacy-handbuch.de
> 




-- 

David William Botsch
Programmer/Analyst
@CornellCNF
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] How to replace pam_krb5 on RHEL 8 systems

2022-07-11 Thread Dave Botsch 
Maybe it's not in newer release of openssh?

RHEL8 is using:

$ rpm -q openssh-server
openssh-server-8.0p1-13.el8.x86_64

And from the man page:


KerberosUniqueCCache

 Specifies whether to store the acquired tickets in the
 per-session credential cache under /tmp/ or whether to use
 per-user credential cache as configured in /etc/krb5.conf.
 The default value no can lead to overwriting previous
 tickets by subseqent connections to the same user account.


And this gets a bit interesting depending on what's in /etc/krb5.conf
and if using sssd what's in sssd.conf for kerberos.


Thanks.

On Mon, Jul 11, 2022 at 07:54:12PM +0200, Dirk Heinrichs wrote:
> Dave Botsch:
> 
> > KerberosUniqueCCache=yes in sshd.conf
> 
> Could you elaborate on what this option is good for? I can't find it in
> sshd_config(5), neither on a Debian Bookworm system with OpenSSH 9.0,
> nor in online man-pages of Arch Linux or upstream OpenSSH. Is this some
> special RH-only thing?
> 
> Thanks a lot...
> 
>     Dirk
> 
> -- 
> Dirk Heinrichs 
> Matrix-Adresse: @heini:chat.altum.de
> GPG Public Key: 80F1540E03A3968F3D79C382853C32C427B48049
> Privacy Handbuch: https://www.privacy-handbuch.de
> 




-- 

David William Botsch
Programmer/Analyst
@CornellCNF
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] How to replace pam_krb5 on RHEL 8 systems

2022-07-11 Thread Dave Botsch 
Since we are not using PAGs anymore on most of our systems and instead
using UID based logins for tokens, I should retest and see what does and
doesn't work with keyrings as I honestly don't recall at this point, and
things have changed with the various point releases of RHEL8. One of the
challenges when testing is that things can appear to work when in
reality, the last login didn't actually destroy all credentials.

My memory does say, though, that on login we did successfully get
kerberos tickets in the keyring (aklog may be a different story,
though, and I have a note that that didn't work without:
KerberosUniqueCCache=yes in sshd.conf, though no more details, stream of
thought comments Lol)

There's a couple of systems where we still use PAGs so that when a user
logouts with multiple logins, their other logins still have tokens. With
systemd-login, that may not actually be needed to accomplish said end
goal. 

All future stuff to play with. 

On Mon, Jul 11, 2022 at 01:20:31PM -0400, Ken Hornstein wrote:
> >We went back to using FILE based caches for use along with PAGs.
> >Something didn't work right with keyring caches, and I don't recall
> >what.
> 
> Ah-HA.  I was wondering about that.  I suspect you ran into the base
> problem that my PAM stack solves, namely that _in_ the PAM stack you're
> running as root and that creates a keyring cache owned by root which
> doesn't work after you call setuid().
> 
> It's kind of a challenging corner case; you receive forwarded
> credentials in a daemon running as root, but then you have to write
> them out as the user.  How do you do that at the right point in the
> daemon process, especially when they assume after setuid() is called
> they have all of the normal rights of a user?  My solution was designed
> so that after you exited the session stack you had all of the Kerberos
> and AFS stuff set up properly.  I'm open to other ideas!  But recall
> that for us keyrings are a hard requirement.
> 
> --Ken

-- 

David William Botsch
Programmer/Analyst
@CornellCNF
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] How to replace pam_krb5 on RHEL 8 systems

2022-07-11 Thread Dave Botsch 
We went back to using FILE based caches for use along with PAGs.
Something didn't work right with keyring caches, and I don't recall
what.

I believe our general path was, keyring didn't work, ok, go to file
based. Now get sssd and pam_afs_session working properly and work around
the krb5-1.18 breakage. Did we ever go back to trying keyring again? Not
sure.

Of course, on several systems, we have eliminated the use of PAGs due to
the aforementioned problems with systemd-login and gnome-shell stuff not
working properly with PAGs. So on those, could probably switch back to
keyring credentials.

thanks.


On Mon, Jul 11, 2022 at 11:05:33AM -0400, Ken Hornstein wrote:
> >I think all we had to do, actually, was set appropriate options for
> >GSSAPI in sshd_config ... and make sure it was still using PAM for the
> >account and session pieces.
> 
> Right, but do you use both keyring credential caches and PAGs?  Those two
> were what made things difficult for us.  In my experience if the keyring
> credential cache is owned by root then you can't add new credentials to
> it as a vanilla user (and vice versa).
> 
> --Ken

-- 

David William Botsch
Programmer/Analyst
@CornellCNF
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] How to replace pam_krb5 on RHEL 8 systems

2022-07-11 Thread Dave Botsch 
I think all we had to do, actually, was set appropriate options for
GSSAPI in sshd_config ... and make sure it was still using PAM for the
account and session pieces.


We did not have to use any stashcred or chuse stuff... our session stack
looks like:

session optional pam_keyinit.so revoke
session required pam_limits.so
-sessionoptional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet 
use_uid
session optional pam_afs_session.so program=/opt/local/bin/aklog
session required pam_unix.so
session optional pam_sss.so


(We had to recompile aklog to deal with krb5-1.18 breaking unique
kerberos caches, hence pointing to the other external aklog program,
which does, btw, work with the standard pam_afs_session)

I believe all we did was to add the pam_afs_session line to the session
stack.


Thanks.

On Mon, Jul 11, 2022 at 10:14:39AM -0400, Ken Hornstein wrote:
> >(of course, authenticating with kerberos tickets instead of passwords is
> >a tad more complicated with ssshd doing stuff, too).
> 
> Yeah, tell me about it.  This is the PAM stack we ended up with:
> 
> session required pam_stashcred.so save
> session required pam_chuser.so r2user
> session required pam_afs_session.so notokens
> session required pam_chuser.so r2e
> session required pam_chuser.so e2user
> session required pam_stashcred.so restore force-keyring
> session required pam_chuser.so e2r
> session required pam_afs_session.so nopag
> 
> stashcred and chuser are PAM modules I wrote.  For us the use of keyring
> credential caches is non-negotiable, but the owner of the session keyring
> ends up being wrong without some help.  And sadly the owner of the AFS
> PAG is based on the real userid, but the Kerberos credential cache owner
> is based on the effective userid.  So we use stashcred to save the
> Kerberos credential cache internally (received via credential forwarding),
> set the real userid to the value of the authenticated userid using
> chuser, create the PAG with pam_afs_session so it is owned by the
> authenticated user, switch things so now the effective userid is the
> authenticated userid, restore the Kerberos credential cache (and force
> it to be keyring and set KRB5CCNAME appropriately), switch everything
> back so we're running as root again, and THEN get an AFS token.  It's
> a mess, but we get keyring credential caches and PAGs and it all works.
> 
> --Ken
> ___
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

David William Botsch
Programmer/Analyst
@CornellCNF
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] How to replace pam_krb5 on RHEL 8 systems

2022-07-11 Thread Dave Botsch 


In our case, we use multiple kerberos domains to authenticate users. 

So in pam.d/password-auth...

authsufficient   pam_sss.so
forward_pass


then lets sssd take care of figuring out via an ldap lookup, which
kerberos domain to authenticate the user against.

(of course, authenticating with kerberos tickets instead of passwords is
a tad more complicated with ssshd doing stuff, too).

nsswitch is also involved for lines like:

account sufficient pam_succeed_if.so user ingroup users

(where the group users is populated by sssd via ldap lookup into AD)

Thanks.

On Mon, Jul 11, 2022 at 09:43:48AM -0400, Ken Hornstein wrote:
> >I wanted to mention that we are successfully doing ssh and gnome-shell
> >logins with pam_sssd where sssd takes care of authN via kerberos and via
> >ldap provides group information, and pam_afs_session to get afs tokens.
> 
> I guess _this_ is the part I'm confused about; why is pam_sss in there?
> I know that other people do this so I'm sure there's a reason, but we
> never found it necessary.  We do use sssd, but only via nsswitch;
> we control per-host access with ldap-based netgroups.
> 
> --Ken

-- 

David William Botsch
Programmer/Analyst
@CornellCNF
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] How to replace pam_krb5 on RHEL 8 systems

2022-07-11 Thread Dave Botsch 
I wanted to mention that we are successfully doing ssh and gnome-shell
logins with pam_sssd where sssd takes care of authN via kerberos and via
ldap provides group information, and pam_afs_session to get afs tokens.

Two difficulties... if using PAGSHs, not all processes run inside a
pagsh, which can break gnome-shell stuff. So not using PAGsh is
recommended.

and with systemd_login, it and subprocesses don't necessarily quit on
logout. Which means they are sitting there banging away against afs with
no tokens (if you use afs homedirs). There is an option to force
systemd_login to quit at logout, though this breaks the use of things
like screen and tmux, iirc.

I'm happy to provide our configs (we worked with RedHat support to get
sssd working properly migrating from nslcd and pam_krb5 on rhel6).

thanks


On Sat, Jul 09, 2022 at 10:06:06AM -0400, Ken Hornstein wrote:
> >Only if you let sssd touch Kerberos. There are any number of reasons not 
> >to let it do so (no clue if the KRB5 and LDAP problems are fixed in 
> >later versions, but the EL8 code was written by crazed weasels on 
> >crack). But I'd use Russ' pam_krb5 instead of one from EL7 
> >(https://www.eyrie.org/~eagle/software/pam-krb5/pam-krb5.html), which 
> >would probably require you use pam_afs_session as suggested (unless I'm 
> >missing something in the docs, which is very possible).
> 
> I guess this explains why when everyone talks about the Kerberos issues
> they have on RHEL systems, I'm like ¯\_(ツ)_/¯, because we don't let sssd
> anywhere near Kerberos and it sounds like that's a bad idea (at least
> for the things we want to do).
> 
> --Ken
> ___
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

David William Botsch
Programmer/Analyst
@CornellCNF
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Hacakthon? User mtg? And Workshop Followup

2022-06-17 Thread Dave Botsch 
On behalf of the Foundation Board, thank you to everyone who
participated in the 2022 workshop. And especially thanks to those who em
cee'ed and those who gave talks. I caught portions of a few of the talks
and really enjoyed them.

The workshop can be, as it was this year, more developer focused. Is
there interest in a fall one day user focused workshop (site updates,
challenges, solutions users and sites are facing, useful utilities and
tools you may not know about, etc etc)?

Hackathon... would there be interest in a virtual hackathon? One outcome
of COVID is that the tools are now much better than they were a few
years ago. For GSOC, the Foundation has spun up an OpenAFS slack
instance, so that would be one useful tool for a Hackathon.

Please reply back with your thoughts, comments, and feedback.

Thank you, and stay healthy!

Dave Botsch,
OpenAFS Foundation, Inc. board member



___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] AFS Workshop 2022 update and schedule

2022-05-18 Thread Dave Botsch 
Dear All,
 
The AFS Foundation Board is happy to announce that the presentation
schedule for the AFS Workshop 2022 has been created and uploaded for
your perusal.  This year’s workshop’s URL is
https://workshop.openafs.org/afsbpw22/.
 
We are pleased to report that any and all presentation topic submissions
were accepted onto the schedule.  There were only a few tweaks in
projected presentation durations; if you are presenting, please
double-check the time budgeted for your delivery.
 
>From the main URL, you may also register for the workshop via
Eventbrite.  When the time comes, this will give you access to a zoom
link to connect to the group virtually.
 
Please note that there are two ticket types available on Eventbrite: one
for regular attendees (with a $50 fee for the conference), and another
for workshop speakers (with a $0 fee).  Please select the ticket type
that applies to you.
 
We are looking forward to your registrations and to your actual
attendance at the conference; it is promising to become an exciting
event.  Until then, get/be well…
 
Dave Botsch, on behalf of:
Margarete
Secretary of the Board
OpenAFS Foundation, Inc.


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] 2022 AFS Workshop CFP Reminder - Due 5/5/22

2022-05-02 Thread Dave Botsch 
Hello and good afternoon into the AFS community!

This is a gentle yet urgent reminder that the deadline for submitting
presentation proposals for our AFS Workshop 2022 is THIS Thursday,
05/05/22.  Please send your proposal(s) for consideration to
openafs.works...@gmail.com, with the subject of cfp.  Thank you.

We are hoping that many of you will still turn in proposals.  There are
plenty of good reasons to do so, the most prominent of which is: this
Workshop will be as enriching and exciting as YOU make it! __

Best Spring wishes,
Dave Botsch, on behalf of
Margarete Ziemer, Secretary
OpenAFS Foundation

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Call for Talks and Activities: 2022 AFS Technologies Workshop - Deadline May 5th

2022-04-06 Thread Dave Botsch 
The 2022 AFS Technologies Workshop is a community based effort to
promote the stability and growth of the AFS distributed file system and
related technologies.

The workshop will be three half day workshops from 10 AM Eastern US time
June 14-16, 2022, held virtually.

We believe that all members of the AFS community have something valuable
to share with others. We invite you to submit a session proposal to
share your experience with colleagues in the AFS community. Sessions
types at the workshop include presentations, panels, tutorials, and
roundtable discussions.

Everyone is encouraged to speak or host an activity.

Why Present
• Friendly Audiences
• Rewarding Experience
• Share Your Knowledge
• Contribute to the Community

Topics of Interest

Have a neat new tool you wrote that saves you time and effort? Tell us
about it. Have an idea you want to try out on a bunch of people? Tell us
about it. Have you done some performance tuning, benchmarking, or
automated testing? We would love to hear more!

• Site Reports
• Best Practices
• Case studies and use cases for AFS
• “Birds of a Feather” (BOF) sessions
• Code Hackathon
• AFS projects
• Training & tutorials
• Or anything else you would like to discuss or showcase.

Proposals should contain:

• Your name and affiliation
• Session title
• A brief summary of the topic
• Time requirements

Multiple proposals are welcome from the same individual or organization.
Speakers should also register for the Workshop.

Please send your proposals for consideration by May 5th to
openafs.works...@gmail.com with the subject 2022 cfp.

Information on the AFS Technologies Workshop can be viewed on

https://workshop.openafs.org

Thank you.
-The OpenAFS Foundation Board


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] OpenAFS Accepted to GSOC 2022

2022-03-07 Thread Dave Botsch 
OpenAFS has been selected as a Google Summer of Code 2022 mentor
organization.

The list of accepted 2022 GSoC mentoring organizations will be published
March 07, 2022 at 18:00 UTC at https://g.co/gsoc.

That website appears to be overwhelmed at the moment, and Google is
working on a fix.

Those who have volunteered as mentors should monitor the IRC channel on
libera and the mailing lists.

And, of course, help from anyone else in the community on talking with
potential students on potential OpenAFS projects (doesn't have to be
limited to those on the openafs web site) is welcome.

thanks!

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] GSOC Project Ideas Page for OpenAFS

2022-02-15 Thread Dave Botsch 
Here's a beta version of our webpage that we'll be posting with our
project ideas:

https://htmlpreview.github.io/?https://github.com/meffie/openafs-web/blob/gsoc-2022/gsoc/project-ideas.html

Comments and suggestions welcome!

-- 

David William Botsch
Programmer/Analyst
@CornellCNF
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Seeing Project Ideas and Mentors for OpenAFS Google Summer of Code

2022-01-26 Thread Dave Botsch 
All,

Google Summer of Code is a global, online program focused on
bringing new contributors into open source software development.
GSoC Contributors work with an open source organization on a 12+
week programming project under the guidance of mentors.

And the Foundation is willing to facilitate an organizational applicaton
for the OpenAFS project as well as pay a stipend to any OpenAFS
community member acting as a mentor:

Community members and committers already active in the mentoring
organizations can choose to mentor a contributor project.
Mentors and GSoC contributors work together to determine
appropriate goals for the program period. Mentor interaction is
a vital part of the program.


GSoC is a great opportunity to foster a young mind's interest in coding
and in FOSS (and possibly in OpenAFS as well). And it's a great
opportunity for you as a mentor and something that can start or expand
your own leadership journey.

So, we are looking for mentor volunteers and project ideas... part of
the organization application process is an Ideas page with potential
projects for students.

Project ideas should have managable project goals for several weeks of
the program. Which can, when working with the student, be broken down
into smaller pieces.

Think a small neat feature in a piece of AFS, an improvement someplace,
useful utility (for example, having someone write a new up to Gnome GUI
for working with AFS file permissions).

If you are interested in mentoring and/or have ideas or would simply
like to discuss further, let's talk in the #openafs IRC channel or via
email.

The Organization application period begins February 7.

thanks!



-- 

David William Botsch
OpenAFS Foundation Board
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Google Summer of Code and OpenAFS

2021-11-17 Thread Dave Botsch 
In past years, OpenAFS has pariticpated in the Google Summer of Code.
It's a good opportunity to raise awareness of the OpenAFS project and
recruit potential new folk in addition to getting some fun code out of
it.

The OpenAFS Foundation would like to propose that we apply to the
program and that the community mentor one or two students. Because
everyone is busy, the Foundation would compensate the mentors for their
time as paid volunteers. We are looking at $3000 to compensate each
mentor.

If you are interested or have thoughts or comments, please email me back
and/or post something in the channel.

Thanks!

On behalf of the OpenAFS Foundation, Inc.

-- 

David William Botsch
Programmer/Analyst
@CornellCNF
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Schedule and Registration Available for 2021 AFS Technologies Workshop

2021-05-25 Thread Dave Botsch 
AFS Community,

the schedule for the 2021 AFS Technologies Workshop is up on the
workshop website at https://workshop.openafs.org/afsbpw21/schedule/

Register today! $50 for the full three day workshop or $20 for a single
day. Registration is available at:

https://workshop.openafs.org/afsbpw21/registration/

Those who are speaking do not need to register separately.

thanks!

On behalf of the OpenAFS Foundation Board,
-Dave Botsch


-- 

David William Botsch
Programmer/Analyst
@CornellCNF
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] AFS Technologies Workshop Call For Talks Deadline May 5

2021-04-30 Thread Dave Botsch 
Hi, AFS community!

A reminder that the deadline to submit proposed talks for this year's
*Virtual* AFS Technologies Workshop to be held June 14-16 is May 5.

If you submitted a proposed talk last year, we hope that you will
re-submit this year. And all accepted speakers will have their
registration fees waived/refunded.

Please send your proposals for consideration to
openafs.works...@gmail.com with the subject 2021 cfp.

Details are on the website at https://workshop.openafs.org/afsbpw21/cfp/

Thank you!


-- 

David William Botsch
Programmer/Analyst
@CornellCNF
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Reminder to submit talks for 2021 Virtual AFS Technologies Workshop

2021-04-01 Thread Dave Botsch 
Friendly reminder... submit your talk ideas! Especially if you submitted
a talk idea last year, we'd love to hear from you with an updated talk
proposal this year!

And presenters have the registration fee waived!

More info and howto submit:

https://workshop.openafs.org/afsbpw21/cfp/

Thanks!

-- 

David William Botsch
On behalf of the OpenAFS Foundation
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Call for Talks and Activities: 2021 AFS Technologies Workshop

2021-02-10 Thread Dave Botsch 
Call for Talks and Activities - May 1 Deadline

The 2021 AFS Technologies Workshop is a community based effort to
promote the stability and growth of the AFS distributed file system and
related technologies.

The workshop will be three half day workshops from 10 AM Eastern time
June 14-16, 2021, held virtually.

We believe that all members of the AFS community have something valuable
to share with others. We invite you to submit a session proposal to
share your experience with colleagues in the AFS community. Sessions
types at the workshop include presentations, panels, tutorials, and
roundtable discussions.

Everyone is encouraged to speak or host an activity.

Why Present
• Friendly Audiences
• Rewarding Experience
• Share Your Knowledge
• Contribute to the Community

Topics of Interest

Have a neat new tool you wrote that saves you time and effort? Tell us
about it. Have an idea you want to try out on a bunch of people? Tell us
about it. Have you done some performance tuning, benchmarking, or
automated testing? We would love to hear more!

• Site Reports
• Best Practices
• Case studies and use cases for AFS
• “Birds of a Feather” (BOF) sessions
• Code Hackathon
• AFS projects
• Training & tutorials
• Or anything else you would like to discuss or showcase.

Proposals should contain:

• Your name and affiliation
• Session title
• A brief summary of the topic
• Time requirements

Multiple proposals are welcome from the same individual or organization.
Speakers should also register for the Workshop.

Please send your proposals for consideration to
openafs.works...@gmail.com with the subject 2021 cfp.



-- 

David William Botsch
Programmer/Analyst
@CornellCNF
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] 2021 Virtual AFS Technologies Workshop

2021-02-10 Thread Dave Botsch 


On behalf of the OpenAFS Foundation Board...

The Foundation is announcing the 2021 AFS Technologies Workshop. 

This will be a *virtual* workshop focusing on all things AFS and related
technologies. Operators, developers, and enthusiasts should attend!

The workshop will be held June 14-16, 2021 as three half days of talks
and more. To best serve those around the world, the workshop will start
at 10AM Eastern time each day.

Please see the AFS Technologies Workshop website at workshop.openafs.org
for more information and for registration information when available.

Thank you!

-- 

David William Botsch
Programmer/Analyst
@CornellCNF
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Happy 20th Birthday to OpenAFS!

2020-10-30 Thread Dave Botsch 


Help us celebrate! Twenty years ago, on October 31, 2000, the OpenAFS project 
was created by a small group of individuals at Carnegie Mellon University, with 
its corpus owing to the generosity of IBM.  In their release, IBM cast forth a 
largely complete version of its AFS 3.6 source tree under the IBM public 
license.

In the two decades until now, many a developer contributed to the project’s 
success and relevance.  We would like to thank any and all contributors, and we 
hope that OpenAFS will flourish for many years to come!

Here a copy of the original IBM announcement:
“To:AFS Community
From:  Laura Stentz
Subject:   OpenAFS Source Code
Date:  October 31, 2000

I am very pleased to inform you that the OpenAFS source code is now
available on the IBM DeveloperWorks Web site in the Open Source Zone!
(Please see:  http://oss.software.ibm.com/developerworks/opensource/afs for
instructions on downloading the code.)   We realize that many of you have been 
anxiously awaiting the release of the code, and we look forward to your 
contributions to OpenAFS!Thanks to all of my IBM colleagues for their hard 
work making OpenAFS a reality!

Happy Halloween!
Laura”

Happy Halloween, indeed!
With best wishes,
Margarete Ziemer on the behalf of the Board of Directors of The OpenAFS 
Foundation, Inc.

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Save the Date: 2021 AFS Technologies Workshop June 14-16

2020-07-22 Thread Dave Botsch 
Save the Date!

The 2021 AFS Technologies Workshop is scheduled for June 14-16, 2021 at
the Ohio State University campus in Columbus, Ohio.

While disappointed that COVID-19 prevented a 2020 workshop, we are
looking forward to a workshop in 2021.

Stay tuned to this list and to the workshop website,
http://workshop.openafs.org for more information.

Thanks!

-- 

David William Botsch
On behalf of the Board of the
OpenAFS Foundation, Inc.
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] 2020 AFS Technologies Workshop Cancelled

2020-03-31 Thread Dave Botsch 
Because of issues arising from the COVID-19 pandemic, the OpenAFS 
Foundation, Inc Board has decided to cancel the 2020 AFS Technologies Workshop.


We hope to be back in 2021 for a workshop. Stay safe, everyone!

-Dave Botsch, on behalf of the OpenAFS Foundation, Inc. Board


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Accepted Talks for 2020 AFS Technologies Workshop

2020-03-03 Thread Dave Botsch 
Hi, all.

The list of accepted talks for the 2020 AFS Technologies Workshop is on
on the workshop website:

http://workshop.openafs.org/afsbpw20/talks/

(you may need to refresh your web browser for the most current list).

Thanks to Mike Meffie and Jeff Hutzelman for getting the website up.

And thanks to everyone who submitted a talk. We wish we could have
accepted all the wonderful talk topics! In the end, it was tough to
choose, and we did our best to balance topic and presenting institution.

Even if your talk was not accepted, please keep your talk in reserve in
case a current presenter has to pull out. And there will be additional
open discussion time during lunch, coffee breaks, and at the zoo!

Thanks!

-- 

David William Botsch
On behalf of the 
OpenAFS Foundation, Inc. Board
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Last Call: Call for Talks for AFS Tech Workshop 2020

2020-02-17 Thread Dave Botsch 
Last call... end of day, today, please.

Also note the website is up and registration is open at
workshop.openafs.org .

Talks will be announced the following week by February 22.

Please send your proposals for consideration to
openafs.works...@gmail.com with the subject 2020 cfp.

The 2020 AFS Technologies Workshop is a community based effort to
promote the stability and growth of the AFS distributed file system and
related technologies. The workshop takes place Monday, June 15 -
Wednesday, June 17 in Columbus, OH at Ohio State University.

We believe that all members of the AFS community have something valuable
to share with others. We invite you to submit a session proposal to
share your experience with colleagues in the AFS community. Sessions
types at the workshop include presentations, panels, tutorials, and
roundtable discussions.

Everyone is encouraged to speak.

Why Present

• Friendly Audiences
• Rewarding Experience
• Share Your Knowledge
• Contribute to the Community

Topics of Interest

Have a neat new tool you wrote that saves you time and effort? Tell us
about it. Have an idea you want to try out on a bunch of people? Tell us
about it. Have you done some performance tuning, benchmarking, or
automated testing? We would love to hear more!

• Site Reports
• Best Practices
• Case studies and use cases for AFS
• “Birds of a Feather” (BOF) sessions
• AFS projects
• Training & tutorials
• Or anything else you would like to discuss or showcase.

Proposals should contain:

• Your name and affiliation
• Session title
• A brief summary of the topic
• Time requirements

Multiple proposals are welcome from the same individual or organization.
Speakers should also register for the Workshop.

Please send your proposals for consideration to
openafs.works...@gmail.com with the subject 2020 cfp.


-- 

David William Botsch
On behalf of the Board
OpenAFS Foundation, Inc.
bot...@cnf.cornell.edu


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Call For Talks - Feb 15 Deadline *Note Change* - OpenAFS Technologies Workshop 2020

2020-01-15 Thread Dave Botsch 
So that we can announce talks with time for attendees to make travel
plans, we have moved the Call for Talks deadline to *February 15* .
Talks will be announced the following week by February 22.

Please send your proposals for consideration to
openafs.works...@gmail.com with the subject 2020 cfp.

The 2020 AFS Technologies Workshop is a community based effort to
promote the stability and growth of the AFS distributed file system and
related technologies. The workshop takes place Monday, June 15 -
Wednesday, June 17 in Columbus, OH at Ohio State University.

We believe that all members of the AFS community have something valuable
to share with others. We invite you to submit a session proposal to
share your experience with colleagues in the AFS community. Sessions
types at the workshop include presentations, panels, tutorials, and
roundtable discussions.

Everyone is encouraged to speak.

Why Present

• Friendly Audiences
• Rewarding Experience
• Share Your Knowledge
• Contribute to the Community

Topics of Interest

Have a neat new tool you wrote that saves you time and effort? Tell us
about it. Have an idea you want to try out on a bunch of people? Tell us
about it. Have you done some performance tuning, benchmarking, or
automated testing? We would love to hear more!

• Site Reports
• Best Practices
• Case studies and use cases for AFS
• “Birds of a Feather” (BOF) sessions
• AFS projects
• Training & tutorials
• Or anything else you would like to discuss or showcase.

Proposals should contain:

• Your name and affiliation
• Session title
• A brief summary of the topic
• Time requirements

Multiple proposals are welcome from the same individual or organization.
Speakers should also register for the Workshop.

Please send your proposals for consideration to
openafs.works...@gmail.com with the subject 2020 cfp.


-- 

David William Botsch
On behalf of the Board
OpenAFS Foundation, Inc.
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Call for Talks - 2020 AFS Technologies Workshop

2019-11-14 Thread Dave Botsch 

March 15.

Thanks

On November 13, 2019 17:29:40 Walter Tienken  wrote:

This is exciting! When does CFP end?



Walter Tienken
walter.tien...@asu.edu
Cloud and Advanced Network Engineering Services


From: openafs-info-ad...@openafs.org  on 
behalf of Dave Botsch 

Sent: Wednesday, November 13, 2019 12:03 PM
To: foundation-disc...@openafs.org ; 
openafs-info@openafs.org ; 
openafs-de...@openafs.org ; 
openafs-annou...@openafs.org ; 
linux-...@lists.infradead.org 

Subject: [OpenAFS] Call for Talks - 2020 AFS Technologies Workshop

The 2020 AFS Technologies Workshop is a community based effort to
promote the stability and growth of the AFS distributed file system and
related technologies. The workshop takes place Monday, June 15 -
Wednesday, June 17 in Columbus, OH at Ohio State University.

We believe that all members of the AFS community have something valuable
to share with others. We invite you to submit a session proposal to
share your experience with colleagues in the AFS community. Sessions
types at the workshop include presentations, panels, tutorials, and
roundtable discussions.

Everyone is encouraged to speak.

Why Present

• Friendly Audiences
• Rewarding Experience
• Share Your Knowledge
• Contribute to the Community

Topics of Interest

Have a neat new tool you wrote that saves you time and effort? Tell us
about it. Have an idea you want to try out on a bunch of people? Tell us
about it. Have you done some performance tuning, benchmarking, or
automated testing? We would love to hear more!

• Site Reports
• Best Practices
• Case studies and use cases for AFS
• “Birds of a Feather” (BOF) sessions
• AFS projects
• Training & tutorials
• Or anything else you would like to discuss or showcase.

Proposals should contain:

• Your name and affiliation
• Session title
• A brief summary of the topic
• Time requirements

Multiple proposals are welcome from the same individual or organization.
Speakers should also register for the Workshop.

Please send your proposals for consideration to
openafs.works...@gmail.com with the subject 2020 cfp.



--

David William Botsch
On behalf of the Board,
OpenAFS Foundation, Inc.


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.openafs.org_mailman_listinfo_openafs-2Dinfo=DwIFaQ=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ=C8GhT3lhd7LISidGZOPiMVILpSgYNfRON2Vm_oSDIes=qD_jYv9ozcb7Q7q-UKJxJexoHgM8HhXlMrKwzxLjtRY=YMe-iFW5T2TJc-ZD9RaQkyOjSvycD7-ywXzN3UGzzn0=

[OpenAFS] Call for Talks - 2020 AFS Technologies Workshop

2019-11-13 Thread Dave Botsch 
The 2020 AFS Technologies Workshop is a community based effort to
promote the stability and growth of the AFS distributed file system and
related technologies. The workshop takes place Monday, June 15 -
Wednesday, June 17 in Columbus, OH at Ohio State University.

We believe that all members of the AFS community have something valuable
to share with others. We invite you to submit a session proposal to
share your experience with colleagues in the AFS community. Sessions
types at the workshop include presentations, panels, tutorials, and
roundtable discussions.

Everyone is encouraged to speak.

Why Present

• Friendly Audiences
• Rewarding Experience
• Share Your Knowledge
• Contribute to the Community

Topics of Interest

Have a neat new tool you wrote that saves you time and effort? Tell us
about it. Have an idea you want to try out on a bunch of people? Tell us
about it. Have you done some performance tuning, benchmarking, or
automated testing? We would love to hear more!

• Site Reports
• Best Practices
• Case studies and use cases for AFS
• “Birds of a Feather” (BOF) sessions
• AFS projects
• Training & tutorials
• Or anything else you would like to discuss or showcase.

Proposals should contain:

• Your name and affiliation
• Session title
• A brief summary of the topic
• Time requirements

Multiple proposals are welcome from the same individual or organization.
Speakers should also register for the Workshop.

Please send your proposals for consideration to
openafs.works...@gmail.com with the subject 2020 cfp.



-- 

David William Botsch
On behalf of the Board,
OpenAFS Foundation, Inc.


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Save the Date for 2020 AFS Workshop

2019-07-26 Thread Dave Botsch 
The 2019 workshop held in Pittsburgh was a huge success. Thanks to the
speakers who gave fun informative talks. And thanks to everyone who
attended.

And we're already planning for next year -- June 15-17, 2020 in Columbus
OH at Ohio State University.

Thanks!

-- 

David William Botsch
OpenAFS Foundation Board
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] AFS Workshop Schedule Available

2019-05-31 Thread Dave Botsch 
Lots of exciting talks, including...

• Native Mountpoints on Linux
• How to Saturate a 10GbE Link with an OpenAFS Rx Fileserver
• Overcoming Ubik Limitations
• Deploying OpenAFS Cells using Ansible
• Cross-cell Volume Sync with CellCC
• A Robot Framework Test Suite for OpenAFS
• Static analysis of OpenAFS code base

and more!!

Register today... www.openafs-workshop.org



-- 

David William Botsch
OpenAFS Foundation, Inc
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Registration live for AFS 2019 Workshop

2019-05-01 Thread Dave Botsch 
Registration is live. Please visit:

https://openafs-workshop.org/2019/registration/

Early bird pricing ends May 15 for single day and May 28 for the full
workshop. Seating is limited overall this year, so register now!

If your org is planning on sponsoring the conference, some sponsorship
levels will receive complementary registrations.

Thanks.

-- 

David William Botsch
OpenAFS Foundation Board
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] OpenAFS / AFS Workshop Call for Presentations

2019-04-24 Thread Dave Botsch 
The OpenAFS Workshop is a community based effort to promote the
stability and growth of the AFS distributed file system and related
technologies. The workshop takes place Wednesday, June 19 - Friday, June
21 in Pittsburgh, PA at the Hyatt House Pittsburgh South Side.

We believe that all members of the AFS community have something valuable
to share with others. We invite you to submit a session proposal to
share your experience with colleagues in the AFS community. Sessions
types at the workshop include presentations, panels, tutorials, and
roundtable discussions.

Everyone is encouraged to speak.

Why Present

• Friendly Audiences
• Rewarding Experience
• Share Your Knowledge
• Contribute to the Community

Topics of Interest

Have a neat new tool you wrote that saves you time and effort? Tell us
about it. Have an idea you want to try out on a bunch of people? Tell us
about it. Have you done some performance tuning, benchmarking, or
automated testing? We would love to hear more!

• Site Reports
• Best Practices
• Case studies and use cases for AFS
• “Birds of a Feather” (BOF) sessions
• AFS projects
• Training & tutorials
• Or anything else you would like to discuss or showcase.

Submission Guidelines
Deadline for submission: May 31, 2019

Proposals should contain:

• Your name and affiliation
• Session title
• A brief summary of the topic
• Time requirements

Multiple proposals are welcome from the same individual or organization.
Speakers should also register for the Workshop.

Please send your proposals for consideration to
openafs.works...@gmail.com with the subject 2019 cfp.


-- 

David William Botsch
OpenAFS Foundation Board
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] July? Re: Proposal for AFS Conference - June 2019

2019-04-01 Thread Dave Botsch 
Are folk better able to attend a July 10-12 conference?

Thanks.

On Tue, Mar 26, 2019 at 09:55:11AM -0400, Dave Botsch wrote:
> The OpenAFS Foundation is proposing hosting a conference at the Hyatt
> House Pittsburgh South Side in Pittsburgh, PA on June 18 - June 21,
> 2019.  The conference would target AFS admins, developers, and users at
> all levels with the overall goal of promoting AFS knowledge and
> learning, participation, sharing experiences, updates on projects in
> AFS-land, and getting to know each other.
> 
> The Foundation Board welcomes any immediate feedback, thoughts, and
> suggestions.  As the Foundation Board works out more details and readies
> a call for talks/presentations/etc, we will communicate those to the
> community.
> 
> Thank you.
> 
> 
> -- 
> 
> David William Botsch
> OpenAFS Foundation, Inc
> 

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Proposal for AFS Conference - June 2019

2019-03-26 Thread Dave Botsch 
The OpenAFS Foundation is proposing hosting a conference at the Hyatt
House Pittsburgh South Side in Pittsburgh, PA on June 18 - June 21,
2019.  The conference would target AFS admins, developers, and users at
all levels with the overall goal of promoting AFS knowledge and
learning, participation, sharing experiences, updates on projects in
AFS-land, and getting to know each other.

The Foundation Board welcomes any immediate feedback, thoughts, and
suggestions.  As the Foundation Board works out more details and readies
a call for talks/presentations/etc, we will communicate those to the
community.

Thank you.


-- 

David William Botsch
OpenAFS Foundation, Inc

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Administrators with a slash

2019-03-06 Thread Dave Botsch 
I should add we did successfully use Win7 Pro with the same setup. With
10, we made sure to get all to Enterprise instead of Pro.

On Wed, Mar 06, 2019 at 05:36:30PM +0100, Dirk Heinrichs wrote:
> Am 06.03.19 um 16:59 schrieb Dave Botsch:
> 
> > I'm curious what problems you have run into. We are bouncing Win10
> > against MIT Kerberos just fine, so clearly something is different in
> > our attempted setups.
> 
> Can't really remember, too long ago. Is this Home or Pro?
> 
> Bye...
> 
>     Dirk
> 
> -- 
> Dirk Heinrichs 
> GPG Public Key: D01B367761B0F7CE6E6D81AAD5A2E54246986015
> Sichere Internetkommunikation: http://www.retroshare.org
> Privacy Handbuch: https://www.privacy-handbuch.de
> 
> 




-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Administrators with a slash

2019-03-06 Thread Dave Botsch 
Neither. Enterprise.

On Wed, Mar 06, 2019 at 05:36:30PM +0100, Dirk Heinrichs wrote:
> Am 06.03.19 um 16:59 schrieb Dave Botsch:
> 
> > I'm curious what problems you have run into. We are bouncing Win10
> > against MIT Kerberos just fine, so clearly something is different in
> > our attempted setups.
> 
> Can't really remember, too long ago. Is this Home or Pro?
> 
> Bye...
> 
>     Dirk
> 
> -- 
> Dirk Heinrichs 
> GPG Public Key: D01B367761B0F7CE6E6D81AAD5A2E54246986015
> Sichere Internetkommunikation: http://www.retroshare.org
> Privacy Handbuch: https://www.privacy-handbuch.de
> 
> 




-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Administrators with a slash

2019-03-06 Thread Dave Botsch 
Hi.

I'm curious what problems you have run into. We are bouncing Win10
against MIT Kerberos just fine, so clearly something is different in our
attempted setups.

Thanks.

On Wed, Mar 06, 2019 at 04:51:09PM +0100, Dirk Heinrichs wrote:
> Am 06.03.19 um 14:28 schrieb Ciprian Dorin Craciun:
> 
> > Indeed this was my experience also, the Kerberos deployment was quite
> > trivial (once I've done it);
> 
> Please note that if you're ever going to add Windows (Professional)
> systems to your setup you should use a (Samba-) AD server for Kerberos.
> Windows has quite some problems talking to standard Kerberos/LDAP
> servers while Linux is fine talking to AD (using either winbindd or sssd).
> 
> Bye...
> 
>     Dirk
> 
> -- 
> Dirk Heinrichs 
> GPG Public Key: D01B367761B0F7CE6E6D81AAD5A2E54246986015
> Sichere Internetkommunikation: http://www.retroshare.org
> Privacy Handbuch: https://www.privacy-handbuch.de
> 
> 




-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Red Hat EL Support Customers - Please open a support case for kafs in RHEL8

2019-02-13 Thread Dave Botsch 
Ok. I just openafs-1.8.2-1.src.rpm, and it does not build.

Thanks.

On Wed, Feb 13, 2019 at 03:13:06PM -0500, Gary Gatling wrote:
> No. I have my own rpms that were descended from the rpmfusion repos before
> they were abandoned. Except the kernel module rpm is something someone else
> made here at NCSU that I heavily modified. I will try to upload those to a
> yum repo as soon as I fix my selinux issues.
> 
> On Wed, Feb 13, 2019 at 3:10 PM Dave Botsch  wrote:
> 
> > Did you use the downloadable srpm from openafs.org ?
> >
> > On Wed, Feb 13, 2019 at 02:58:22PM -0500, Gary Gatling wrote:
> > > I was able to get 1.8.2 to compile for RHEL 8 x86_64  but "kinit" seems
> > to
> > > be missing. :(
> > >
> > > On Wed, Feb 13, 2019 at 2:23 PM Dave Botsch 
> > wrote:
> > >
> > > > Has anyone gotten openafs to compile under RHEL8 beta? I had tried
> > > > previously and no gold. If so, one could then test and again file a bug
> > > > report with RedHat saying "systemd --user breaks stuff" and here's the
> > > > business case.
> > > >
> > > > Thanks.
> > > >
> > > > On Sun, Dec 09, 2018 at 10:34:40AM +0100, Dirk Heinrichs wrote:
> > > > > Am Samstag, den 08.12.2018, 14:08 -0500 schrieb Jeffrey Altman:
> > > > > > On 12/8/2018 5:21 AM, Dirk Heinrichs wrote:
> > > > > > > Dirk Heinrichs:
> > > > > > >
> > > > > > > > Did a quick test (on Debian, btw., which already ships kafs)
> > and
> > > > > > > > it
> > > > > > > > works fine.
> > > > > > >
> > > > > > > While getting tokens at login work with this setup, things start
> > to
> > > > > > > fail
> > > > > > > once the users $HOME is set to be in /afs. While simple scenarios
> > > > > > > like
> > > > > > > pure shell/console logins work, graphical desktop environments
> > have
> > > > > > > lots
> > > > > > > of problems. XFCE4 doesn't even start, Plasma works to some
> > degree
> > > > > > > after
> > > > > > > presenting lots of error dialogs to the user.
> > > > > >
> > > > > > As Harald indicated, "systemd --user" services are a problem not
> > just
> > > > > > for kafs but for openafs as well.
> > > > >
> > > > > But that's not the problem here. Both work fine with the OpenAFS
> > > > > client.
> > > > >
> > > > > >   There has been discussions on this
> > > > > > mailing list of the issues dating back more than a year.
> > > > >
> > > > > I know. I've been involved ;-)
> > > > >
> > > > > >   In summary,
> > > > > > "systemd --user" services are incompatible with "session keyrings"
> > > > > > which
> > > > > > are used to represent AFS Process Authentication Groups.
> > > > >
> > > > > Yes.
> > > > >
> > > > > > You have no indicated which kernel version you are using nor am I
> > > > > > aware
> > > > > > of the options used to build AF_RXRPC and KAFS on Debian.  The
> > Linux
> > > > > > kernel versions that are recommended are 4.19 with a couple of back
> > > > > > port
> > > > > > patches from the forthcoming 4.20 and the 4.20 release candidate
> > > > > > series.
> > > > >
> > > > > Ah, OK. Debian buster is still on 4.18. Will give it another try once
> > > > > 4.20 is out...
> > > > >
> > > > > > Regardless, it would be useful for you to file bug reports with the
> > > > > > Linux distribution describing the issues you are experiencing.
> > > > > >
> > > > > > Debian: https://wiki.debian.org/reportbug
> > > > >
> > > > > Yep, know this.
> > > > >
> > > > > > Fedora: https://fedoraproject.org/wiki/Bugs_and_feature_requests
> > > > > >
> > > > > > > Seems there's still some work to do until this becomes an
> > > > > > > alternative
> > > > > > > for the standard OpenAFS client.
> > > > > >
> > > >

Re: [OpenAFS] Red Hat EL Support Customers - Please open a support case for kafs in RHEL8

2019-02-13 Thread Dave Botsch 
Did you use the downloadable srpm from openafs.org ?

On Wed, Feb 13, 2019 at 02:58:22PM -0500, Gary Gatling wrote:
> I was able to get 1.8.2 to compile for RHEL 8 x86_64  but "kinit" seems to
> be missing. :(
> 
> On Wed, Feb 13, 2019 at 2:23 PM Dave Botsch  wrote:
> 
> > Has anyone gotten openafs to compile under RHEL8 beta? I had tried
> > previously and no gold. If so, one could then test and again file a bug
> > report with RedHat saying "systemd --user breaks stuff" and here's the
> > business case.
> >
> > Thanks.
> >
> > On Sun, Dec 09, 2018 at 10:34:40AM +0100, Dirk Heinrichs wrote:
> > > Am Samstag, den 08.12.2018, 14:08 -0500 schrieb Jeffrey Altman:
> > > > On 12/8/2018 5:21 AM, Dirk Heinrichs wrote:
> > > > > Dirk Heinrichs:
> > > > >
> > > > > > Did a quick test (on Debian, btw., which already ships kafs) and
> > > > > > it
> > > > > > works fine.
> > > > >
> > > > > While getting tokens at login work with this setup, things start to
> > > > > fail
> > > > > once the users $HOME is set to be in /afs. While simple scenarios
> > > > > like
> > > > > pure shell/console logins work, graphical desktop environments have
> > > > > lots
> > > > > of problems. XFCE4 doesn't even start, Plasma works to some degree
> > > > > after
> > > > > presenting lots of error dialogs to the user.
> > > >
> > > > As Harald indicated, "systemd --user" services are a problem not just
> > > > for kafs but for openafs as well.
> > >
> > > But that's not the problem here. Both work fine with the OpenAFS
> > > client.
> > >
> > > >   There has been discussions on this
> > > > mailing list of the issues dating back more than a year.
> > >
> > > I know. I've been involved ;-)
> > >
> > > >   In summary,
> > > > "systemd --user" services are incompatible with "session keyrings"
> > > > which
> > > > are used to represent AFS Process Authentication Groups.
> > >
> > > Yes.
> > >
> > > > You have no indicated which kernel version you are using nor am I
> > > > aware
> > > > of the options used to build AF_RXRPC and KAFS on Debian.  The Linux
> > > > kernel versions that are recommended are 4.19 with a couple of back
> > > > port
> > > > patches from the forthcoming 4.20 and the 4.20 release candidate
> > > > series.
> > >
> > > Ah, OK. Debian buster is still on 4.18. Will give it another try once
> > > 4.20 is out...
> > >
> > > > Regardless, it would be useful for you to file bug reports with the
> > > > Linux distribution describing the issues you are experiencing.
> > > >
> > > > Debian: https://wiki.debian.org/reportbug
> > >
> > > Yep, know this.
> > >
> > > > Fedora: https://fedoraproject.org/wiki/Bugs_and_feature_requests
> > > >
> > > > > Seems there's still some work to do until this becomes an
> > > > > alternative
> > > > > for the standard OpenAFS client.
> > > >
> > > > All software including OpenAFS has work to do.
> > >
> > > Sure. But the OpenAFS client is mature and just works (except for the
> > > systemd --user thing, which isn't OpenAFS' fault).
> > >
> > > >   The kafs to-do list of known work items is here:
> > > >
> > > >  https://www.infradead.org/~dhowells/kafs/todo.html
> > > >
> > > > > So I wonder why RH customers would want that?
> > > >
> > > > Obviously, no one wants bugs, but at the same time this community
> > > > does want:
> > > >
> > > >  1. A solution to "systemd --user" service compatibility with AFS.
> > >
> > > ACK.
> > >
> > > > The required changes are going to require Linux distribution
> > > > intervention because systemd is integrated with differences
> > > > to each distribution.  At the moment there is no interest among
> > > > the systemd developers to work to fix a behavior they consider
> > > > to be a bug in OpenAFS, an out of tree file system.
> > >
> > > So they need to understand it's a problem with an in-tree fs as well? I
> > > see...

Re: [OpenAFS] Red Hat EL Support Customers - Please open a support case for kafs in RHEL8

2019-02-13 Thread Dave Botsch 
Has anyone gotten openafs to compile under RHEL8 beta? I had tried
previously and no gold. If so, one could then test and again file a bug
report with RedHat saying "systemd --user breaks stuff" and here's the
business case.

Thanks.

On Sun, Dec 09, 2018 at 10:34:40AM +0100, Dirk Heinrichs wrote:
> Am Samstag, den 08.12.2018, 14:08 -0500 schrieb Jeffrey Altman:
> > On 12/8/2018 5:21 AM, Dirk Heinrichs wrote:
> > > Dirk Heinrichs:
> > > 
> > > > Did a quick test (on Debian, btw., which already ships kafs) and
> > > > it
> > > > works fine.
> > > 
> > > While getting tokens at login work with this setup, things start to
> > > fail
> > > once the users $HOME is set to be in /afs. While simple scenarios
> > > like
> > > pure shell/console logins work, graphical desktop environments have
> > > lots
> > > of problems. XFCE4 doesn't even start, Plasma works to some degree
> > > after
> > > presenting lots of error dialogs to the user.
> > 
> > As Harald indicated, "systemd --user" services are a problem not just
> > for kafs but for openafs as well.
> 
> But that's not the problem here. Both work fine with the OpenAFS
> client.
> 
> >   There has been discussions on this
> > mailing list of the issues dating back more than a year.
> 
> I know. I've been involved ;-)
> 
> >   In summary,
> > "systemd --user" services are incompatible with "session keyrings"
> > which
> > are used to represent AFS Process Authentication Groups.
> 
> Yes.
> 
> > You have no indicated which kernel version you are using nor am I
> > aware
> > of the options used to build AF_RXRPC and KAFS on Debian.  The Linux
> > kernel versions that are recommended are 4.19 with a couple of back
> > port
> > patches from the forthcoming 4.20 and the 4.20 release candidate
> > series.
> 
> Ah, OK. Debian buster is still on 4.18. Will give it another try once
> 4.20 is out...
> 
> > Regardless, it would be useful for you to file bug reports with the
> > Linux distribution describing the issues you are experiencing.
> > 
> > Debian: https://wiki.debian.org/reportbug
> 
> Yep, know this.
> 
> > Fedora: https://fedoraproject.org/wiki/Bugs_and_feature_requests
> > 
> > > Seems there's still some work to do until this becomes an
> > > alternative
> > > for the standard OpenAFS client.
> > 
> > All software including OpenAFS has work to do.
> 
> Sure. But the OpenAFS client is mature and just works (except for the
> systemd --user thing, which isn't OpenAFS' fault).
> 
> >   The kafs to-do list of known work items is here:
> > 
> >  https://www.infradead.org/~dhowells/kafs/todo.html
> > 
> > > So I wonder why RH customers would want that?
> > 
> > Obviously, no one wants bugs, but at the same time this community
> > does want:
> > 
> >  1. A solution to "systemd --user" service compatibility with AFS.
> 
> ACK.
> 
> > The required changes are going to require Linux distribution
> > intervention because systemd is integrated with differences
> > to each distribution.  At the moment there is no interest among
> > the systemd developers to work to fix a behavior they consider
> > to be a bug in OpenAFS, an out of tree file system.
> 
> So they need to understand it's a problem with an in-tree fs as well? I
> see...
> 
> >  2. The RHEL AFS user community needs an end to the repeated breakage
> > of /afs access following each RHEL dot release.  How many times
> > has getcwd() broken because RHEL kernels updates preserve the API
> > between releases but do not preserve the ABI.  While this permits
> > third party kernel modules to load it does not ensure that they
> > will do the right thing.  If the community is lucky the symptoms
> > are visible.  If unlucky, the symptoms are hidden until someone
> > reports silent data corruption.
> 
> As a Debian user I didn't have these kind of problems in the past
> *HINT* :-) But, OTOH, mine is just a small home setup.
> 
> > The need for an in-tree Linux AFS client extends to all Linux
> > distributions not just Red Hat.  Any OpenAFS Linux developer can
> > attest
> > to the extensive effort that must be expended to maintain
> > compatibility
> > with the mainline Linux kernel.  Then multiply that effort by all of
> > the
> > Linux distributions that ship modified kernels such as RHEL, SuSE,
> > Ubuntu, Oracle, 
> 
> ACK
> 
> Bye...
> 
>   Dirk
> 
> -- 
> Dirk Heinrichs
> GPG Public Key: D01B367761B0F7CE6E6D81AAD5A2E54246986015
> Sichere Internetkommunikation: http://www.retroshare.org
> Privacy Handbuch: https://www.privacy-handbuch.de 



-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] OpenAFS Security Releases 1.8.2, 1.6.23 available

2018-10-12 Thread Dave Botsch 
Uusually I grab the .src.rpm , rebuild it, and then push the generated
binaries to our machines.

On Fri, Oct 12, 2018 at 04:46:46PM +, Sebby, Brian A. wrote:
> Previous releases have included source RPMs that made it easier for us to 
> build RPMs to deploy to our Red Hat-based servers.  I was hoping it maybe had 
> just not yet been released yet, but there still isn’t a source RPM for 
> 1.6.23.  It looks like one was built for 1.6.24.4, so I may just end up 
> deploying that since we do not use any of the backup utilities.  I know that 
> support for RPMs from OpenAFS is something that’s been discussed for a long 
> time, but I hadn’t seen any official announcement (unless I missed it) that 
> indicated that they would no longer be created.
> 
> For any other folks using Red Hat – what are you doing for deploying OpenAFS? 
>  Are there any repos out there equivalent to the Ubuntu PPA?
> 
> 
> Brian
> 
> --
> Brian Sebby  (se...@anl.gov)  |  Information Technology Infrastructure
> Phone: +1 630.252.9935|  Business Information Services
> Cell:  +1 630.921.4305|  Argonne National Laboratory
> 
> 
> From:  on behalf of Benjamin Kaduk 
> 
> Date: Tuesday, September 11, 2018 at 2:09 PM
> To: 
> Cc: , 
> Subject: [OpenAFS] OpenAFS Security Releases 1.8.2, 1.6.23 available
> 
> 
> The OpenAFS Guardians are happy to announce the availability of
> Security Releases OpenAFS 1.8.2 and 1.6.23.
> Source files can be accessed via the web at:
> 
>https://www.openafs.org/release/openafs-1.8.2.html
>https://www.openafs.org/release/openafs-1.6.23.html
> 
> or via AFS at:
> 
>UNIX: /afs/grand.central.org/software/openafs/1.8.2/
>UNC: \\afs\grand.central.org\software\openafs\1.8.2\
>UNIX: /afs/grand.central.org/software/openafs/1.6.23/
>UNC: \\afs\grand.central.org\software\openafs\1.6.23\
> 
> These releases include fixes for three security advisories,
> OPENAFS-SA-2018-001, OPENAFS-SA-2018-002, and OPENAFS-SA-2018-003.
> 
> OPENAFS-SA-2018-001 only affects deployments that run the 'butc' utility
> as part of the in-tree backup system, but is of high severity for
> those sites which are affected -- an anonymous attacker could replace
> entire volumes with attacker-controlled contents.
> 
> OPENAFS-SA-2018-002 is for information leakage over the network via
> uninitialized RPC output variables.  A number of RPCs are affected,
> some of which require the caller to be authenticated, but in some cases
> hundreds of bytes of data can be leaked per call.  Of note is that
> cache managers are also subject to (kernel) memory leakage via
> AFSCB_ RPCs.
> 
> OPENAFS-SA-2018-003 is a denial of service whereby anonymous attackers
> can cause server processes to consume large quantities of memory for
> a sustained period of time.
> 
> Please see the release notes and security advisories for additional details.
> 
> The changes to fix OPENAFS-SA-2018-001 require behavior change in both
> butc(8) and backup(8) to use authenticated connections; old and new
> versions of these utilities will not interoperate absent specific
> configuration of the new tool to use the old (insecure) behavior.
> These changes also are expected to cause backup(8)'s interactive mode
> to be limited to only butc connections requiring (or not requiring)
> authentication within a given interactive session, based on the initial
> arguments selected.
> 
> Bug reports should be filed to 
> openafs-b...@openafs.org.
> 
> Benjamin Kaduk
> for the OpenAFS Guardians
> 

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Announcing OpenAFS E Insurance Covering Code Contributions

2018-01-24 Thread Dave Botsch 
All,

On behalf of the OpenAFS Foundation Board of Directors, I am pleased to
announce that the OpenAFS initiative including any paid or volunteer
software development is now covered by Errors and Omissions insurance.
This is a big step forward and now allows contributions of code without
major fear of lawsuits.

Obtaining insurance was a major undertaking with several false starts.
We went through several different insurance companies and brokers to
find insurance understanding of the nature of Free and Open Source
Software. My thanks to the Drupal Association for pointing us at Durham
and Bates who successfully assisted us through the application, quoting,
and insurance binding process.

A few major points of the insurance ("we" below being the Foundation and
its volunteers/employees whilst contributing to the OpenAFS initiative):

• We are not covered for "OOPSes" done knowingly or on purpose.
• We are covered for bugs/security issues/data loss arising out of
OOPSes.
• We are covered for copyright infringment claims.
• We are not covered for patent or trade secrets infringement claims.

The insurance binder and the policy are posted on the OpenAFS Foundation
website:

http://www.openafsfoundation.org/docs/insurance/mtk1562013-customer-binder.pdf
http://www.openafsfoundation.org/docs/insurance/17-18-pkg-e-and-o-policy.pdf

If you have any questions, concerns, etc, please feel free to write.

-- 

David William Botsch
OpenAFS Foundation Board
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] windows server 2012 64 bit and integrated authentication with AFS token?

2017-12-20 Thread Dave Botsch 
I'm also suggesting that you follow the debug instructions here:

http://docs.openafs.org/ReleaseNotesWindows/index.html#chap_4.html

to get additional info about what's going on.


On Tue, Nov 28, 2017 at 11:43:20AM +0100, Giovanni Ponti wrote:
> Dear Dave,
> 
> thanks for your reply.
> 
> The prompted popup message has the title "Failed to get credential
> for ..." with the message "Credential could not be obtained for cell
> ...". However, after closing the popup message, I can see that I
> have obtained the ticket in the Network Identity Manager windows.
> 
> Thanks again,
> Giovanni
> 
> On 28/11/2017 05:48, Dave Botsch wrote:
> >Does the integrated login pop up a fail error msg? If so, what?
> >
> >Thanks.
> >
> >
> >On November 27, 2017 15:05:54 Giovanni Bracco
> ><giovanni.bra...@enea.it> wrote:
> >
> >>hello!
> >>we are trying to install and configure OpenAFS client on a Windows
> >>Server machine (vers. 2012 R2 build 9600 x86_64).
> >>
> >>We have installed Kerberos MIT client (vers. 3.22) and we are able to
> >>obtain kerberos tickets for a principal from both the IdentityManager
> >>GUI and the Window command line interface, using kinit.
> >>
> >>In the next step, we have installed AFS client and the Kerberos
> >>IdentityManager detects it, but their integration does not work, as the
> >>afs token can not be obtained.
> >>
> >>We have tried with both OpenAFS client (vers. 1.7.3100) and AuriStor
> >>OpenAFS client (vers. 1.7.3300).
> >>
> >>Nevertheless, if we operate in the command line, we can obtain kerberos
> >>tickets and tokens without problems (using kinit and aklog).
> >>
> >>Any suggestion to  make the integration and the GUI work properly?
> >>
> >>Giovanni
> >>
> >>-- 
> >>Giovanni Bracco
> >>DTE-ICT-HPC
> >>ENEA
> >>Via E. Fermi 45
> >>I-00044 Frascati (Roma) Italy
> >>phone +39-06-9400-5597  mobile +39-3351992144
> >>FAX   +39-06-9400-5735
> >>E-mail  giovanni.bra...@enea.it
> >>WWW http://www.afs.enea.it/bracco
> >>___
> >>OpenAFS-info mailing list
> >>OpenAFS-info@openafs.org
> >>https://lists.openafs.org/mailman/listinfo/openafs-info
> >
> >
> 
> -- 
> Ing. Giovanni Ponti, PhD
> DTE-ICT-HPC
> ENEA - C.R. Portici
> P.le E. Fermi, 1 (Loc. Granatello)
> 80055 Portici (NA), Italy
> phone : (+39) 081-7723564 | int.: [89] 2564
> fax   : (+39) 081-7723344
> email : giovanni.po...@enea.it
> web   : http://www.afs.enea.it/gponti
> ___
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] windows server 2012 64 bit and integrated authentication with AFS token?

2017-12-20 Thread Dave Botsch 
When you say you've obtained tickets, does that include
afs/cell@KERBEROS.REALM ?

On Tue, Nov 28, 2017 at 11:43:20AM +0100, Giovanni Ponti wrote:
> Dear Dave,
> 
> thanks for your reply.
> 
> The prompted popup message has the title "Failed to get credential
> for ..." with the message "Credential could not be obtained for cell
> ...". However, after closing the popup message, I can see that I
> have obtained the ticket in the Network Identity Manager windows.
> 
> Thanks again,
> Giovanni
> 
> On 28/11/2017 05:48, Dave Botsch wrote:
> >Does the integrated login pop up a fail error msg? If so, what?
> >
> >Thanks.
> >
> >
> >On November 27, 2017 15:05:54 Giovanni Bracco
> ><giovanni.bra...@enea.it> wrote:
> >
> >>hello!
> >>we are trying to install and configure OpenAFS client on a Windows
> >>Server machine (vers. 2012 R2 build 9600 x86_64).
> >>
> >>We have installed Kerberos MIT client (vers. 3.22) and we are able to
> >>obtain kerberos tickets for a principal from both the IdentityManager
> >>GUI and the Window command line interface, using kinit.
> >>
> >>In the next step, we have installed AFS client and the Kerberos
> >>IdentityManager detects it, but their integration does not work, as the
> >>afs token can not be obtained.
> >>
> >>We have tried with both OpenAFS client (vers. 1.7.3100) and AuriStor
> >>OpenAFS client (vers. 1.7.3300).
> >>
> >>Nevertheless, if we operate in the command line, we can obtain kerberos
> >>tickets and tokens without problems (using kinit and aklog).
> >>
> >>Any suggestion to  make the integration and the GUI work properly?
> >>
> >>Giovanni
> >>
> >>-- 
> >>Giovanni Bracco
> >>DTE-ICT-HPC
> >>ENEA
> >>Via E. Fermi 45
> >>I-00044 Frascati (Roma) Italy
> >>phone +39-06-9400-5597  mobile +39-3351992144
> >>FAX   +39-06-9400-5735
> >>E-mail  giovanni.bra...@enea.it
> >>WWW http://www.afs.enea.it/bracco
> >>___
> >>OpenAFS-info mailing list
> >>OpenAFS-info@openafs.org
> >>https://lists.openafs.org/mailman/listinfo/openafs-info
> >
> >
> 
> -- 
> Ing. Giovanni Ponti, PhD
> DTE-ICT-HPC
> ENEA - C.R. Portici
> P.le E. Fermi, 1 (Loc. Granatello)
> 80055 Portici (NA), Italy
> phone : (+39) 081-7723564 | int.: [89] 2564
> fax   : (+39) 081-7723344
> email : giovanni.po...@enea.it
> web   : http://www.afs.enea.it/gponti
> ___
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] windows server 2012 64 bit and integrated authentication with AFS token?

2017-11-29 Thread Dave Botsch 
That's the integrated login message that pops up?

What version of KfW did you say you have installed?

Thanks.

On Wed, Nov 29, 2017 at 04:39:33PM +0100, Giovanni Ponti wrote:
> Dear Dave,
> 
> the message I've reported is the full one. I simply avoid to report
> my nickname and the cell name. However, you can find the screenshot
> in attached.
> 
> Regards,
> Giovanni
> 
> On 28/11/2017 20:28, Dave Botsch wrote:
> >Hi.
> >
> >What's the full message that is displayed (screenshot) ?
> >
> >That sometimes gives an error code or message that tells you what went
> >wrong after the end result error.
> >
> >For the Windows client, you can also turn on additional debugging for
> >the OpenAFS service to log what it does as it goes through trying to get
> >credentials at login.
> >
> >Thanks.
> >
> >On Tue, Nov 28, 2017 at 11:43:20AM +0100, Giovanni Ponti wrote:
> >>Dear Dave,
> >>
> >>thanks for your reply.
> >>
> >>The prompted popup message has the title "Failed to get credential
> >>for ..." with the message "Credential could not be obtained for cell
> >>...". However, after closing the popup message, I can see that I
> >>have obtained the ticket in the Network Identity Manager windows.
> >>
> >>Thanks again,
> >>Giovanni
> >>
> >>On 28/11/2017 05:48, Dave Botsch wrote:
> >>>Does the integrated login pop up a fail error msg? If so, what?
> >>>
> >>>Thanks.
> >>>
> >>>
> >>>On November 27, 2017 15:05:54 Giovanni Bracco
> >>><giovanni.bra...@enea.it> wrote:
> >>>
> >>>>hello!
> >>>>we are trying to install and configure OpenAFS client on a Windows
> >>>>Server machine (vers. 2012 R2 build 9600 x86_64).
> >>>>
> >>>>We have installed Kerberos MIT client (vers. 3.22) and we are able to
> >>>>obtain kerberos tickets for a principal from both the IdentityManager
> >>>>GUI and the Window command line interface, using kinit.
> >>>>
> >>>>In the next step, we have installed AFS client and the Kerberos
> >>>>IdentityManager detects it, but their integration does not work, as the
> >>>>afs token can not be obtained.
> >>>>
> >>>>We have tried with both OpenAFS client (vers. 1.7.3100) and AuriStor
> >>>>OpenAFS client (vers. 1.7.3300).
> >>>>
> >>>>Nevertheless, if we operate in the command line, we can obtain kerberos
> >>>>tickets and tokens without problems (using kinit and aklog).
> >>>>
> >>>>Any suggestion to  make the integration and the GUI work properly?
> >>>>
> >>>>Giovanni
> >>>>
> >>>>-- 
> >>>>Giovanni Bracco
> >>>>DTE-ICT-HPC
> >>>>ENEA
> >>>>Via E. Fermi 45
> >>>>I-00044 Frascati (Roma) Italy
> >>>>phone +39-06-9400-5597  mobile +39-3351992144
> >>>>FAX   +39-06-9400-5735
> >>>>E-mail  giovanni.bra...@enea.it
> >>>>WWW http://www.afs.enea.it/bracco
> >>>>___
> >>>>OpenAFS-info mailing list
> >>>>OpenAFS-info@openafs.org
> >>>>https://lists.openafs.org/mailman/listinfo/openafs-info
> >>>
> >>>
> >>
> >>-- 
> >>Ing. Giovanni Ponti, PhD
> >>DTE-ICT-HPC
> >>ENEA - C.R. Portici
> >>P.le E. Fermi, 1 (Loc. Granatello)
> >>80055 Portici (NA), Italy
> >>phone : (+39) 081-7723564 | int.: [89] 2564
> >>fax   : (+39) 081-7723344
> >>email : giovanni.po...@enea.it
> >>web   : http://www.afs.enea.it/gponti
> >
> 
> -- 
> Ing. Giovanni Ponti, PhD
> DTE-ICT-HPC
> ENEA - C.R. Portici
> P.le E. Fermi, 1 (Loc. Granatello)
> 80055 Portici (NA), Italy
> phone : (+39) 081-7723564 | int.: [89] 2564
> fax   : (+39) 081-7723344
> email : giovanni.po...@enea.it
> web   : http://www.afs.enea.it/gponti



-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] windows server 2012 64 bit and integrated authentication with AFS token?

2017-11-28 Thread Dave Botsch 
Hi.

What's the full message that is displayed (screenshot) ?

That sometimes gives an error code or message that tells you what went
wrong after the end result error. 

For the Windows client, you can also turn on additional debugging for
the OpenAFS service to log what it does as it goes through trying to get
credentials at login.

Thanks.

On Tue, Nov 28, 2017 at 11:43:20AM +0100, Giovanni Ponti wrote:
> Dear Dave,
> 
> thanks for your reply.
> 
> The prompted popup message has the title "Failed to get credential
> for ..." with the message "Credential could not be obtained for cell
> ...". However, after closing the popup message, I can see that I
> have obtained the ticket in the Network Identity Manager windows.
> 
> Thanks again,
> Giovanni
> 
> On 28/11/2017 05:48, Dave Botsch wrote:
> >Does the integrated login pop up a fail error msg? If so, what?
> >
> >Thanks.
> >
> >
> >On November 27, 2017 15:05:54 Giovanni Bracco
> ><giovanni.bra...@enea.it> wrote:
> >
> >>hello!
> >>we are trying to install and configure OpenAFS client on a Windows
> >>Server machine (vers. 2012 R2 build 9600 x86_64).
> >>
> >>We have installed Kerberos MIT client (vers. 3.22) and we are able to
> >>obtain kerberos tickets for a principal from both the IdentityManager
> >>GUI and the Window command line interface, using kinit.
> >>
> >>In the next step, we have installed AFS client and the Kerberos
> >>IdentityManager detects it, but their integration does not work, as the
> >>afs token can not be obtained.
> >>
> >>We have tried with both OpenAFS client (vers. 1.7.3100) and AuriStor
> >>OpenAFS client (vers. 1.7.3300).
> >>
> >>Nevertheless, if we operate in the command line, we can obtain kerberos
> >>tickets and tokens without problems (using kinit and aklog).
> >>
> >>Any suggestion to  make the integration and the GUI work properly?
> >>
> >>Giovanni
> >>
> >>-- 
> >>Giovanni Bracco
> >>DTE-ICT-HPC
> >>ENEA
> >>Via E. Fermi 45
> >>I-00044 Frascati (Roma) Italy
> >>phone +39-06-9400-5597  mobile +39-3351992144
> >>FAX   +39-06-9400-5735
> >>E-mail  giovanni.bra...@enea.it
> >>WWW http://www.afs.enea.it/bracco
> >>___
> >>OpenAFS-info mailing list
> >>OpenAFS-info@openafs.org
> >>https://lists.openafs.org/mailman/listinfo/openafs-info
> >
> >
> 
> -- 
> Ing. Giovanni Ponti, PhD
> DTE-ICT-HPC
> ENEA - C.R. Portici
> P.le E. Fermi, 1 (Loc. Granatello)
> 80055 Portici (NA), Italy
> phone : (+39) 081-7723564 | int.: [89] 2564
> fax   : (+39) 081-7723344
> email : giovanni.po...@enea.it
> web   : http://www.afs.enea.it/gponti

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] windows server 2012 64 bit and integrated authentication with AFS token?

2017-11-27 Thread Dave Botsch 

Does the integrated login pop up a fail error msg? If so, what?

Thanks.


On November 27, 2017 15:05:54 Giovanni Bracco  wrote:


hello!
we are trying to install and configure OpenAFS client on a Windows
Server machine (vers. 2012 R2 build 9600 x86_64).

We have installed Kerberos MIT client (vers. 3.22) and we are able to
obtain kerberos tickets for a principal from both the IdentityManager
GUI and the Window command line interface, using kinit.

In the next step, we have installed AFS client and the Kerberos
IdentityManager detects it, but their integration does not work, as the
afs token can not be obtained.

We have tried with both OpenAFS client (vers. 1.7.3100) and AuriStor
OpenAFS client (vers. 1.7.3300).

Nevertheless, if we operate in the command line, we can obtain kerberos
tickets and tokens without problems (using kinit and aklog).

Any suggestion to  make the integration and the GUI work properly?

Giovanni

--
Giovanni Bracco
DTE-ICT-HPC
ENEA
Via E. Fermi 45
I-00044 Frascati (Roma) Italy
phone +39-06-9400-5597  mobile +39-3351992144
FAX   +39-06-9400-5735
E-mail  giovanni.bra...@enea.it
WWW http://www.afs.enea.it/bracco
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info



___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Re: [OpenAFS-devel] Phasing out as buildbot admin

2017-11-26 Thread Dave Botsch 
Jason,

On behalf of the Foundation Board and of myself, thanks for all the time
and work you've put in keeping the Buildbot system going. This effort
has been invaluable to keeping the OpenAFS effort moving forward.

Again, thank you!

On Sun, Nov 26, 2017 at 09:40:42AM -0500, Jason Edgecombe wrote:
> Hi everyone,
> 
> I want to let everyone  know that I'm phasing out as the buildbot
> admin. I haven't been doing much with it lately, and I'd rather hand
> it off to someone else that is more involved. Please direct all of
> your buildbot communication to Benjamin Kaduk  and
> Michael Meffie . I'll still be around, but
> I'll mostly be lurking. It's been a pleasure to work with everyone,
> and I wish everyone the best.
> 
> Sincerely,
> 
> Jason
> 
> ___
> OpenAFS-devel mailing list
> openafs-de...@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] OpenAFS Win 1.7.3301 not working on windows 1709 ?

2017-10-31 Thread Dave Botsch 
Without an infusion of money and/or interested developers, OpenAFS will
certainly have a rough go of it.

I'm hoping we can shortly start fundraising... if each organization
denotes at least $1K... that goes a LONG way towards paying one or more
folk to work on stuff.

Thanks.

On Tue, Oct 31, 2017 at 02:17:17PM +, Anders Hannus wrote:
> Hi
> 
> I have done an in-place upgrade on three Windows 10 1607 to Windows 10 1709 
> and afs 1.7.3301 is still working. There are some issues on 1607 that I think 
> is still there. I haven't tried much as we are now in the final stage of our 
> project to leave our afs servers and replace that with a Dell FluidFS 
> solution with SMB and nfs protocols.
> 
> My opinion is that OpenAFS is dead. The main alternatives are SMB and 
> Auristore. We decided that we no longer wanted a client for the filesystem.
> 
> /anders
> 
> -Original Message-
> From: openafs-info-ad...@openafs.org [mailto:openafs-info-ad...@openafs.org] 
> On Behalf Of Lars Schimmer
> Sent: den 20 oktober 2017 12:03
> To: openafs-info@openafs.org
> Subject: [OpenAFS] OpenAFS Win 1.7.3301 not working on windows 1709 ?
> 
> Hi!
> 
> One of our clients did a upgrade to Fall creators Update 1709 on windows 10.
> 
> Now the OpenAFS service get a error 1064 on starting, even after removing, 
> reboot and reinstall OpenAFS again.
> Although some others did report it does work on a pre-release of 1709.
> 
> Any one has some ideas?
> 
> has the time arrived that we need to ditch OpenAFS and replace it with smb?
> 
> Thank you.
> 
> MfG,
> Lars Schimmer
> --
> -
> TU Graz, Institut für ComputerGraphik & WissensVisualisierung
> Tel: +43 316 873-5405   E-Mail: l.schim...@cgv.tugraz.at
> Fax: +43 316 873-5402   PGP-Key-ID: 0x4A9B1723
> 
> 
> 

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] OpenAFS windows clients (Orpheus' Lyre)

2017-07-14 Thread Dave Botsch 
Here at CNF... for Windows 10, we are deploying 1.7.3301 along with MIT
Kerberos. 

On Fri, Jul 14, 2017 at 10:45:48AM +0100, Toby Blake wrote:
> Hi,
> 
> The Orpheus' Lyre vulnerability has thrown up a few questions with respect
> to AFS clients on windows.  Apologies if these are a little vague, but
> this seems like the right place to ask them.
> 
> We have been using the windows OpenAFS clients, as kindly provided by
> Auristor/YFS.  My understanding is that this comes bundled with Heimdal
> Kerberos.  Is this client vulnerable and requiring an update?
> 
> Prior to using this client, we used the one provided on openafs.org,
> along with (a separate) Heimdal Kerberos from secure-endpoints.  On
> earlier versions of windows, I think we used MIT Kerberos.
> 
> Which I suppose brings me to my wider question: what AFS clients are
> others using on Windows?
> 
> Cheers
> Toby Blake
> School of Informatics
> University of Edinburgh
> 
> 
> -- 
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336.
> 
> ___
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] vos dumps to S3 via S3 Storage Gateway?

2017-03-03 Thread Dave Botsch 
I have on my mind to look at tsmafs... I had thought, tho, that that was
making use of the TSM api.

On Fri, Mar 03, 2017 at 01:50:36PM -0500, Jeffrey Altman wrote:
> On 3/3/2017 12:29 PM, Harald Barth wrote:
> > 
> > adsmpipe replacement:
> > 
> > /afs/hpc2n.umu.se/lap/tsmpipe/x.x/src/
> > 
> > Used with some scripts do put vos dumps into TSM archive. This is the
> > current backup solution for at least 3 AFS cells I know about.
> > 
> > Harald.
> 
> There is also LTU's tsmafs which is available on GitHub
> 
>   https://github.com/mattiaspantzare/tsmafs
> 
> On 3/1/2017 1:52 PM, Dave Botsch wrote:
> > Sounds like the most recent TSM patches may or may not be in the
> > OpenAFS tree?
> >
> > Are you aware of any reason that this api is not enabled by default? I
> > believe it would be a huge win for OpenAFS to be able to advertise
> > native TSM support.
> 
> The primary reason is because a third party sdk is required to
> use the api and that sdk is licensed for use only to customers
> that have a valid license for the commercial product.
> 
> Beyond that there were other reasons.  The current TSM support was
> merged into the OpenAFS repository prior to the existence of the
> Gerrit review system and the buildbot continuous integration system.
> It was merged without significant review by third parties.  The code
> quality is quite poor as Anders noticed in Aug 2015.
> 
>   https://gerrit.openafs.org/#/c/11960/
> 
> Since there was no method by which the Gatekeepers could test
> the TSM functionality nor guarantee that it didn't alter the behavior
> of backups for non-TSM using organizations, the decision was made
> to merge the code as a build time option for those organizations
> that wanted it.
> 
> On 3/3/2017 11:00 AM, David Boyes wrote:
> > The IBM-supplied TSM butc support relies on a XBSA (an OpenGroup
> > standard) compatibility library that was not updated past version 6.1
> > of the TSM client on HP/UX, Solaris SPARC and AIX. Linux and Solaris
> > x86 were never supported for the XBSA-based client. A fairly
> > substantial amount of work would be needed to bring that support up
> > to the current client levels (basically recoding to support the
> > native TSM API). There was some discussion about doing that circa
> > 2009, unclear if anything happened with that.
> 
> The XBSA standard was adopted not only by Tivoli Storage Manager but
> also by Veritas NetBackup.  As David Boyes said, IBM abandoned the
> XBSA standard and now only supports their own proprietary API (loosely
> based on the XBSA model.)  OpenAFS only ever included support for TSM,
> not NetBackup.
> 
> The Backup Tape Controller (butc) when XBSA is supported permits a
> remote XBSA enabled backup system to be used in place of a tape
> device or local file system.  Full and incremental volume dumps
> are sent to butc and stored in the XBSA service and the object
> identifier of the specific backup is stored in the AFS backup database
> just as if the dump had been stored to a tape device.
> 
> XBSA and the Spectrum Protect SDK are fresh in my mind because AuriStor
> recently finished integrating Spectrum Protect support into the AuriStor
> File System. AuriStorFS now supports IBM Spectrum Protect and the older
> Tivoli Storage Manager releases. This is in addition to our support of
> Teradactyl's True Incremental Backup System and BackupAFS.
> The XBSA implementation is modular so we can add support for Veritas
> NetBackup and object stores in the near future.
> 
> Jeffrey Altman
> AuriStor, Inc.
> 

> begin:vcard
> fn:Jeffrey Altman
> n:Altman;Jeffrey
> org:AuriStor, Inc.
> adr:Suite 6B;;255 West 94Th Street;New York;New York;10025-6985;United States
> email;internet:jalt...@auristor.com
> title:Founder and CEO
> tel;work:+1-212-769-9018
> note;quoted-printable:LinkedIn: 
> https://www.linkedin.com/in/jeffreyaltman=0D=0A=
>   Skype: jeffrey.e.altman=0D=0A=
>   
> url:https://www.auristor.com/
> version:2.1
> end:vcard
> 




-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] vos dumps to S3 via S3 Storage Gateway?

2017-03-01 Thread Dave Botsch 
Sounds like the most recent TSM patches may or may not be in the OpenAFS
tree?

Are you aware of any reason that this api is not enabled by default? I
believe it would be a huge win for OpenAFS to be able to advertise
native TSM support.

Thanks.

On Wed, Mar 01, 2017 at 04:55:25PM +, Mark Vitale wrote:
> 
> > On Mar 1, 2017, at 11:32 AM, Dave Botsch <bot...@cnf.cornell.edu> wrote:
> > 
> > How would one go about building OpenAFS as such? Any documentation
> > someplace?
> > 
> 
> To enable butc to use the TSM XBSA APIs, specify:
> 
> configure —enable-tivoli-tsm  
> 
> Sorry, I have no other details or OpenAFS documentation I can point you to.
> 
> 
> —
> Mark Vitale
> Sine Nomine Associates

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] vos dumps to S3 via S3 Storage Gateway?

2017-03-01 Thread Dave Botsch 
How would one go about building OpenAFS as such? Any documentation
someplace?

Thanks.

On Mon, Feb 27, 2017 at 11:02:05PM -0500, Jeffrey Altman wrote:
> Few are aware that OpenAFS can be built to support IBM TSM as a virtual
> tape controller via the XBSA API.  AWS S3 could be added in a similar
> manner.
> 
> The primary thing that I would want to add whenever storing backups
> off-site is encryption.  AFS3 volume dumps are unencrypted.  I would
> pipe the dump stream through a block cipher before passing it into the
> AWS CLI.
> 
> 
> Jeffrey Altman
> 
> 
> 
> On 2/27/2017 2:42 PM, Shane wrote:
> > We have a legacy EC2 environment setup in which vos dumps are pulled in
> > by Zmanda backup, using a custom tar wrapper. These are stored on s3 via
> > Zmanda's virtual tape devices. We have a lifecycle setup to migrate the
> > vos dumps to Glacier after some time. 
> > 
> > Looks like a feature was added to the AWS CLI that allows for dumping
> > via a stream which looks interesting
> > though: https://github.com/aws/aws-cli/pull/903
> > 
> > On Mon, Feb 27, 2017 at 10:50 AM, Walter Tienken  > > wrote:
> > 
> > Hello all,
> > 
> > __ __
> > 
> > We currently perform nightly dumps to an on-prem NFS mount. I was
> > curious if anyone has had any experience with using an Amazon S3
> > Storage Gateway for similar purpose? With much of the focus of “to
> > the cloud” with many leadership members/organization administrators,
> > I figured it is a good question to ask here. If yes, what has been
> > your experience so far? Do you pass through the public internet or
> > perhaps use Amazon Direct Connect?
> > 
> > __ __
> > 
> > Thanks in advance for your input!
> > 
> > __ __
> > 
> > Walter Tienken
> > 
> > walter.tien...@asu.edu 
> > 
> > UTO OPS Systems and Security
> > 
> > __ __
> > 
> > 

> begin:vcard
> fn:Jeffrey Altman
> n:Altman;Jeffrey
> org:AuriStor, Inc.
> adr:Suite 6B;;255 West 94Th Street;New York;New York;10025-6985;United States
> email;internet:jalt...@auristor.com
> title:Founder and CEO
> tel;work:+1-212-769-9018
> note;quoted-printable:LinkedIn: 
> https://www.linkedin.com/in/jeffreyaltman=0D=0A=
>   Skype: jeffrey.e.altman=0D=0A=
>   
> url:https://www.auristor.com/
> version:2.1
> end:vcard
> 




-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] OpenAFS 1.6.20.1 on AIX 7.1

2017-02-10 Thread Dave Botsch 
Hi, Tedd.

As I understand it, the ask from IBM would be for the donation of one
AIX license for the purposes of an OpenAFS buildbot? 

I'm not finding anything from Russ in this thread.

Thanks.

On Wed, Feb 08, 2017 at 11:04:51PM +, Ted Creedon wrote:
> 1. I'l be willing to plead our case w/IBM, any shortcut names/emails?
> 2. What is the desired configuration (hw & sw)?
> 3. N.b I'm on a comcast dhcp line, fast & stable as long as there are no 24 
> hr shutdowns, I use dyndns to host my domain creedon.biz.
> 4. I have several boxen on an 3KVA UPS - works fine, lots of power avail.
> 5. My shop has A/C so servers  run continuously 24/7 year 'round.
> 6. After Russ's comments is it all going to  be worthwhile?
> 7. I have 3 afs servers on line (well as soon as  I can get afs re-installed)
> 8. I have geronimo.creedon.biz as a  spare build machine.
> time nice make -j500 takes 30 sec.  Its a duplicate of ookpik.creedon.biz 
> dual xeon 64Gig, etc).
> (ookpik has a xeon phi board installed if anyone wants to play).
> 9. I built/maintain all my own servers (since 1967).
> 10. Backups are the user's resp. although my servers could easily host 
> another afs domain.
> 
> 
> From: openafs-info-ad...@openafs.org <openafs-info-ad...@openafs.org> on 
> behalf of Dave Botsch <bot...@cnf.cornell.edu>
> Sent: Wednesday, February 8, 2017 10:22:54 AM
> To: openafs-info@openafs.org
> Subject: Re: [OpenAFS] OpenAFS 1.6.20.1 on AIX 7.1
> 
> Hi, Ted et al.
> 
> Please see below...
> 
> On Mon, Feb 06, 2017 at 09:25:35PM +, Ted Creedon wrote:
> > I just happen to have a spare dual xeon 64gb linux box that could be made 
> > available.
> > and smaller MAC w/ parallels on it.
> >
> > I also have a dual 64gb xeon w/ a xeon phi card in it too. cost ~$3K
> >
> > with a little effort...
> >
> > IBM generally  waives license fees for non profits.
> > tedc
> >
> 
> If you are willing to host on the HW mentioned above, as a non-profit,
> the Foundation can certainly make the ask of IBM. We would just need a
> bit more detail on the exact ask.
> 
> 
> > If what you meant was for the foundation
> > itself to pay for virtual build servers,
> > all that takes if for the foundation to
> > decide to spend real money.  I presume
> > they have considered that, but it might
> > be worth asking the question explicitly
> > if it has not been explicitly answered
> > (I really have not been following the
> > foundations activities).
> >
> 
> W.r.t. build hosts, we've been working with folk on attempting to get a
> Windows build host or two up. Now that we are into Feb 2017, I need to
> follow up on those efforts.
> 
> If there's an ask for the Foundation to spend $$ on something
> particular, be it build hosts, or even hiring someone to work on, say,
> the AIX port, please submit a formal ask to foundat...@openafs.org .
> Contigent on funds, we will really consider it. And, donating any type
> of funding towards this (for example, your org donates a $10K stipend
> towards us hiring an independant contractor to work on AIX would go a
> long way).
> 
> Thanks.
> 
> > It might not even cost a lot (as I recall,
> > there are various on-demand builder
> > spin-up capabilities in at least some
> > SCMs so it is free until the commit),
> > but it is all work someone would have
> > to research.
> --
> 
> David William Botsch
> OpenAFS Foundation Board
> bot...@cnf.cornell.edu
> 
> ___
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
> ___
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] OpenAFS 1.6.20.1 on AIX 7.1

2017-02-08 Thread Dave Botsch 
Hi, Ted et al.

Please see below...

On Mon, Feb 06, 2017 at 09:25:35PM +, Ted Creedon wrote:
> I just happen to have a spare dual xeon 64gb linux box that could be made 
> available.
> and smaller MAC w/ parallels on it.
> 
> I also have a dual 64gb xeon w/ a xeon phi card in it too. cost ~$3K
> 
> with a little effort...
> 
> IBM generally  waives license fees for non profits.
> tedc
> 

If you are willing to host on the HW mentioned above, as a non-profit,
the Foundation can certainly make the ask of IBM. We would just need a
bit more detail on the exact ask.

 
> If what you meant was for the foundation
> itself to pay for virtual build servers,
> all that takes if for the foundation to
> decide to spend real money.  I presume
> they have considered that, but it might
> be worth asking the question explicitly
> if it has not been explicitly answered
> (I really have not been following the
> foundations activities).
> 

W.r.t. build hosts, we've been working with folk on attempting to get a
Windows build host or two up. Now that we are into Feb 2017, I need to
follow up on those efforts.

If there's an ask for the Foundation to spend $$ on something
particular, be it build hosts, or even hiring someone to work on, say,
the AIX port, please submit a formal ask to foundat...@openafs.org .
Contigent on funds, we will really consider it. And, donating any type
of funding towards this (for example, your org donates a $10K stipend
towards us hiring an independant contractor to work on AIX would go a
long way).

Thanks.

> It might not even cost a lot (as I recall,
> there are various on-demand builder
> spin-up capabilities in at least some
> SCMs so it is free until the commit),
> but it is all work someone would have
> to research.
-- 

David William Botsch
OpenAFS Foundation Board
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Additonal question about the OpenAFS Security Advisory 2016-003

2016-12-07 Thread Dave Botsch 
It sounds like running the salvagedirs would result in the next incremental 
dump being equiv in size to doing a full dump?


Thanks


David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu




On December 7, 2016 8:57:54 AM Jeffrey Altman  wrote:


On 12/7/2016 8:06 AM, Harald Barth wrote:


The security advisory says:


We further recommend that administrators salvage all volumes with the
-salvagedirs option, in order to remove existing leaks.


Is moving the volume to another server enough to fix this as well or
does the leak move with the volume?


The leak will move with the volume.

A bit of background for those that are not steeped in the details of the
AFS3 protocol and client and file server access for directories.

AFS file servers store directory information in a flat file that
consists of a header, a hash table and a fixed number of directory entry
blocks.  When a client reads the contents of a directory, it fetches the
directory file in exactly the same way it fetches the contents of normal
files and symlinks.  The AFS3 callback mechanism works the same for
directory files as it does for normal files and symlinks.

An AFS dump can be thought of as an AFS specific "tar" variant which
stores AFS Volume metadata and data elements. When a volume dump is
constructed for a volume move, a volume release, a volume backup, etc.
the contents of the directory files are copied into the dump stream
exactly as they are stored on disk by the file server.  When a volserver
receives a dump and writes it to disk as part of a AFSVol_VolForward or
AFSVol_Restore operation, each directory file is written to disk as it
exists within the dump.

Backup systems that store full and incremental dump files do so without
modifying the contents during the backup or restore operations.  As a
result restoring from a backup will restore any leaked information.

Backup systems that parse AFS dumps and reconstruct AFS dumps during the
restore process might or might not store and restore the leaked
information.  Contact the provider of your backup system.

It is worth emphasizing that IBM AFS and OpenAFS volserver operations
including all backup and restore operations occur in the clear.
Therefore, all leaked information will be visible to passive viewers on
the network segments across which volume backups and moves occur.

What the salvager's "-salvagedirs" option does is force the salvager to
rewrite every directory object.  This has two benefits when performed by
a 1.6.20 or later salvager.

1. It will build a directory file that contains no leaked information
   stored in the original directory file.

2. It will compact the directory to reduce fragmentation that could
   have resulted in directory full errors when attempting to store a
   filename that required more directory blocks than are available
   contiguously.

I hope this information is helpful.

Jeffrey Altman




___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Client install on Windows Server 2012R2

2016-06-27 Thread Dave Botsch 
 > 
> > We tried an install of OpenAFS for Windows 1.7.31 from the openafs.org
> > website, but got a missing DLL error (sorry, he closed the shared screen
> > too fast for me to jot it down) when trying to run the server manager to
> > do a config of the cell.
> 

I believe we successfully used 1.7.31 on 2012R2... though we're now
running 1.7.33(01?).

> 
> FYI, as of July 29th all new installations of Windows will require
> Secure Boot.  At that time Microsoft signed device drivers will become
> mandatory.  AuriStor, Inc. hopes to have its Windows client approved for
> Microsoft's signatures by that date.
> 

Can you provide reference to the above? I've heard inklings of te signed
device drivers but nada about requirements of Secure Boot.


-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Re: [OpenAFS-devel] How old of Linux do you use with OpenAFS?

2016-05-10 Thread Dave Botsch 
Hi.

We're still standardized on RHEL6 (up to date) with OpenAFS Linux. 

Thanks.

On Fri, May 06, 2016 at 01:14:20PM -0400, Benjamin Kaduk wrote:
> Hi all,
> 
> OpenAFS has generally tried to provide a software that is compatible with
> a wide range of new and historical operating systems; it is only recently
> (March 2015) that we removed support for Linux 2.4.
> 
> The current linux support is all bundled in as "Linux 2.6", since there
> has not been a major version boundary with drastic changes since then,
> rather, a continual evolution with some changes affecting us in most
> releases.  Major versions 3 and 4 were added just because "the numbers
> were getting too big", but are still a normal evolution of the code with
> ancestry from 2.6.
> 
> Because there are not major version conditionals in place (and because
> many distributions backport some patches for their kernels but not
> others), we instead rely on feature tests at configure time.  Over time,
> we accumulate a lot of these tests and the corresponding code
> conditionals, which makes the code harder to read and maintain.
> 
> I would like to get a sense for what versions of Linux are in use with
> OpenAFS today, to give some guidance as to whether it may be appropriate
> to increase the minimum supported version of Linux from 2.6.0.
> 
> Thanks,
> 
> Ben
> ___
> OpenAFS-devel mailing list
> openafs-de...@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Thanks from the Foundation Board

2016-04-07 Thread Dave Botsch 
The OpenAFS Foundation would like to thank

Ben Kaduk
Jeff Altman
Jeffrey Hutzelman
Simon Wilkinson
Nickolai Zeldovich
Marc Dionne
Peter Iannucci

and others who have worked on the recent Security Patches just released
in OpenAFS 1.6.17.  We thank you for addressing these issues so quickly
after understanding their vulnerabilties.

Your dedication and support of OpenAFS Security and ALL aspects of
OpenAFS is greatly appreciated by the Foundation Board and all users of
OpenAFS around the world.

Your efforts and the efforts of all of the OpenAFS contributors over the
years has been a blessing and the OpenAFS Community appreciates your
dedication to OpenAFS.

Thanks

The OpenAFS Foundation Board


-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] compile fails kernel version 4.4.0-1-default

2016-03-08 Thread Dave Botsch 
Being able to reactivate it is a good thing, for either testing purposes
or for older kernels, since it is more efficient - unless we think
there's other known brokenness such as the potential return out of the
while loop mentioned earlier.


On Tue, Mar 08, 2016 at 06:13:12PM +0100, Stephan Wiesand wrote:
> 
> On Mar 8, 2016, at 17:29 , Michael Laß wrote:
> 
> > Am Dienstag, den 08.03.2016, 16:47 +0100 schrieb mdrslmr:
> >> I created a patch from what you suggested above.
> >> 
> >> [...]
> >> 
> >> I did all of that on top of AUR-openafs-linux-4.4 which was provided by
> >> Bevan, the openafs archlinux packager.
> >> 
> >> The patch I actually used is attached below.
> > 
> > That patch is not complete (it's missing the configuration flag).
> 
> Indeed. The complete patch as proposed would look like 
> http://gerrit.openafs.org/#/c/12217/ . Chas already objected to making it 
> possible to reactivate afs_linux_storeproc with a configure switch, and he's 
> probably right, but please feel free to comment on that change.
> 
> > I
> > will update the corresponding git branch for the openafs package soon
> > to allow testing. But since LINUX_USE_SPLICE wasn't defined your patch
> > should have worked, too.
> 
> Right.
> 
> > Was the error code 32 returned from git or did the kernel log message
> > change accordingly? Does your log again show a lost file server
> > connection? And have files been corrupted or just the checkout aborted?
> 
> 
> Good questions.
> 
> Sigh. Looks like there's more to it.
> 
> -- 
> Stephan Wiesand
> DESY -DV-
> Platanenenallee 6
> 15738 Zeuthen, Germany
> 
> ___
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Release of MacOS 10 client

2016-01-26 Thread Dave Botsch 
There appear to be installers in the 1.6.15 subfolder. I don't see any
for 1.6.16, however.

While we can legally link wherever we want, realistically, we should
have permission from whomever. As far as I know, SNM are the only ones
who have asked, so far, to have 3rd party installers linked.

On Tue, Jan 26, 2016 at 01:50:30PM +0100, Stephan Wiesand wrote:
> Hi Matthias,
> 
> http://gerrit.openafs.org/12176 contains a link 
> http://download.sinenomine.net/openafs/bins/ . I can't find all the announced 
> items there though.
> 
> IIRC there was some discussion in the past on whether it's appropriate to 
> link to third party repositories from the web site. Maybe it should be 
> revived. How about linking to the Auristor installers as well?
> 
> Stephan
> 
> > On 26 Jan 2016, at 11:29, Matthias Schroeder  
> > wrote:
> > 
> > Hi Margarete,
> > 
> > that sounds really good. Is the package, code or documentation already 
> > available somewhere? I am ready to give it a spin.
> > 
> > Matthias
> > 
> >> On 22 Jan 2016, at 19:51, E. Margarete Ziemer  
> >> wrote:
> >> 
> >> I had submitted the email below to openAFS-announce two days ago, where it 
> >> “is awaiting moderator approval before being published”.  To keep moving 
> >> forward, I am repeat-posting here now.
> >> 
> >> From: Margarete Ziemer 
> >> Date: Wednesday, January 20, 2016 at 12:16 PM
> >> To: "openafs-annou...@openafs.org" 
> >> Subject: Release of MacOS 10 client
> >> 
> >>> SNA is happy to release our MacOS 10 AFS Client to OpenAFS.org. 
> >>> Specifically, the donation entails: 1) changes to packaging, 2) binaries, 
> >>> ie.SNA-signed install package files, 3) documentation of build-process 
> >>> for packages.  The versions of the packages and OpenAFS are OpenAFS 
> >>> 1.6.15, OpenAFS 1.6.16, Mac OSX 10.10 (Yosemite), and Mac OSX 10.11 (El 
> >>> Capitan).  Please note that, at present, this code is considered a 
> >>> pre-release.  Three of SNA’s customers have been beta testing it with 
> >>> positive results, and community testing and use is sought for soonest for 
> >>> bug findings and their resolutions. This release will be SNA-certified, 
> >>> because the OpenAFS Foundation is not yet capable of signing; as soon as 
> >>> the Foundation will be ready to do so, SNA will make available the 
> >>> then-current and future releases to the Foundation for the Foundation's 
> >>> signature and (re-)release to the community.  
> >> 
> >> Sincerely, Margarete Ziemer, Sine Nomine Associates, Inc.
> > 
> 
> ___
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Call for new OAFS Foundation Board Members

2015-09-25 Thread Dave Botsch 

To the members of the OpenAFS community:

With the resignation of Daria from the OpenAFS Foundation Board of
Directors, the existing directors of the OpenAFS Foundation are putting
out a call to the OpenAFS community for volunteers who wish to join the
board.

The most important qualifications we are looking for are the available
time for participation, passion and interest in moving forward. 

Volunteers should express their interest by sending a paragraph or two
about their interest and qualifications to foundat...@openafs.org.  This
call for volunteers ends Oct 15.

More about the Foundation and the Board itself can be found on the
Foundation website at www.openafsfoundation.org . Any specific questions
can be direction to the the Foundation email mentioned above.

Thanks.

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Deadline Extended to Monday re Funding to Attend 2015 BpW - Application Open

2015-07-23 Thread Dave Botsch 
We have extended the deadline to midnight July 27. Please see below for
the original announcement...


The OpenAFS Foundation is pleased to announce the availability of funding to
assist 3 to 5 people with attending this year's Best Practices Workshop. More
info on the workshop is available at http://workshop.openafs.org/afsbpw15/ .

This funding is intended for those who would otherwise not be able to fund
their travel/etc to the workshop, so please do not apply if you or your
employer is able to fund your attendance.

The OpenAFS Foundation will fund up to $1000 per person for travel (limited to
$400 max), lodging, and workshop registration. No food or alcohol or other
event fees will be covered. Receipts/proof of attendance will be required for
reimbursement.

To apply, please email foundat...@openafs.org with your name, organizational
affiliation, and one to two sentences summarizing your application for funding.
All applications must be received no later than midnight Eastern time July 22.
Funding decisions will be made on a 1st come 1st serve basis and will be
announced by Saturday, July 25.

Thanks.

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Announcement of 501c3 status for OpenAFS Foundation

2015-07-20 Thread Dave Botsch 
To the OpenAFS community,

On behalf of Roman Mitz and the OpenAFS Foundation Board, I am pleased
to announce that the OpenAFS Foundation, Inc has been granted federal
Tax Exempt 501c3 status. This would not have been possible without the
hard work of Roman, the current board members, and the former OpenAFS
Elders.  This tax exempt status positions the Foundation to move forward
with obtaining funding from individuals and organizations for various
OpenAFS-centric projects.

Look for more, soon. And be sure to follow and discuss anything
Foundation centric on the foundation-discuss mailing list.

The tax exempt certification from the IRS will be posted, soon, to the
OpenAFS Foundation website at http://www.openafsfoundation.org .



-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Funding to Attend 2015 BpW - Application Open

2015-07-14 Thread Dave Botsch 

The OpenAFS Foundation is pleased to announce the availability of funding to
assist 3 to 5 people with attending this year's Best Practices Workshop. More
info on the workshop is available at http://workshop.openafs.org/afsbpw15/ .

This funding is intended for those who would otherwise not be able to fund
their travel/etc to the workshop, so please do not apply if you or your
employer is able to fund your attendance.

The OpenAFS Foundation will fund up to $1000 per person for travel (limited to
$400 max), lodging, and workshop registration. No food or alcohol or other
event fees will be covered. Receipts/proof of attendance will be required for
reimbursement.

To apply, please email foundat...@openafs.org with your name, organizational
affiliation, and one to two sentences summarizing your application for funding.
All applications must be received no later than midnight Eastern time July 22.
Funding decisions will be made on a 1st come 1st serve basis and will be
announced by Saturday, July 25.

Thanks.

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] OpenAFS 1.6.5 on OSX

2015-04-27 Thread Dave Botsch 
On behalf of the Foundation Board, we're looking to see if there is any
further documentation. 

Stay tuned.

On Mon, Apr 27, 2015 at 05:26:07PM -0400, Jeffrey Altman wrote:
 On 4/27/2015 10:42 AM, Jack Hill wrote:
 
  Is this agreement still secret? What work needs to be done to get it
  published?
 
 The Foundation Board will have to answer this question.
 
 The Gatekeepers have been operating on a gentleman's agreement for many
 years.
 
 This agreement is not specific to OpenAFS.  Other organizations
 distributing products that implement the AFS protocol can enter into a
 contract with IBM.   Your File System, Inc. has done so to cover the
 AuriStor File System.
 
  Perhaps this is premature, but would OpenAFS consider chaining its name
  to avoid such restrictions?
 
 There is a very long thread from August/September 2012 on this mailing
 list which touched on the pros and cons of doing so.   In summary, the
 only benefit to changing the name is if doing so permits implementing
 something that cannot be done otherwise.  The limiting factor on
 implementing new functionality is not the terms of the AFS trademark
 license.  It is everything else.
 
 Jeffrey Altman
 
 



-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] OAFS Workshop Followup

2015-04-21 Thread Dave Botsch 
At the time I sent the Foundation Board's communication, a group of
those in the OpenAFS community having organized previous workshops, was
just gearing up to plan a workshop for this fall. The Foundation Board
was unaware of this effort, but was contacted as soon as we sent our
communication. In keeping with our goal of furthering the AFS community,
we will be supporting the fall workshop in whatever ways we can.
 
Initial details of that effort are at http://workshop.openafs.org

If interested in assisting, we suggest contacting the orgranizers of
this year's workshop on how you can help out. Email them at:
workshop-i...@openafs.org

Apologies for any confusion our intial message caused.

On behalf of the OpenAFS Foundation Board,

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Call for 2015 Workshop Organization Committee volunteers

2015-04-13 Thread Dave Botsch 
On behalf of the OpenAFS Foundation board...

It is time to begin planning for a 2015 OpenAFS workshop. Which means
planning the what, the where, the who, etc...

As the workshop is very much something of, by, and for the OpenAFS
community, we are soliciting a few volunteers from the OAFS Community to
assist in planning the workshop.

The WorkShop Planning Committee will meet both on its own and with the
Foundation Board Members to decide when to hold the workshop, where to
hold the workshop, what the topics/etc will be for the various days of
the workshop, and other details (hotel rooms, meals, etc).

If you are interested in being on the Workshop Planning Committee,
please email me back no later than Friday, April 24.

Thanks!

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Microsoft Changing Digital Signature Requirements

2015-04-03 Thread Dave Botsch 
Hi, Jeff.

The updates are very very much appreciated. Certainly, these changes
will make life interesting in the future.

A couple of followup questions, if you know the answers...

When MS implements the new signing changes, whenever that is, is it
expected that existing installations of the AFS client will break? Or
is it expected that those will break? Or that clients up to a certain
version, even if not yet installed, will work?

Also, do you have to wait until MS flips the switch to be able to
submit the client for the certification/review process? Or will you be
able to do that earlier and get feedback with some sort of lead time?

Finally, does the certification process itself cost $$?

I'm, of course, wondering if this change will be implemented with some
sort of update we can block. So far, the only publicity w.r.t. signing
I've heard from MS has been on web certs. So, I'm really surprised this
very major change hasn't been more publicized, yet.

Again, thanks so much for the heads up.

On Fri, Apr 03, 2015 at 01:32:50AM -0400, Jeffrey Altman wrote:
 On 3/28/2015 12:42 PM, Jeffrey Altman wrote:
  
  I will provide additional details as I obtain them.
 
 Today I was a part of a briefing on Microsoft's plans regarding digital
 signature requirements for kernel mode drivers on client and server
 platforms.  Many of the details such as release schedules are covered
 under NDA so please do not ask me to comment on when some of these
 requirements are going to go into effect.  I simply cannot offer more
 details than what I feel comfortable relaying here.
 
 Microsoft is under significant pressure to make their operating systems
 as secure and stable as possible.  To that extent they are putting in
 place policies that are going to make the lives of kernel mode
 developers very uncomfortable.
 
 Effective after the release to manufacturing of Windows 10 (client) all
 drivers will need to be signed according to new driver signing model.
 As mentioned in the prior e-mail, all drivers will need to be signed by
 Microsoft (not the developer) and the developer will require an EV
 certificate with a hardware token to sign submissions to Microsoft for
 signing.
 
 Microsoft will only sign certified drivers.  In the past an organization
 would work to certify a driver once and then was permitted to self sign
 all subsequent modified versions.  For Windows 10 and ServerNext
 certification must be performed for each release and certification must
 be obtained separately for each OS version.  To release a driver for Win
 7, Win 8, Win 8.1, Win 10 and the equivalent server platforms  there
 will be eight certifications obtained before the driver will be signed
 by Microsoft and marked as certified for each of the OS versions.
 
 Microsoft will *not* sign drivers for OS versions that Microsoft no
 longer supports.  When an OS reaches end of life that will be the end of
 life for all new drivers for that platform.
 
 The server platforms will have an additional set of testing requirements
 beyond those for client systems.  A driver approved for servers will
 also load on clients but not vice versa.  Server platforms will simply
 not load drivers that are not marked certified for that platform.  For
 client platforms there is an option to load and run drivers that are
 self signed with an EV cert and the cross signing certificate provided
 that they were signed before the release of Windows 10.  That option
 will not exist for servers.
 
 As an additional wrinkle there is no standard file system driver
 certification program.   Each file system will need to be evaluated on a
 case by case basis to determine what the certification requirements will be.
 
 This is solely my opinion but after listening to the talks this week I
 do not believe that the current AFS redirector driver architecture will
 be granted certification.  Understanding what their security goals are,
 I believe there is at least six months of effort to redesign the driver
 before a valid case could be made to approve it.  It is also likely that
 there are features that Microsoft would determine to be required of a
 certified file system driver that are not currently implemented.
 
 The only alternative option to running certified signed drivers is to
 configure the OS to run in test mode.  This is not an option that most
 users are going to want to do.  Some universities scan computers
 attached to their networks to ensure they are not in test mode.  I can't
 think of any Enterprise or Government institution that would permit it.
 
 The bottom line is that going forward developing file systems for
 Windows cannot be performed as a hobby.  The costs associated with
 developing, testing, certifying and signing drivers are increasing
 significantly.  Microsoft repeated many times that the QA Test /
 Certification process is from now on going to be continuous.  It is not
 a once per major operating system activity.  Organizations that include
 a driver

[OpenAFS] Launch of www.openafsfoundation.org

2015-03-19 Thread Dave Botsch 

OpenAFS Community,

On behalf of the OpenAFS Foundation Board of Directors, I am pleased to
announce the launch of http://www.openafsfoundation.org . 

Our initial focus for the website is to provide content the IRS can
peruse as part of its review of the non-profit application of the
OpenAFS Foundation, Inc. Having an official public facing presence is a
milestone for the Foundation effort, and I would like to thank all Board
members, past and present, for their hard work and for their time
commitment. I would also like to give shout outs to Andrew Deason,
Michael Meffe, and Scott Courtney for their advice and assistance on
setting up the website's technical infrastucture. And, of course, a
thank you to you, the OpenAFS community, without which none of this
would be possible or exist.

We invite your feedback, questions, and comments -- the website is here
to serve and to promote the OpenAFS community and its resources. The
best forum for discussion of all things related to the Foundation,
including the website, is the foundation-discuss e-list (
https://lists.openafs.org/mailman/listinfo/foundation-discuss ). This is
an open e-list to which anyone with an interest can subscribe.

Thank you!
-Dave Botsch
on behalf of the Foundation Board of Directors


-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] AFS Token not renewable after integrated login

2014-12-10 Thread Dave Botsch 
You might be experencing the same bug I'm working with Microsoft.

That is, Windows would appear to not properly set the flags in its
renewal request when authenticating against a foreign Kerberos realm, so
the ticket one gets back from the foreign kerberos realm is not
renewable.

You can verify your TGTs by at a windows command prompt typing in:

klist tgt

and then after the ticket should have been renewed, type that command
again to see what happened.

On Fri, Dec 05, 2014 at 07:31:37PM +0100, Dr. Hendrik Naumann wrote:
 Hi
 
 I am looking for a way to setup the Integrated Logon in such a way, 
 that the aquired AFS Tokens can be renewed. 
 
 We are using the latest versions of OpenAFS (1.7.31) , NIM (2.102.907) 
 and Heimdal Kerberos (1.6.2.0). We have identical user accounts stored 
 in our central Unix Kerberos Realm (TU-BERLIN) which authenticates 
 also the AFS and your windows domain WIN.TU-BERLIN.DE. Both Realms 
 have a trust relationsship.
 
 On the windows clients the heimdal default realm is configured to TU-
 BERLIN.DE and the default AFS cell to TU-BERLIN.DE. The integrated 
 logon works fine, but after login the NIM only shows the AFS Token 
 aquired during the logon process but not the TGT and Service 
 Certificate afs/tu-berlin...@tu-berlin.de which must have been used to 
 get the AFS Token für a...@tu-berlin.de. 
 
 Is there any way to get access to the Kerberos Tickets from the 
 integrated logon? Under Linux Kerberos can be configured to store its 
 Tickets in a file und thus the TGT and also the Token can be renewed 
 later.
 
 If I open the NIM and obtain a new TGT from TU-BERLIN.DE, the Token 
 renewal works fine. However this would require all users to type in 
 their password twice and in addition fiddle with the NIM at all.
 
 Do you have any idea how I can renew the AFS token without additional 
 user interaction?
 
 Thanks very much
 
 Hendrik Naumann
 
 -- 
 Dr. Hendrik Naumann
 Technische Universität Berlin
 Institut für Chemie, Sekr. C3
 Leiter EDV Chemie
 Strasse des 17. Juni 115
 10623 Berlin
 Tel.: +49 30 314 29892  Mobil: +49 172 314 0410  Fax: +49 30 314 29309
 WWW: http://www.chemie.tu-berlin.de/it
 E-Mail: naum...@tu-berlin.de



-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] backup strategy

2014-11-12 Thread Dave Botsch 
Would love to see your code.

ALso gonna look at the previous mentioned tsmpipe... our central backup
system is TSM, so, I'd love to get rid of the holding disk we currently
dump to with a modification of afsdump.pl .

On Wed, Nov 12, 2014 at 07:49:30PM +0100, Mattias Pantzare wrote:
On Wed, Nov 12, 2014 at 11:49 AM, Harald Barth [1]h...@kth.se wrote:
 
   and with NetWorker, it was (it probably still is) impossible to
  save
   from a pipe, requiring the use of temporary disk for the purpose.
  TSM as shipped by IBM can't either, but there is a TSM API. Then
  tsmpipe was written in Umeå. Thanks again!
 
And in Luleå we are using the TSM API to do backups at the file level.
We detect if a volume has changed so it is very fast for static
volumes.
I don't know if the code has been published but we can do that if
anyone is interested.Â
 
 References
 
1. mailto:h...@kth.se

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Providing signed packages (was Re: any experiences with OpenAFS client ...)

2014-10-29 Thread Dave Botsch 
One can also disable kext signing on Yosemite by adding
kext-dev-mode=1 to the boot args.


On Wed, Oct 29, 2014 at 05:31:36PM +, Brandon Allbery wrote:
 So, an interesting and undoubtedly temporary workaround for unsigned
 kexts on Yosemite/OS X 10.10 is that they can apparently be loaded by
 LaunchDaemons.
 http://dan.langille.org/2014/10/28/getting-openconnect-tuntap-working-on-yosemite-osx/
 
 It wouldn't surprise me if Apple closed that loophole soonish, possibly
 even in a security update instead of a point release.
 
 -- 
 brandon s allbery kf8nh   sine nomine associates
 allber...@gmail.com  ballb...@sinenomine.net
 unix openafs kerberos infrastructure xmonadhttp://sinenomine.net

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] any experiences with OpenAFS client on the upcoming MacOS 10.10 (yosemite) release?

2014-10-20 Thread Dave Botsch 
I used the git head, and first had to create the various darwin-140
files as those were not there.

My attempt to compile the git head on a fresh install of Yosemite then
failed with the following:

http://fpaste.org/143001/

I don't know if Cornell's developer level allows signing of kernel
extensions or not. I can certainly check.

On Mon, Oct 20, 2014 at 03:40:49PM -0400, Benjamin Kaduk wrote:
 On Mon, 20 Oct 2014, Mattias Pantzare wrote:
 
  I have tried to compile 1.6.10 on OS X 10.10.
 
  The first problem is that it will not compile with xcode 5 or 6. I have not
  checked if there is a way to change the compiler to gcc on xcode 6, so it
  might be possible (the command gcc starts c-lang).
 
 The git master compiles just fine with xcode 6 on my Mavericks machine, so
 if there are build failures, they are probably just small patches that
 need to be merged from the master branch to the 1.6 branch.  (I don't
 think you can get real gcc from xcode 6 or higher.)
 
  10.10 requires all kernel extensions to be signed. They ship a list of
  hashes for old kernel extensions, that is why some versions of openafs will
  work on an upgraded system. But new openafs versions have to be signed.
 
 Some individual or organization will need to step forward to do that
 signing; I do not believe that there is an OpenAFS organization
 currently able or prepared to do so.  (Perhaps the Foundation could, but I
 am not sure.)  The Windows installers that OpenAFS distributes are signed
 by Secure Endpoints or YFSI (I forget which), who have graciously been
 using their codesigning certificates for this purpose.  I do not know if
 they will be willing to perform the same service for OS X installers.
 
 -Ben
 ___
 OpenAFS-info mailing list
 OpenAFS-info@openafs.org
 https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] any experiences with OpenAFS client on the upcoming MacOS 10.10 (yosemite) release?

2014-10-20 Thread Dave Botsch 
I can request it on our account, but I need a *clear* explanation, for
Apple, of ... what your kernel extension does and why your customers
are required to install it.

If someone who knows the internals better than I can provide this text,
that'd be great.

Thanks.

On Mon, Oct 20, 2014 at 03:48:11PM -0400, Dave Botsch wrote:
 I used the git head, and first had to create the various darwin-140
 files as those were not there.
 
 My attempt to compile the git head on a fresh install of Yosemite then
 failed with the following:
 
 http://fpaste.org/143001/
 
 I don't know if Cornell's developer level allows signing of kernel
 extensions or not. I can certainly check.
 
 On Mon, Oct 20, 2014 at 03:40:49PM -0400, Benjamin Kaduk wrote:
  On Mon, 20 Oct 2014, Mattias Pantzare wrote:
  
   I have tried to compile 1.6.10 on OS X 10.10.
  
   The first problem is that it will not compile with xcode 5 or 6. I have 
   not
   checked if there is a way to change the compiler to gcc on xcode 6, so it
   might be possible (the command gcc starts c-lang).
  
  The git master compiles just fine with xcode 6 on my Mavericks machine, so
  if there are build failures, they are probably just small patches that
  need to be merged from the master branch to the 1.6 branch.  (I don't
  think you can get real gcc from xcode 6 or higher.)
  
   10.10 requires all kernel extensions to be signed. They ship a list of
   hashes for old kernel extensions, that is why some versions of openafs 
   will
   work on an upgraded system. But new openafs versions have to be signed.
  
  Some individual or organization will need to step forward to do that
  signing; I do not believe that there is an OpenAFS organization
  currently able or prepared to do so.  (Perhaps the Foundation could, but I
  am not sure.)  The Windows installers that OpenAFS distributes are signed
  by Secure Endpoints or YFSI (I forget which), who have graciously been
  using their codesigning certificates for this purpose.  I do not know if
  they will be willing to perform the same service for OS X installers.
  
  -Ben
  ___
  OpenAFS-info mailing list
  OpenAFS-info@openafs.org
  https://lists.openafs.org/mailman/listinfo/openafs-info
 
 -- 
 
 David William Botsch
 Programmer/Analyst
 @CNFComputing
 bot...@cnf.cornell.edu
 
 ___
 OpenAFS-info mailing list
 OpenAFS-info@openafs.org
 https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] OAFS 1.7.x Win and Case (In)Sensitivity

2014-09-25 Thread Dave Botsch 
On Thu, Sep 25, 2014 at 01:30:17PM +, Mickey Lane wrote:

 I was not able to detect any sort of case sensitivity using either the
 start menu or a console prompt. 

Hence what makes an interesting... those seem to resolve it.


 Is it possible that Corel Draw
 occasionally uses an 8.3 directory identifer?

Not according to the output of Process Monitor.







 
 -Original Message-
 From: openafs-info-ad...@openafs.org [mailto:openafs-info-ad...@openafs.org] 
 On Behalf Of Dave Botsch
 Sent: Wednesday, September 24, 2014 2:35 PM
 To: openafs-info@openafs.org
 Subject: [OpenAFS] OAFS 1.7.x Win and Case (In)Sensitivity
 
 Hi.
 
 What's the story with case insentitivy or sensitivity with the Windows OAFS 
 client?
 
 Of course, OpenAFS is case sensitive and Windows is not. So, does the client 
 attempt to resolve things irrespective or case or should it fail if indeed 
 the case doesn't match?
 
 In this specific case, Corel Draw is attempting a CreateFile call on a path 
 into AFS with everything completely capitalized (why Corel Draw does this in 
 some cases and in others has the path correctly upper and lowered, dunno). 
 When Corel does the all caps, according to Process Monitor, the operation 
 fails with PATH_NOT_FOUND.
 
 Looking at DebugView with fs trace on ... I see:
 
 cm_EvaluteVolumeReference for string
 [@vol:CNF.CORNELL.EDU#HOME.STAFF.DWB7]
   Found cell [CNF.CORNELL.EDU] and volume [HOME.STAFF.DWB7] 
 RDR_EvaluateNodeByName FAILURE code=0x6654321d status=0xc03a
 
 I see that 0xc03a is ineed STATUS_OBJECT_NOT_FOUND
 
 So, this makes me wonder why if I in the start menu were to type in the same 
 full path in all caps, a windows explorer window opens with the folder.
 
 Should this be reported as an OpenAFS bug or do I need to engage Corel to try 
 and get them to use case sensitive paths in their calls?
 
 Thanks.
 
 --
 
 David William Botsch
 Programmer/Analyst
 @CNFComputing
 bot...@cnf.cornell.edu
 
 ___
 OpenAFS-info mailing list
 OpenAFS-info@openafs.org
 https://lists.openafs.org/mailman/listinfo/openafs-info
 ___
 OpenAFS-info mailing list
 OpenAFS-info@openafs.org
 https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] OAFS 1.7.x Win and Case (In)Sensitivity

2014-09-25 Thread Dave Botsch 
Hi, Jeff.

Thanks for the reply.

Additional questions...


  
  What's the story with case insensitivity or sensitivity with the Windows
  OAFS client?
 
 File and directory name searches are performed:
 
  1. case sensitive first
  2. case insensitive second
 
 Ambiguous case insensitive matches are failed.

Can you clarify what you mean by ambiguous case insenstivie match ?

Would hardcoding the file system filter driver somehow cause the case
insitivie second #2 above to not happen/match? 

Should there be something in the fs trace output indicating which type
of match it is or isn't doing and the result? Or does that require
additional debugging (ie paid support)?

thanks.

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] OAFS 1.7.x Win and Case (In)Sensitivity

2014-09-24 Thread Dave Botsch 
Hi.

What's the story with case insentitivy or sensitivity with the Windows
OAFS client?

Of course, OpenAFS is case sensitive and Windows is not. So, does the
client attempt to resolve things irrespective or case or should it fail
if indeed the case doesn't match?

In this specific case, Corel Draw is attempting a CreateFile call on a
path into AFS with everything completely capitalized (why Corel Draw
does this in some cases and in others has the path correctly upper and
lowered, dunno). When Corel does the all caps, according to Process
Monitor, the operation fails with PATH_NOT_FOUND.

Looking at DebugView with fs trace on ... I see:

cm_EvaluteVolumeReference for string
[@vol:CNF.CORNELL.EDU#HOME.STAFF.DWB7]
  Found cell [CNF.CORNELL.EDU] and volume [HOME.STAFF.DWB7]
RDR_EvaluateNodeByName FAILURE code=0x6654321d status=0xc03a

I see that 0xc03a is ineed STATUS_OBJECT_NOT_FOUND

So, this makes me wonder why if I in the start menu were to type in the
same full path in all caps, a windows explorer window opens with the
folder.

Should this be reported as an OpenAFS bug or do I need to engage Corel
to try and get them to use case sensitive paths in their calls?

Thanks.

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Red Hat RPM packaging

2014-09-03 Thread Dave Botsch 
I would vote either for openafs.org or EPEL .

EPEL is really good about making sure that they don't override base
redhat packages and that packages in the repo don't brake w.r.t.
dependencies.

ATRpms and others are really horrid about both of those.

On Wed, Sep 03, 2014 at 11:03:45AM -0500, Andrew Deason wrote:
 As mentioned and discussed in this thread:
 https://lists.openafs.org/pipermail/openafs-info/2014-June/040734.html,
 openafs.org would like to stop providing RPM packaging for Red Hat Linux
 distributions going forwards, to decouple upstream and downstream
 development (as is done on Debian and others). Under that model, we'd
 still continue to provide updated packages for RHEL6 and earlier, but
 not for RHEL7 and on.
 
 I thought we were intending to transition users towards packaging in the
 3rd-party ELRepo service, but based on discussion in the release-team
 meeting today, that doesn't seem like it is happening. In the absence of
 a clear decision on what to do, I'm creating this thread soliciting
 input from users on where they would like the Red Hat RPMs to live.
 
 So, please say what would work best for you. If you would be able to
 help with maintaining the packaging on any of these, also please speak
 up. One single option may not work for everyone, but it would be nice to
 not have everything scattered more than it needs to be.
 
 Anyway, the options I am aware of are:
 
  (1) Fedora itself (and EPEL). Obviously this would be the most
  desirable, but we cannot use this for the client, since they do not
  allow 3rd-party kernel modules
  
 http://fedoraproject.org/wiki/Packaging:Guidelines#No_External_Kernel_Modules.
  It is at least theoretically possible to just submit the server
  portions, and put the client bits elsewhere, but that seems really
  undesirable.
 
  (2) ELRepo http://elrepo.org/. There already is a package here:
  http://elrepo.org/tiki/kmod-openafs, maintained (or at least, was
  maintained) by Jack Neely. The only problem noted so far is that
  ELRepo uses something called kabi-tracking-kmods, which has caused
  the client to break in the past (but I believe this is already an
  issue with existing RHEL6 packaging).
  
  (3) ATrpms http://atrpms.net/. There is some existing packaging here,
  but it's pretty old. I'm not aware of any issues with using this,
  but I wouldn't know.
 
  (4) Some other 3rd-party repo (RPMFusion? RepoForge?). I'm not aware of
  any issues with RPMFusion or RepoForge, but I wouldn't know, and I
  haven't seen any previous openafs packaging in there.
  
  (5) Keep the packages on openafs.org, exactly as they exist now. You
  need to manually install a new repository for every release (e.g.
  openafs-release-rhel-1.6.9-1.noarch.rpm).
 
  (6) Keep the packages on openafs.org, but use one repository for all
  releases.
 
 If any of these choices are obviously better for your site, please say
 something.
 
 -- 
 Andrew Deason
 adea...@sinenomine.net
 ___
 OpenAFS-info mailing list
 OpenAFS-info@openafs.org
 https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Re: Authentication without aklog

2014-08-01 Thread Dave Botsch 
On Thu, Jul 31, 2014 at 05:32:53PM -0500, Andrew Deason wrote:
 
 So, do I take this to mean, these solutions work well enough for us, so
 I don't really care? :)

No, not in the least. I care very very much and wish I had the time to
improve the AFSTokens app.

Certainly there's always that easier 95% that gets one most of the way
there and then that last, slow 5% which hinges on whether the first 95%
is good enough.

The user experience is paramount. The average user honestly doesn't care
if under the hood of whatever credential tool there is a plugin or two
or three or none.  In our experience, all the user cares about is being
able to easily get AFS Tokens and not having to worry about the
difference between Kerberos tickets and AFS Tokens. That is, the user
types in their username and password and... done. 

IMHO, krb5-auth-dialog, AFSTokens, PAM logins via gdm and sshd,
afscreds.exe, windows integrated login, and mac os x integrated login
all provide this vital user experience.

The administrator is a different discussion, of course :)

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Re: Authentication without aklog

2014-08-01 Thread Dave Botsch 
Well, is anything really transparent for the administrator? Especially
w.r.t. AFS, where the admin has to also configure the ThisCell, the afs
cache size (pre-allocate a cache partition, too, on linux), edit
ThisCell to be reasonable, and set numerous other client options (config
files on mac and linux and ew registry on Windows)?

A GUI installer/config doo-hickey would certainly be nice, of course,
for the less tech saavy administrator or the end user trying to install
AFS and needing to configure some of those other options (esp, again, on
non Windows/Mac). I enjoy the cell input dialog and the windows gui
installer. But, for more managed installations, I'm also glad that on
linux they aren't required (just install the rpm and push out some
config files).

W.r.t. PAM, I like the idea of AFS being just another PAM module, versus
some other mechanism that's different from anything else.

Could AFS work like other Kerberos apps with more direct use of kerberos
tickets and just getting the service ticket when needed, versus having
to do something extra (ie aklog)? Dunno. Would be nice, but not
required, IMHO, as long as the user experience is sane.


On Fri, Aug 01, 2014 at 09:40:39AM -0500, Andrew Deason wrote:
 On Fri, 1 Aug 2014 07:02:34 -0400
 chas williams - CONTRACTOR c...@cmf.nrl.navy.mil wrote:
 
  On Thu, 31 Jul 2014 15:29:47 -0500
  Andrew Deason adea...@sinenomine.net wrote:
  
   The first time I heard this I was a bit surprised, but that may be just
   because I'm very used to the 'aklog' approach and find it intuitive. You
   need to tell the kernel what credentials you want it to use for AFS
   access; makes sense to me.
  
  Usually, aklog is handled transparently here, either via MIT's krb5
  login (et al) client calling out to aklog or via pam_krb5. 
 
 This isn't transparent for the administrator, though. You had to
 install an afs-specific pam module, or specify that something runs
 aklog; something like that. (And of course, that's only for things that
 run through PAM.)
 
   The alternative is to effectively guess what credentials we should
   be using, which is what NFSv4 does (rpc.gssd).[...]
  
  Not impossible for Linux.  I believe that the Linux keyring code
  allows for down calls from the kernel to user space in order to ask
  something to insert the appropriate keys (see keys-request-key.txt in
  the Linux kernel).
 
 We can do a userspace upcall on any platform; that's not the hard part...
 
 -- 
 Andrew Deason
 adea...@sinenomine.net
 
 ___
 OpenAFS-info mailing list
 OpenAFS-info@openafs.org
 https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] additional OpenAFS 1.6.9 binaries available

2014-06-25 Thread Dave Botsch 
At the very least, I'd like to see a spec included in the source so
that one can rebuild on one's own the binaries from the source (on at
least the base RHEL and current Fedora).

IMHO, not offering binaries and telling users to go someplace else is
not perceived as friendly to the users... UNLESS.. there is a direct
pointer to said trusted 3rd party binary builder. Especially if binaries
are available for Mac and Windows... it comes off as a screw you to
linux users.



On Wed, Jun 18, 2014 at 08:32:56PM +0200, Stephan Wiesand wrote:
 
 On Jun 18, 2014, at 20:07 , Jonathan Billings wrote:
 
  On Wed, Jun 18, 2014 at 1:52 PM, Stephan Wiesand stephan.wies...@desy.de
  wrote:
  
  Note that there are no RHEL7 binaries. The release team feels that we
  should
  not continue to provide packages using the old transarc paths for new Linux
  platforms, and that we should leave packaging for those to downstream
  projects
  rather than creating FHS compliant packages ourselves. This would mean that
  we'd no longer provide any binaries for RHEL7+ and Fedora 21+.
  
  
  Do we want to continue development of the RPM spec file in the OpenAFS git
  tree?  Split off a RHEL7/Fedora version?
 
 
 Interesting question. My personal opinion is that if we do it at all, yes
 we should forge a new spec for RHEL 7+ and Fedora 21+ which does away with
 all the legacy. And that it would bitrot quickly unless we actually use it.
 And that maintaining the spec is the bigger problem than providing the
 builds.
 
 Thus, probably: No.
 
 -- 
 Stephan Wiesand
 DESY -DV-
 Platanenenallee 6
 15738 Zeuthen, Germany
 
 ___
 OpenAFS-info mailing list
 OpenAFS-info@openafs.org
 https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] OpenAFS and windows/unix versioning

2014-05-07 Thread Dave Botsch 
That might be true, however, things like single DES going away (sort of)
as I understand it can break things with older clients.



On Wed, May 07, 2014 at 10:44:21AM -0400, Benjamin Kaduk wrote:
 On Wed, 7 May 2014, Dave B. wrote:
 
 One of our main thoughts is that the version numbers should be
 indicative of client/server compatibility.
 
 clients and servers communicate via the AFS-3 network protocol; new
 features (RPCs) are added to that protocol in a backwards-compatible
 manner.  The expectation is that any client version should function
 usefully against any server version; I don't see there being such
 compatibility concerns.
 
 -Ben
 ___
 OpenAFS-info mailing list
 OpenAFS-info@openafs.org
 https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Openafs kernel problems

2014-02-04 Thread Dave Botsch 
I'm seeing a fair amount of these on a daily basis. At this point, I
believe I'm seeing them mostly from my RHEL6/64 machines running the
latest RHEL6.5 kernel and oafs 1.6.5.2 :

(Thoughts?)

abrt_version:   2.0.8
cmdline:ro root=UUID=2001c35a-147a-4854-bf48-37681bff20b6 rd_NO_LUKS  
KEYBOARDTYPE=pc KEYTABLE=us LANG=en_US.UTF-8 rd_NO_MD quiet 
SYSFONT=latarcyrheb-sun16 rhgb rd_NO_LVM crashkernel=129M@0M rhgb quiet rd_NO_DM
kernel: 2.6.32-431.3.1.el6.x86_64
last_occurrence: 1391195007
not-reportable: A kernel problem occurred, but your kernel has been tainted 
(flags:P   ). Kernel maintainers are unable to diagnose tainted reports.
time:   Fri 31 Jan 2014 02:03:27 PM EST

sosreport.tar.xz: Binary file, 3374352 bytes

backtrace:
:WARNING: at fs/dcache.c:1249 d_splice_alias+0x16e/0x180() (Tainted: P  
 ---   )
:Hardware name: KVM
:Modules linked in: nfsd lockd nfs_acl auth_rpcgss sunrpc exportfs drbd(U) 
libcrc32c ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat 
nf_conntrack_ipv4 nf_defrag_ipv4 ipt_REJECT xt_CHECKSUM iptable_mangle 
iptable_filter ip_tables bridge openafs(P)(U) autofs4 bnx2fc cnic uio fcoe 
libfcoe libfc 8021q scsi_transport_fc garp stp scsi_tgt llc ip6t_REJECT 
nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter 
ip6_tables ipv6 ext3 jbd vhost_net macvtap macvlan tun uinput microcode sg 
virtio_balloon i2c_piix4 i2c_core snd_hda_intel snd_hda_codec snd_hwdep snd_seq 
snd_seq_device snd_pcm snd_timer snd soundcore snd_page_alloc virtio_net ext4 
jbd2 mbcache virtio_blk sr_mod cdrom virtio_pci virtio_ring virtio pata_acpi 
ata_generic ata_piix dm_mirror dm_region_hash dm_log dm_mod [last unloaded: 
mperf]
:Pid: 12528, comm: java Tainted: P   ---
2.6.32-431.3.1.el6.x86_64 #1
:Call Trace:
:[81071e27] ? warn_slowpath_common+0x87/0xc0
:[81071e7a] ? warn_slowpath_null+0x1a/0x20
:[811a454e] ? d_splice_alias+0x16e/0x180
:[a042d32d] ? afs_linux_lookup+0x12d/0x280 [openafs]
:[81198a45] ? do_lookup+0x1a5/0x230
:[81199364] ? __link_path_walk+0x794/0xff0
:[811218b7] ? do_read_cache_page+0x97/0x180
:[811219e9] ? read_cache_page_async+0x19/0x20
:[81121a06] ? read_cache_page+0x16/0x20
:[8119609f] ? page_getlink+0x4f/0xb0
:[811990c4] ? __link_path_walk+0x4f4/0xff0
:[8122dad1] ? avc_has_perm+0x71/0x90
:[81199e7a] ? path_walk+0x6a/0xe0
:[8119a08b] ? filename_lookup+0x6b/0xc0
:[8119b1b7] ? user_path_at+0x57/0xa0
:[a042d836] ? afs_linux_getattr+0x36/0x50 [openafs]
:[811aaa30] ? mntput_no_expire+0x30/0x110
:[8118e7c4] ? cp_new_stat+0xe4/0x100
:[8118ea00] ? vfs_fstatat+0x50/0xa0
:[8118eb7b] ? vfs_stat+0x1b/0x20
:[8118eba4] ? sys_newstat+0x24/0x50
:[810e2077] ? audit_syscall_entry+0x1d7/0x200
:[810e1e6e] ? __audit_syscall_exit+0x25e/0x290
:[8100b072] ? system_call_fastpath+0x16/0x1b

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Oracle Linux Unbreakable Kernel and OpenAFS

2013-12-10 Thread Dave Botsch 
Does anyone have any experience with Oracle Enterprise Linux's
Unbreakable Kernel and OpenAFS (especially w lots of users logged in)? 

Specifically on version 6u4 of OEL.

A basic boot and afs seems to come up fine, but, who knows if they did
something that would break AFS longer term.

My kernel options are the Oracle UEK kernel or the RH compatible kernel.

thanks.

-- 

David William Botsch
Programmer/Analyst
@CNFComputing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] RHEL Yum Repositories

2013-09-20 Thread Dave Botsch 
Hi.

Yum repo config files that should allow you to install openafs 1.6.5
from openafs.org can be found at:

https://confluence.cornell.edu/display/CNF/Installing+AFS

On Fri, Sep 20, 2013 at 10:23:47AM -0500, Bill Glick wrote:
 What is the current status of supporting Yum repositories for RHEL?
 
 In looking through archives, I see that the 1.4.x releases provided Yum 
 repos, e.g. 
 http://dl.openafs.org/dl/openafs/1.4.14/openafs-repository-rhel-1.4.14-1.noarch.rpm
   But this appears to have been discontinued in the current 1.6.x releases. 
 There is repodata listed with the current releases 
 (http://dl.openafs.org/dl/openafs/1.6.5/rhel6/x86_64/repodata/), but I don't 
 know how to make use of that.
 
 We're currently installing OpenAFS on our RHEL/CentOS 6.x systems using the 
 DKMS packages 
 (https://wiki.ncsa.illinois.edu/display/ITS/OpenAFS+Install+via+RPM+for+RHEL+6)
  which is great for dealing with kernel upgrades.  I'm now trying to figure 
 out a simpler way to keep our OpenAFS packages updated.  Any suggestions?
 
 -- 
 Bill Glick
 NCSA - University of Illinois at Urbana-Champaign
 
 ___
 OpenAFS-info mailing list
 OpenAFS-info@openafs.org
 https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

David William Botsch
Programmer/Analyst
CNF Computing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] mod_waklog and rxkad-kdf

2013-08-06 Thread Dave Botsch 
 doesn't know to request only DES session keys for AFS service
 tickets

And if we turn off DES support completely?

On Tue, Aug 06, 2013 at 06:55:25PM -0700, Russ Allbery wrote:
 Here's a patch against the current mod_waklog Git repository that adds
 support for rxkad-kdf (important if your web SSO forwards service tickets
 instead of TGTs and doesn't know to request only DES session keys for AFS
 service tickets).
 
 Note the change to link with libafsrpc and libafsauthent instead of the
 individual AFS libraries.  I'm not sure why this was required, but I was
 getting sealed data inconsistent errors when attempting to use the
 tokens obtained by the module before making that change.  (Yes, that's a
 very odd error message for this particular change to generate.)
 
 Thanks to Jeffrey Altman for the core code change of this patch.
 
 -- 
 Russ Allbery (r...@stanford.edu) http://www.eyrie.org/~eagle/
 

 diff --git a/Makefile.am b/Makefile.am
 index 932b17b..9a91c86 100644
 --- a/Makefile.am
 +++ b/Makefile.am
 @@ -3,8 +3,7 @@ all: mod_waklog.so
  APXS = @APXS@
  INCLUDES = -I@KRB5_INC@ -I@AFS_INC@ -I@APACHE_INC@ -I@APR_INC@
  LIB = -L@AFS_LIBS@ -L@KRB5_LIBS@ -L@APACHE_LIBS@ -lkrb5 -lk5crypto  \
 -   -lprot -lauth -lresolv -lubik -lrxkad -lsys -lrx -llwp -ldes \
 -   -lcom_err -lafsutil
 +   -lafsauthent -lafsrpc
  
  APXSCC = `${APXS} -q CC` \
   @WAKLOG_DEBUG@ \
 diff --git a/mod_waklog.c b/mod_waklog.c
 index 023028b..0503bf7 100644
 --- a/mod_waklog.c
 +++ b/mod_waklog.c
 @@ -425,7 +425,7 @@ set_auth ( server_rec *s, request_rec *r, int self, char 
 *principal, char *keyta
  /* create a principal out of our k5user string */
  
  if ( ( kerror = krb5_parse_name (child.kcontext, k5user, kprinc ) ) ) {
 -  log_error(APLOG_MARK, APLOG_ERR, 0, s, mod_waklog: krb5_parse_name 
 %s, (char *) error_message(kerror) );
 +  log_error(APLOG_MARK, APLOG_ERR, 0, s, mod_waklog: krb5_parse_name 
 %s, (char *) afs_error_message(kerror) );
goto cleanup;
  }
  
 @@ -446,14 +446,14 @@ set_auth ( server_rec *s, request_rec *r, int self, 
 char *principal, char *keyta
  
  if ( ( kerror = krb5_kt_resolve(child.kcontext, keytab, krb5kt ) ) 
 ) {
log_error( APLOG_MARK, APLOG_ERR, 0, s,
 -mod_waklog: krb5_kt_resolve %s, error_message(kerror) );
 +mod_waklog: krb5_kt_resolve %s, afs_error_message(kerror) );
goto cleanup;
  }
  
  if ((kerror = krb5_get_init_creds_keytab (child.kcontext, v5creds,
kprinc, krb5kt, 0, NULL, kopts ) ) ) {
  log_error(APLOG_MARK, APLOG_ERR, 0, s, mod_waklog: 
 krb5_get_init_creds_keytab %s,
 -  error_message(kerror) );
 +  afs_error_message(kerror) );
  goto cleanup;
  }
} else if (k5secret) {
 @@ -463,7 +463,7 @@ set_auth ( server_rec *s, request_rec *r, int self, char 
 *principal, char *keyta
  if ((kerror = krb5_get_init_creds_password ( child.kcontext, 
 v5creds,
kprinc, k5secret, NULL, NULL, 0, NULL, kopts ) ) ) {
  log_error(APLOG_MARK, APLOG_ERR, 0, s, mod_waklog: 
 krb5_get_init_creds_password %s,
 -  error_message(kerror) );
 +  afs_error_message(kerror) );
/* nuke the password so it doesn't end up in core files */
memset(k5secret, 0, sizeof(k5secret));   
  goto cleanup;
 @@ -475,20 +475,20 @@ set_auth ( server_rec *s, request_rec *r, int self, 
 char *principal, char *keyta
/* initialize the credentials cache and store the stuff we just got */
if ( ( kerror = krb5_cc_initialize (child.kcontext, child.ccache, 
 kprinc) ) ) {
  log_error(APLOG_MARK, APLOG_ERR, 0, s, mod_waklog: init credentials 
 cache %s, 
 -  error_message(kerror));
 +  afs_error_message(kerror));
  goto cleanup;
}

if ( ( kerror = krb5_cc_store_cred(child.kcontext, child.ccache, 
 v5creds) ) ) {
  log_error(APLOG_MARK, APLOG_ERR, 0, s, mod_waklog: cannot store 
 credentials %s, 
 -  error_message(kerror));
 +  afs_error_message(kerror));
  goto cleanup;
}
  
krb5_free_cred_contents(child.kcontext, v5creds);
   
if ( kerror ) {
 -log_error(APLOG_MARK, APLOG_ERR, 0, s, mod_waklog: store cred %s, 
 error_message(kerror));
 +log_error(APLOG_MARK, APLOG_ERR, 0, s, mod_waklog: store cred %s, 
 afs_error_message(kerror));
  goto cleanup;
}

 @@ -529,7 +529,7 @@ set_auth ( server_rec *s, request_rec *r, int self, char 
 *principal, char *keyta
log_error(APLOG_MARK, APLOG_DEBUG, 0, s, mod_waklog: using AFS 
 principal: %s, buf);

if ((kerror = krb5_parse_name (child.kcontext, buf, increds.server))) 
 {
 -

Re: [OpenAFS] Windows 8.1, SkyDrive and Roaming Profiles

2013-07-10 Thread Dave Botsch 
It looks like Windows 8.1 still stores Roaming Profiles in
C:\users\username\AppData\Roaming ... which is different than
C:\users\SkyDrive ...

So, are you referring to somehow making the whole C:\Users\username the
roaming profile, which would then include the SkyDrive folder?

Or are you referring to some sort of way to do a folder redirection of
the entire home folder into AFS?

Thanks.


On Mon, Jul 08, 2013 at 01:59:58PM -0400, Jeffrey Altman wrote:
 Configure 8.1 to use roaming profiles and produce a situation in
 which SkyDrive has synchronized the directory structure but not
 the contents and files.  Then logout and let the SkyDrive folder
 in the user profile be written back to AFS.
 
 On 7/8/2013 1:38 PM, Dave Botsch wrote:
  Being somewhat unfamiliar with Windows 8 / 8.1...
  
  what are the suggested steps for recreating the conditions to replicate
  the failure? I've got a skydrive login setup, so, now what?
  
  thanks.
  
  On Sat, Jun 29, 2013 at 12:09:59PM -0400, Jeffrey Altman wrote:
  Last Wednesday Microsoft released the one and only preview release of
  Windows 8.1 in conjunction with the Microsoft Build conference which I
  attended.  The one big change relating to file systems is the
  integration of SkyDrive into the Shell and its selection as the primary
  storage location for end user documents.
 
  The SkyDrive integration adds shell recognition for files that are
  located in the locally sync'd copy of the SkyDrive directory tree but
  which have not been copied locally.   Microsoft now represents these
  files with a new Reparse Point (Tag: 0x8015) which is a sparse
  file and an offline file.  The file will not be visible to
  applications that browse the directory from the command line but will be
  displayed in the Explorer Shell and Modern application views of the
  SkyDrive directory.
 
  The SkyDrive folder tree is stored in the user's profile at
  \Users\username\SkyDrive.   When the profile is on NTFS this works
  fine.  When the roaming profile is stored in AFS this is going to cause
  problems because at logout an error will be generated when attempts are
  made to copy this new reparse point to AFS.
 
  I urge organizations to begin testing Windows 8.1 Preview immediately
  and to file bug reports with Microsoft as soon as possible.  This is a
  feature that will not be altered once Windows 8.1 RTM is cut.   It is
  critical that Microsoft hear about issues that will effect their
  customers while there is time to make adjustments.
 
  Jeffrey Altman
 
  
  
  
 



-- 

David William Botsch
Programmer/Analyst
CNF Computing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Windows 8.1, SkyDrive and Roaming Profiles

2013-07-08 Thread Dave Botsch 
Being somewhat unfamiliar with Windows 8 / 8.1...

what are the suggested steps for recreating the conditions to replicate
the failure? I've got a skydrive login setup, so, now what?

thanks.

On Sat, Jun 29, 2013 at 12:09:59PM -0400, Jeffrey Altman wrote:
 Last Wednesday Microsoft released the one and only preview release of
 Windows 8.1 in conjunction with the Microsoft Build conference which I
 attended.  The one big change relating to file systems is the
 integration of SkyDrive into the Shell and its selection as the primary
 storage location for end user documents.
 
 The SkyDrive integration adds shell recognition for files that are
 located in the locally sync'd copy of the SkyDrive directory tree but
 which have not been copied locally.   Microsoft now represents these
 files with a new Reparse Point (Tag: 0x8015) which is a sparse
 file and an offline file.  The file will not be visible to
 applications that browse the directory from the command line but will be
 displayed in the Explorer Shell and Modern application views of the
 SkyDrive directory.
 
 The SkyDrive folder tree is stored in the user's profile at
 \Users\username\SkyDrive.   When the profile is on NTFS this works
 fine.  When the roaming profile is stored in AFS this is going to cause
 problems because at logout an error will be generated when attempts are
 made to copy this new reparse point to AFS.
 
 I urge organizations to begin testing Windows 8.1 Preview immediately
 and to file bug reports with Microsoft as soon as possible.  This is a
 feature that will not be altered once Windows 8.1 RTM is cut.   It is
 critical that Microsoft hear about issues that will effect their
 customers while there is time to make adjustments.
 
 Jeffrey Altman
 



-- 

David William Botsch
Programmer/Analyst
CNF Computing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Windows 8.1, SkyDrive and Roaming Profiles

2013-07-01 Thread Dave Botsch 
What would be the suggested resolution from Microsoft?

Any reason OAFSWin can't add support for these reparse points?

thanks.

On Sat, Jun 29, 2013 at 12:09:59PM -0400, Jeffrey Altman wrote:
 Last Wednesday Microsoft released the one and only preview release of
 Windows 8.1 in conjunction with the Microsoft Build conference which I
 attended.  The one big change relating to file systems is the
 integration of SkyDrive into the Shell and its selection as the primary
 storage location for end user documents.
 
 The SkyDrive integration adds shell recognition for files that are
 located in the locally sync'd copy of the SkyDrive directory tree but
 which have not been copied locally.   Microsoft now represents these
 files with a new Reparse Point (Tag: 0x8015) which is a sparse
 file and an offline file.  The file will not be visible to
 applications that browse the directory from the command line but will be
 displayed in the Explorer Shell and Modern application views of the
 SkyDrive directory.
 
 The SkyDrive folder tree is stored in the user's profile at
 \Users\username\SkyDrive.   When the profile is on NTFS this works
 fine.  When the roaming profile is stored in AFS this is going to cause
 problems because at logout an error will be generated when attempts are
 made to copy this new reparse point to AFS.
 
 I urge organizations to begin testing Windows 8.1 Preview immediately
 and to file bug reports with Microsoft as soon as possible.  This is a
 feature that will not be altered once Windows 8.1 RTM is cut.   It is
 critical that Microsoft hear about issues that will effect their
 customers while there is time to make adjustments.
 
 Jeffrey Altman
 



-- 

David William Botsch
Programmer/Analyst
CNF Computing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Windows 8.1, SkyDrive and Roaming Profiles

2013-07-01 Thread Dave Botsch 
So, how does Windows then deal with storing those on non-NTFS
filesystem? NFS or FAT32 usb sticks? Etc. Does all of that just break,
does it do some sort of de-reference to the actual file, or do something
akin to the mac data/resource fork splitting ?


On Mon, Jul 01, 2013 at 12:43:07PM -0700, Russ Allbery wrote:
 Dave Botsch bot...@cnf.cornell.edu writes:
 
  What would be the suggested resolution from Microsoft?
 
  Any reason OAFSWin can't add support for these reparse points?
 
 You can't do that only in the Windows client, at least if I'm
 understanding the nature of reparse points correctly.  The AFS file server
 would also have to be able to store the reparse point.  Think of it as
 akin to a UNIX device file.  So this means new data structures available
 inside AFS volumes, which has rather wide-ranging implementation effects.
 
 -- 
 Russ Allbery (r...@stanford.edu) http://www.eyrie.org/~eagle/
 ___
 OpenAFS-info mailing list
 OpenAFS-info@openafs.org
 https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

David William Botsch
Programmer/Analyst
CNF Computing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Re: Backup ubik database

2013-05-21 Thread Dave Botsch 
Is there documentation someplace on creating a non-voting clone?

On Mon, May 20, 2013 at 10:54:07AM -0400, Derrick Brashear wrote:
 On Mon, May 20, 2013 at 10:50 AM, Andrew Deason adea...@sinenomine.netwrote:
 
  On Mon, 20 May 2013 13:58:13 +0200
  Gémes Géza g...@kzsdabas.hu wrote:
 
   What is the best way to backup the ubik database of pt and vlservers?
   Does the server processes need to be shut down?
 
  Currently the only way to safely copy/backup those databases is to copy
  the files while the server processes are either shut down, or stopped
  (with SIGSTOP). You have to copy both the the .DB0 and .DBSYS files (or
  just copy everything in the db directory, which should probably work no
  matter how the databases are changed in the future).
 
  Some people just copy the files while the servers are running, though, I
  think. If your ubik database doesn't change constantly at a high rate,
  and you make several copies, it's very likely you'll save at least one
  valid copy. It's also possible to add a dbserver just for the purposes
  of backing up this data, if you want to go the safe route above, but
  don't want to interrupt the dbservers that clients actually use.
 
 
 If you go this route, you can create a non-voting clone to do it, so
 there's actually no
 chance of disruption.
 
 
 
 -- 
 Derrick

-- 

David William Botsch
Programmer/Analyst
CNF Computing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] March 2013 OAFS Newsletter is Out

2013-03-18 Thread Dave Botsch 
The March 2013 edition of the OpenAFS newsletter is now online!

http://www.openafs.org/newsletter

-- 

David William Botsch
Programmer/Analyst
CNF Computing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Development status of mod_waklog and filedrawers

2013-02-04 Thread Dave Botsch 
I'm using it on RHEL6 with php-5.3.3-14.el6_3.x86_64 and
php-Smarty-2.6.27-1.el6.noarch .

It does, however, run rather slowly... seems to be as a result of it
stat'ing all the files in a directory.


On Mon, Feb 04, 2013 at 03:40:40PM +0100, Staffan Hämälä wrote:
 I got mod_waklog to work on apache 2.2 at least.
 
 I've found a lot of info in this posting:
 https://lists.openafs.org/pipermail/openafs-info/2009-May/031480.html
 
 Stephen Quinney's patches are available here:
 http://old.nabble.com/mod_waklog-tt33632100.html
 
 Aaron Knister's patches here:
 http://userpages.umbc.edu/~aaronk/waklog/patches_for_git
 
 I downloaded mod_waklog from git, and applied the patches in this order:
 patch -p1  ../patches_aaron_knister/fix_build_scripts.patch
 patch -p1  ../patches_aaron_knister/have_stropts_h.patch
 patch -p1  ../patches_aaron_knister/gnu_source.patch
 
 patch -p1  ../patches_stephen_quinney/modwaklog-weakcrypto.patch
 patch -p1  ../patches_stephen_quinney/modwaklog-libs.patch
 
 
 As I said, mod_waklog seems to work perfectly. However, I haven't
 got filedrawers to work yet. It does not seem to work with PHP
 5.4.11 and Smarty 3.1.13.
 
 I've read that it should work with PHP 5.x, but apparently not with
 5.4, though I think I managed to fix that. (by loading some module
 statically instead of using dl - dynamically loaded modules, which
 is deprecated in 5.4).
 
 Smarty 3.1.13 seems to be more difficult, I just get strange error messages.
 
 I've found a note somewhere that it does not work with Smarty 2.x,
 and that version 1.x works. Maybe version 3.x has the same problem,
 and we need to downgrade to version 1.x.
 
 
 --S
 
 
 On 2013-02-04 14:01, Joseph Timothy Foley wrote:
 I would like to know more about this as well.  I tried to get mod_waklog 
 working on an Ubuntu 12.04 32-bit system but was unsuccessful.  It compiled 
 but did not get loaded correctly into the Apache 2 I was using.  I asked a 
 friend to was trying to use it at MIT, but they gave up and used IP-based 
 ACLS.
 
 Where did you find a guide indicating which patches?
 
 Thanks,
 Joe
 
 -Original Message-
 From: openafs-info-ad...@openafs.org [mailto:openafs-info-ad...@openafs.org] 
 On Behalf Of Staffan Hämälä
 Sent: 30. janúar 2013 20:35
 To: openafs-info@openafs.org
 Subject: [OpenAFS] Development status of mod_waklog and filedrawers
 
 What is the current status of the mod_waklog and filedrawers projects? I saw 
 a thread about mod_waklog a few months ago, but what about filedrawers?
 
 I've managed to compile mod_waklog on Redhat RHEL6 64-bit after applying 
 five patches (by Aaron Knister and Stephen Quinney). It now works on Apache 
 2.2 (haven't tried 2.4 yet).
 
 Filedrawers seems to need some tweaking as well. I've found a few things 
 that needs to be changed for it to work with PHP 5.4. It also seems to have 
 problems with the current version of Smarty (version 3.1.13). I'm working 
 through the things that need to be changed at the moment.
 
 It seems both mod_waklog and filedrawers haven't been updated for several 
 years. Does anyone maintain them?
 
 /Staffan
 
 --
 Staffan Hämälä
 Luleå University of Technology
 Sweden
 ___
 OpenAFS-info mailing list
 OpenAFS-info@openafs.org
 https://lists.openafs.org/mailman/listinfo/openafs-info
 
 
 
 
 ___
 OpenAFS-info mailing list
 OpenAFS-info@openafs.org
 https://lists.openafs.org/mailman/listinfo/openafs-info
 

-- 

David William Botsch
Programmer/Analyst
CNF Computing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Re: Rsync-ing a vice* partition

2013-01-11 Thread Dave Botsch 
I wonder if one could reasonably put /usr/afs and all the /vicep*
partitions on DRBD, and then fail those along with the IP address over
to the other server (corosync, pacemaker).

On Fri, Jan 11, 2013 at 03:38:45PM -0500, Garance A Drosihn wrote:
 On 1/11/13 10:15 AM, Andrew Deason wrote:
 On Thu, 10 Jan 2013 23:02:26 -0500
 Garance A Drosihndro...@rpi.edu  wrote:
 
 As far as AFS is concerned, would it be safe and reasonable
 to use rsync to duplicate all files on /vicepa to /nextpa,
 dismount both partitions, and then mount what was /nextpa
 as /vicepa?  Or is that playing with fire, such that it'd be
 much safer to move the AFS volumes via standard AFS commands
 while AFS is running?
 
 I assume it's not relevant here, but just in case and for the
 archives... this is of course dependant on the fileserver
  backend. If you happen to have any 'inode' fileservers running
  (if you're not running a commercial unix, you don't have any),
  this is not adequate for them.
 
 
 yes, I should have mentioned that these are all namei-based
 fileservers, running on redhat linux.  Using ext3 filesystems,
 if I remember right.
 
 
 -- 
 Garance Alistair Drosehn= dro...@rpi.edu
 Senior Systems Programmer   or   g...@freebsd.org
 Rensselaer Polytechnic Institute; Troy, NY;  USA
 ___
 OpenAFS-info mailing list
 OpenAFS-info@openafs.org
 https://lists.openafs.org/mailman/listinfo/openafs-info
 

-- 

David William Botsch
Programmer/Analyst
CNF Computing
bot...@cnf.cornell.edu

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

  1   2   >