find a way to capture both the packets on the wire, and
the unencrypted packets on at least one end, you might wind up seeing
interesting weirdnes.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https
is not identical to a reboot.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
backwards. The disadvantage of this is of
course you're going to have to duplicate everything in a
carefully confined piece of network space.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https
/index.jsp
Java 1.5 didn't do aes, so, well, avoid it?
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
the
functionality, but PR_ChangeEntry has a newid parameter which can be
set to accomplish a viceid change.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo
and simply don't
want or need another fileserver.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Version is: 2.0
stilton-root#
now start ptserver, then on the db server,
pts createu admin -localauth
pts adduser admin system:administrators -localauth
at this point, you should now be able to use admin on a
regular client etc.
-Marcus
Date:Wed, 29 Sep 2010 23:18:33 EDT
To: Phillip Moore w.phillip.mo...@gmail.com
cc: Michael Meffie mmef...@sinenomine.net,
Rick Cochran r...@cornell.edu,
openafs-info@openafs.org openafs-info@openafs.org
From:Derrick Brashear sha...@gmail.com
Subject: Re:
binaries.)
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Derrick Brashear sha...@gmail.com writes:
Date:Fri, 16 Apr 2010 12:43:30 EDT
To: Marcus Watts m...@umich.edu
cc: openafs-info@openafs.org
From:Derrick Brashear sha...@gmail.com
Subject: Re: [OpenAFS] Re: Ubik problem
It might actually be worth valgrinding.
On Fri, Apr
isn't running of course.)
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
it as kadb_check. Yes, it's a bit strange.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
doesn't adjust BeginTimestamp. Probably you get the wrong behavior 50%
of the time.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Date:Fri, 19 Mar 2010 14:54:15 PDT
To: openafs-info openafs-info@openafs.org
From:Jonathan Nilsson jnils...@uci.edu
Subject: [OpenAFS] recommended hardware for new production environment
Hello,
I've been testing OpenAFS for a while now, and I think we are soon ready to
of interest is the contents of the afs server side krb.conf
(probably /usr/afs/etc/krb.conf or /etc/openafs/server/krb.conf).
The afs servers use this to indicate which realms are local.
You should probably have both A.COM and B.COM on the first line.
-Marcus Watts
and glittery.
...
Thank you very much, by the way, for asking this.
In case it wasn't obvious, I'm using your question as a convenient
opportunity to do a brain dump.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info
. Like DCE and MS.
...
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
?)
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
an interesting option for you.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
for many years to locate
buserver and budb on a separate host from the database servers, back
when db server real estate was a scarce resource.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
KRB5_KDB_SALTTYPE_AFS3, so that this logic parallels
whatever you did when returning KRB5_PADATA_AFS3_SALT.
Caveat: I haven't tried this, so I cannot guarantee this actually
works right with any client, let alone the clients in your environment.
-Marcus Watts
Date:Fri, 07 Nov 2008 14:24:30 EST
To: openafs-info@openafs.org openafs-info@openafs.org
From:Derrick Brashear [EMAIL PROTECTED]
Subject: Re: [OpenAFS] KA server to MIT KRB5 migration issues
On Fri, Nov 7, 2008 at 1:53 PM, Marcus Watts [EMAIL PROTECTED] wrote:
Gedaliah Wolosh
memory cache.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Date:Tue, 15 Jul 2008 22:21:35 EDT
To: Openafs-Info openafs-info@openafs.org
From:Jason Edgecombe [EMAIL PROTECTED]
Subject: [OpenAFS] what is in src/gtx?
HI,
What do the files in the src/gtx in openafs cvs do?
I'm working on the N8x0 openafs build and I got a build error
into the business of applying for government grants
to work on AFS.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
basis of backups
that were no longer of interest.
Before doing either of these, you should certainly save your current
backup database, on each machine.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
-default SOM-- SOM--
probably you will need to remake your ptserver instances in bos to do this.
-- Ragge
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo
for an
application to decide to do cp/rm in the event of
getting this error.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
of things things (esp. ubik) I don't
see how you can avoid having a flag day inside your server environment,
and I don't see why you would want to avoid this either.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info
John Hascall [EMAIL PROTECTED] writes:
By not yet completed I meant started. If I'm understanding
the process as it was outlined many messages ago it was:
1) create afs-k5 or (or is it k5-afs?) key
2) upgrade all your servers
3) upgrade all your clients
.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Date:Wed, 26 Sep 2007 08:38:05 CDT
To: [EMAIL PROTECTED]
cc: Marcus Watts [EMAIL PROTECTED], openafs-info@openafs.org
From:John Hascall [EMAIL PROTECTED]
Subject: Re: [OpenAFS] AES Support ?
Jeffrey Altman
John Hascall wrote:
What makes your cell rxk5 capable
of negotiating some
sort of anonymous private path doing something clever with gssapi.
I have an idea about how to do something like this with rxk5 as well,
but never got time to go implement it.
-Marcus Watts
___
OpenAFS-info
John Hascall [EMAIL PROTECTED] writes:
Date:Wed, 26 Sep 2007 13:45:12 CDT
To: Marcus Watts [EMAIL PROTECTED]
cc: openafs-info@openafs.org
From:John Hascall [EMAIL PROTECTED]
Subject: Re: [OpenAFS] AES Support ?
Marcus Watts sez:
Jeffrey Altman
John Hascall wrote
John Hascall [EMAIL PROTECTED] writes:
...
Yes, but it's still not clear to me why the different principal
name (afs-k5) is needed -- why a client can't just request an
afs/[EMAIL PROTECTED] ticket (with whatever enctypes come back) and
then construct an rx challenge with (rx_header.security =
your fix in openafs rt. Probably doesn't matter, but odd...
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
at all.
Sincerely,
Jason
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
gets tacked on (and doesn't mean anything) if it just emitted
New or Old release.
Out of curiosity, is there any reason not to run 1.4.4 instead?
1.4.0 is not particularly recent...
-Marcus Watts
___
OpenAFS-info
?
memory corruption problem due to weird software bug
broken compiler
libc or os problem
broken machine, such as bad memory or cpu
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org
?
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Altman
Past current distributions of afs only support des keys.
This may qualify for some lower level of classification,
and means it's unlikely to cause excitement in most public
servants.
- Marcus Watts
___
OpenAFS-info
elsewhere first.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
. If you don't intend to immediately reuse
the ip address, you should do vos changeaddr and then don't
bother preserving sysid.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org
Date:Wed, 27 Jun 2007 16:58:07 EDT
To: Marcus Watts [EMAIL PROTECTED]
cc: openafs-info@openafs.org
From:David Sonenberg [EMAIL PROTECTED]
Subject: RE: [OpenAFS] Offlining of Database server
I do want to retire the old server entirely but I could change the new
server's
(rxk5_clear) and the small bits
of the fileserver cache manager that known about this select rxk5_auth
for rxk5 in place of rxkad_clear for rxkad.
Help, I'm being dragged off to a meeting! Hope this helps...
-Marcus Watts
Date:Tue, 26 Jun 2007 11:18:06 PDT
To: openafs-info@openafs.org
From:Adam Megacz [EMAIL PROTECTED]
Subject: [OpenAFS] Re: Encryption of traffic
Marcus Watts [EMAIL PROTECTED] writes:
A patch for rxk5 is here:
/afs/umich.edu/group/itd/build/mdw/openafs/patches/afs-rxk5
Adam Megacz [EMAIL PROTECTED] writes:
Date:Tue, 26 Jun 2007 14:41:12 PDT
To: openafs-info@openafs.org
From:Adam Megacz [EMAIL PROTECTED]
Subject: [OpenAFS] Re: Vos functions and clones and shadows
Derrick J Brashear [EMAIL PROTECTED] writes:
the problem is it lives in the
Russ Allbery [EMAIL PROTECTED] sent:
Date:Fri, 22 Jun 2007 01:42:29 PDT
To: openafs-info@openafs.org
From:Russ Allbery [EMAIL PROTECTED]
Subject: [OpenAFS] Fwd: Bug#415952: openafs-client: klog fails with an bus
acc
***ess error for password longer then 8 symbols.
Bcc'd
sure there are parts
of the rest of the des library that will need work if sizeof(int) != 4.
But now hardly seems the time to panic over this.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https
.
You may also want to consider how you intend to backup your
actual afs file data. vos dump is at least a start.
Volume data generally has no easy recovery method, although replicated
read-only volumes can be of use for special cases.
-Marcus Watts
volume data problems
(the real data will fail)
target volume problems
(all these tests will work, so presumably something
specific about the original readonly volume will be broken.)
-Marcus Watts
for
Kerberos 5 may appear after. There's a chance the output between may provide
clues as to what went awry.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman
Karen L Eldredge [EMAIL PROTECTED] writes:
Date:Tue, 05 Jun 2007 11:50:24 MDT
To: openafs-info@openafs.org
From:Karen L Eldredge [EMAIL PROTECTED]
Subject: [OpenAFS] bosserver - lwp stack overflow
I'm trying to configure an OpenAFS server on a PPC with SLES 10 installed,
and
, but if you really do have .msi files that
seem to be different, here's a .msi-xml converter that might be interesting
http://msi2xml.sourceforge.net/
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https
anything in SalvageLog?
Does moving the volume to another server change anything?
Does touching a file in the volume change anything?
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https
cached data in meatware.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
logic. Most of
our rename process can be automated, so can be highly reliable with
little chance of things going wrong. Setting a new password involves
meatware and hence extra overhead when things do go wrong.
-Marcus Watts
programs. I suppose you could run bos using k5start.
You'll be sorry if you run ptserver on that machine -- see
recursive service dependency above.
-Marcus Watts
___
OpenAFS-info mailing list
[EMAIL PROTECTED]
https
.
-Marcus Watts
___
OpenAFS-info mailing list
[EMAIL PROTECTED]
https://lists.openafs.org/mailman/listinfo/openafs-info
?
From an application standpoint that would be a very
disappointing answer - it means you can't really have
one error number space anymore.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https
Derrick J Brashear [EMAIL PROTECTED] writes:
From: Derrick J Brashear [EMAIL PROTECTED]
To: Marcus Watts [EMAIL PROTECTED]
Cc: openafs-info openafs-info@openafs.org
Subject: Re: [OpenAFS] com_err hell (WAS: asetkey: failed to set key, code
70354694)
Date: Tue, 10 Apr 2007 15:25:08 -0400
kerberos realms each with local copies of the key of afs,
I could see exceeding this.
It's a shame asetkey can't just print the error message directly.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
Derrick J Brashear [EMAIL PROTECTED] writes:
com_err sucks
Well, more precisely no 2 com_errs are alike
Ok, so there is the whole com_err mess. But openafs has
its own com_err so that shouldn't matter.
...
adogslife-root# ./asetkey add 9 /tmp/afs.foo.kt afs/foo7
adogslife-root#
Jim Rees [EMAIL PROTECTED] writes:
Date: Mon, 9 Apr 2007 14:58:41 -0500
From: Jim Rees [EMAIL PROTECTED]
To: Marcus Watts [EMAIL PROTECTED]
Cc: openafs-info openafs-info@openafs.org
Subject: Re: [OpenAFS] asetkey: failed to set key, code 70354694
Message-ID: [EMAIL PROTECTED]
Marcus Watts
. This is problemmatical also, at least so far as
sharing a common error table list goes.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
.
*Then* we go beat the MIT folks up.
:-)
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
linux machine with debian linux (64-bit userland);
first error comes from MIT kerberos 5 and 2nd error comes from AFS.
Are there people here who really think numeric error codes
are better?
-Marcus Watts
___
OpenAFS-info
is to update
this documentation to reflect whatever we want people to
be doing today. There are also some improvements that can
be made to ptserver ('pts -localauth') that would improve
the install experience (avoiding -noauth).
-Marcus Watts
has changes to make this away, and
1.4.3rc3 has the same improvements, which is why Derrick pointed
you at the latter.
...
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org
, just bound a different way.
For perl pam, I think it would be nice to have options to turn
pthreads on or off, in those packages. That would make it easier to
select the appropriate choice for the local environment.
-Marcus Watts
Jeffrey Hutzelman [EMAIL PROTECTED] writes:
To: Marcus Watts [EMAIL PROTECTED], openafs-info@openafs.org
cc: Jeffrey Hutzelman [EMAIL PROTECTED]
Subject: Re: [OpenAFS] jafs et al
On Tuesday, March 13, 2007 08:07:42 PM -0500 Marcus Watts [EMAIL PROTECTED]
wrote:
user vs kernel mode
From: Peter Somogyi [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Organization: Gamax Kft
To: openafs-info@openafs.org
Subject: Re: [OpenAFS] jafs et al
Date: Mon, 12 Mar 2007 14:43:06 +0100
User-Agent: KMail/1.9.1
Cc: Marcus Watts [EMAIL PROTECTED]
References: [EMAIL PROTECTED]
In-Reply
else in this general area of stuff that
you expect or wish to have, or that I ought to know?
[ Mind you, I'm not going to promise anything, yet. ]
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
store per-process keys or data, perhaps to make this per-thread,
and perhaps to interact with other interesting per-session kernel
semantics.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https
in the lost memory.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Srikanth Bhaskar [EMAIL PROTECTED] writes:
Hi All,
Thank a lot for the wonderful response.
I am able to setup the AFS Server on AIX 5.3 following the documentation.
Now, I have 2 clients, one on Linux and one on Windows. On Linux, I logged
in and get this error. xyz.com cell is listed
/
... and cclausen beat me to saying this.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
configuration.
You could also leave off -cell afs1.ca.com - if you're using
-noauth (or -localauth) with bos, the cell name is not
necessary and can be allowed to default to whatever.
This is why your bos listhosts commands immediately preceeding
work.
-Marcus Watts
Derrick is expecting
you would have used. If you do choose to use -dynroot, you will need
to set up DNS afsdb records which will likely constrain if not dictate
your choice for cell name.
-Marcus Watts
___
OpenAFS-info
Srikanth Bhaskar [EMAIL PROTECTED] writes:
...
I hand-edited the file as you mentioned stopping the bosserver. Even then, I
get the same error. I hand-edited the file in /usr/afs/etc and
/usr/vice/etc/ also.
I was able to go through this point on AIX and Solaris. but on FC3, I am
stuck at
from a password.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Christopher D. Clausen [EMAIL PROTECTED] replied:
Joe Buehler [EMAIL PROTECTED] wrote:
Converting to Kerberos V has been a bit frustrating -- you can't just
follow a recipe, you have to use Google and learn quite a bit about
K5 and AFS to work through it all. I'm still learning.
Well,
Matt had replied to Adam:
Adam,
There is work ongoing to improve the Unix-like clients' locking
support. At the moment, I don't think OpenAFS 1.4 or 1.5 have an easy
way to do (either notion you suggested of ) what you want, but, it was
easy to hack up a patch to do it (the first
to 686
(or visa-versa). This would be wrong however, and won't work at all
if you really do have a pentium I processor. It might get you something
that works however.
-Marcus Watts
___
OpenAFS-info mailing list
the bad packet always failed.
This lead to a perpetual stalemate.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Russ Allbery [EMAIL PROTECTED] sent but probably didn't write:
I am pretty sure it doesnt kill a lot of messy ifdefs, except maybe some
of the threaded code where you can use pthread instead of sun thread
support. IIRC pthread wasn't fully implemented until solaris 8..
but maybe they
here is over about 1400 bytes, it won't
work with afs. There's a trick for that, which other people here
can answer better than I.
...
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https
key-keyvalue.length
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
if the kernel or headers
in question were built in tree or out of tree.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Marcus Watts [EMAIL PROTECTED] writes:
Russ is right this indicates a problem with the kernel build process.
Most likely that's headers, but it could be other stuff.
Unfortunately, config.log most likely won't contain anything of interest.
To get useful stuff in config.log, you'll
Adam Megacz [EMAIL PROTECTED] writes:
To: openafs-info@openafs.org
From: Adam Megacz [EMAIL PROTECTED]
Subject: [OpenAFS] Re: openafs does not put a [correct] value in
fsinfo.f_type?
Date: Sun, 24 Dec 2006 23:59:01 -0800
Marcus Watts [EMAIL PROTECTED] writes:
Yes. So why is AFS
comment there.
This is the sort of question where the best answer would be, to
paraphrase Luke:
Use the Source!
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman
Dale Ghent [EMAIL PROTECTED] writes:
http://elektronkind.org/osol/openafs-solaris-tx-compat.patch
very nice.
Small nit: in afs_setgroups shouln't the declarations for
ngrps i be ifndef AFS_SUN510_ENV ?
-Marcus
. If you've got some way to attach
a kernel debugger once it crashes, there is definitely
more to be learned.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs
ka_UserAuthenticateGeneral twice nearly in a row,
possibly with different but interesting options in terms of from which
process pag the call is made. This might cause interesting timing
windows that might be difficult to duplicate from the command line.
-Marcus Watts
.)
I'll send you more if I learn more.
-Marcus Watts
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
I wrote:
I apparently have just gotten access to a local sun-10/sparc64 box ,
which if it works may give me more knowledge of what's going on.
I've also just downloaded opensolaris.org's onnv, which may
contain kernel source (so far, I've found their site somewhat baffling.)
I'll send you
1 - 100 of 154 matches
Mail list logo