On Mon, 31 Jan 2011, Harald Barth wrote:
I am in charge of several afs servers in our college. Right now
there are 5 afs servers running on 5 SPARC based servers. We are
ditching Solaris since it sucks so bad and are going to move to
Linux VM's running inside of VMware.
Before you do the
On Thu, 24 Feb 2011, Thomas Smith wrote:
Hi,
I am looking for a way to monitor quota usage in order to address quota or
disk space issues before they become problems.
Adding on to Thomas and Andrew's comments, it seems conventional at the
sites I interact with, to have a small volume on
On Thu, 24 Feb 2011, Thomas Kula wrote:
On Thu, Feb 24, 2011 at 07:28:14PM -0500, Benjamin Kaduk wrote:
Adding on to Thomas and Andrew's comments, it seems conventional at
the sites I interact with, to have a small volume on each fileserver
partition that is mounted at
/afs/cellname/service
On Wed, 30 Mar 2011, James Durand wrote:
Who does one contact to request a modification to the OpenAFS distributed
CellServBD file?
http://grand.central.org/csdb.html says mail cellser...@grand.central.org
with the following information:
* Cell Name
* Description
* Contact
On Fri, 22 Apr 2011, Jaap Winius wrote:
Quoting Stephan Wiesand stephan.wies...@desy.de:
this works fine here on EL = 6 (EL6 has gdm-2.30).
Debian squeeze has gdm 2.20. Are you suggesting that I'm dealing with a gdm
bug or a Debian bug?
I always liked it that gdm, unlike other *dm,
On Fri, 17 Jun 2011, omall...@msu.edu wrote:
Quoting Jaap Winius jwin...@umrk.nl:
Quoting Coy Hile coy.h...@coyhile.com:
I have a question about deployment of OpenAFS on VMWare. Assume for
the sake of argument that one has a requirement to deploy OpenAFS on
VMs -- to include deploying his
Hi all,
Setting up a new solaris machine, I've gone and partitioned the disk,
giving about 9GB to the cache partition. But now I need to put a (UFS)
filesystem on it, and I wondered -- should I be tweaking the UFS
parameters for the CM's workload? It seems like the filesystem's
structure
On Mon, 27 Feb 2012, Andrew Deason wrote:
On Fri, 24 Feb 2012 02:51:48 -0800
Ken Elkabany k...@elkabany.com wrote:
Off-email question: If a volume has N read replicas, how do clients
choose which one to use?
By default, it's effectively random. Technically the client also takes
into account
On Thu, 8 Mar 2012, Russ Allbery wrote:
Andrew Deason adea...@sinenomine.net writes:
Secondly, this is easily modifiable by distributions. I think the
closest thing Linux has to a platform like those of commercial unices
(and maybe the BSDs) is a distribution-specific moniker. Just because
On Sat, 28 Apr 2012, Staffan Hämälä wrote:
I'm in the process of upgrading one of our AFS servers to 1.6.1 (we've
only run 1.4 before). I've been looking for information about recommended
I believe we require that all of the *database* servers (not fileservers)
in a cell be running the same
On Tue, 26 Jun 2012, Andrew Deason wrote:
On Tue, 26 Jun 2012 14:29:04 -0700
Tim Gustafson t...@soe.ucsc.edu wrote:
I was able to get past this problem by using FreeBSD's Kerberos
server. I was previously trying to integrate with our MIT Kerberos
server, but that seems to be problematic.
On Tue, 26 Jun 2012, Andrew Deason wrote:
On Tue, 26 Jun 2012 18:34:03 -0400 (EDT)
Benjamin Kaduk ka...@mit.edu wrote:
should be in a /var/lib-like location.
I am told that you will need to use pt_util to initialize a protection
database as part of setting up a server.
This should
On Wed, 27 Jun 2012, Måns Nilsson wrote:
Subject: [OpenAFS] Re: Setting Up OpenAFS on FreeBSD Date: Tue, Jun 26, 2012 at
04:47:10PM -0500 Quoting Andrew Deason (adea...@sinenomine.net):
I'm not sure if I've ever seen someone actually encounter that error
before. Keep in mind it may be
On Wed, 27 Jun 2012, Andrew Deason wrote:
On Wed, 27 Jun 2012 09:46:24 -0700
Tim Gustafson t...@soe.ucsc.edu wrote:
Is there anything in PtLog?
Lots of this:
ptserver: pt 11 (267275)pt 11 (267275)pt 11 (267275)pt 11 (267275)pt
11 (2pt11 (267275) Can't rebuild database because not running
On Wed, 27 Jun 2012, Brandon Allbery wrote:
On Wed, Jun 27, 2012 at 12:50 PM, Tim Gustafson t...@soe.ucsc.edu wrote:
* The FreeBSD platform, having ZFS, is IMNSHO an excellent choice for a
file server.
How far ahead is the client code on FreeBSD?
It works under light load, but I am pretty
On Wed, 27 Jun 2012, Tim Gustafson wrote:
I just sent off a (believed to be final) patch to get 1.6.1 in the freebsd
ports collection this morning; it should hit the ports tree within a day or
two.
That sharball will not work for recent versions of freebsd, as it does not
include the OS support
On Fri, 6 Jul 2012, Jerry McAllister wrote:
On Thu, Jul 05, 2012 at 10:56:19PM -0400, Benjamin Kaduk wrote:
On Wed, 27 Jun 2012, Tim Gustafson wrote:
I just sent off a (believed to be final) patch to get 1.6.1 in the freebsd
ports collection this morning; it should hit the ports tree within
On Thu, 13 Sep 2012, Chaz Chandler wrote:
no objection here, esp. if there's anyone out there with the spare time
for and interest in testing them.
Most distro/OSes have their own packaging system, and it would seem that
life would be easier for such potential testers if they could install a
On Fri, 14 Sep 2012, Ken Dreyer wrote:
On Fri, Sep 14, 2012 at 9:04 AM, Benjamin Kaduk ka...@mit.edu wrote:
On Thu, 13 Sep 2012, Chaz Chandler wrote:
Also, there is a question of what version number to put on snapshots so that
they will sort properly between real releases.
Ordinarily git
On Fri, 5 Oct 2012, Jim Green wrote:
Here at Michigan State, I'm leading a project to upgrade our MIT Kerberos
system from 1.6.3 to 1.10.x. One thing we've discovered in our research is,
in order for AFS to work, we need to turn on support for single DES in our
Kerberos KDC.
Short of either
On Fri, 5 Oct 2012, Booker Bense wrote:
On Fri, Oct 5, 2012 at 11:23 AM, Benjamin Kaduk ka...@mit.edu wrote:
You can limit your exposure by having the afs/cell@realm principal be the
only principal in the database with a single DES key. The default_enctypes
do not need to include single-DES
Sorry for the delay; I forgot this was in my 'drafts' folder, still.
On Mon, 8 Oct 2012, Booker Bense wrote:
On Mon, Oct 8, 2012 at 10:05 AM, Jim Green jfgr...@msu.edu wrote:
Thanks for the responses, this is very helpful. One question: are you
saying that if our existing user principals
Dear all,
I wanted to give a heads-up that MIT has funded me to work on implementing
rxgk for OpenAFS. MIT is committed to AFS as part of our basic
infrastructure, and we recognize that the current DES-based security class
in OpenAFS is aging rapidly. Implementing the new GSSAPI-based rxgk
Jeff,
On Tue, 23 Oct 2012, Jeffrey Altman wrote:
Those of us with extensive IETF Security Area experience value the
benefit of standards review performed via independent implementation.
Your File System Inc. completed our implementation of rxgk along with
all of the supporting infrastructure
On Wed, 7 Nov 2012, Dirk Heinrichs wrote:
Am Mittwoch 07 November 2012, 09:02:44 schrieb Marc Dionne:
In my (limited) experience with memcache, it doesn't behave very well
if the system is memory contrained and is under pressure.
Hmm, I wouldn't call a system with 4G memory and not much
On Wed, 12 Dec 2012, Andrew Deason wrote:
On Wed, 12 Dec 2012 15:44:29 +0100
Michal Švamberg svamb...@gmail.com wrote:
Is there some reasonable advice, how to separate virtual web
servers on AFS from each others?
In addition to what Stanford does, MIT does (or used to do) something
somewhat
Replying to a rather old mail to note new developments...
On Fri, 5 Oct 2012, Benjamin Kaduk wrote:
On Fri, 5 Oct 2012, Booker Bense wrote:
On Fri, Oct 5, 2012 at 11:23 AM, Benjamin Kaduk ka...@mit.edu wrote:
You can limit your exposure by having the afs/cell@realm principal be the
only
On Fri, 15 Feb 2013, Roman Mitz wrote:
I hope you find these descriptions helpful and get a good idea of what
we have been dealing with and what has been accomplished. The Creation
Committee continues to work diligently and in a most cooperative spirit,
and we look forward to completing next
On Thu, 7 Mar 2013, Ted Creedon wrote:
OpenSuSE 12.3 RC2 kernel 3.7.10-1.1
./configure --enable-transarc-paths --enable-namei-fileserver \
--with-linux-kernel-headers=/usr/src/linux --enable-supergroups \
--enable-bitmap-later
compile_et.o: In function `main':
compile_et.c:(.text+0x6ea):
On Wed, 13 Mar 2013, Andrew Deason wrote:
On Wed, 13 Mar 2013 14:47:09 +0100
Mark Huijgen m...@nl.simpc.com wrote:
I was wondering if DAFS fileservers are supported on FreeBSD 9?
It's supported in the sense that we'll try to fix bugs, and as far as
I know it's not completely broken.
On Sat, 11 May 2013, Anders Lennartsson wrote:
What enctypes are actually supported by OpenAFS 1.6.1?
I recently upgraded from 1.4 to 1.6.1 (in Debian Wheezy) by a new
install. There are several computers: a Heimdal 1.6 kdc, a 1.6.1 afs
service, and some Linux and Windows 7 clients.
An afs
On Fri, 24 May 2013, Dave Cottlehuber wrote:
I'm now on debian wheezy, with assorted macs and windows boxes about,
and wondered if there are any good guides to getting started both with
openafs especially with heimdal again - I assume it's still the
preferred krb server? Stuff I've found so
On Mon, 17 Jun 2013, Victor Marmol wrote:
afs-newcell fails when it tries to contact bos. The BosLog says:
I seem to recall that that is a debian-specific script, which not everyone
would be familiar with.
From the little I found online there were some references to a NetInfo
file, but I
On Tue, 25 Jun 2013, J wrote:
Hi.
Wondering if someone can help me with changing the default token lifetime of an
identity, or the default for all identities.
I read on the OpenAFS site that the default afs entry is 100 hours, the default
krbtgt.cellname entry is 720 hours (30 days), and
On Wed, 26 Jun 2013, Andrew Deason wrote:
I do question the value of having the Admin Guide on the website at all,
if my understanding above is correct... I'm not sure how much
information vs misinformation is tends to provide.
I do agree that large swathes of it are useless or actively
On Wed, 24 Jul 2013, Douglas E. Engert wrote:
Question: Once the 1.6.5 binaries are in place, and the servers
start using the rxkad.keytab, will the server still accept
existing DES based tokens that use keys and kvno that
are only in the KeyFile?
Yes. In fact, the code path for tokens using
On Wed, 24 Jul 2013, Douglas E. Engert wrote:
On 7/24/2013 11:10 AM, Benjamin Kaduk wrote:
On Wed, 24 Jul 2013, Douglas E. Engert wrote:
Question: Once the 1.6.5 binaries are in place, and the servers
start using the rxkad.keytab, will the server still accept
existing DES based tokens
On Thu, 25 Jul 2013, Andrew Deason wrote:
On Thu, 25 Jul 2013 10:57:33 +0200
Lars Schimmer l.schim...@cgv.tugraz.at wrote:
Maybe I am not the best reader, but if I do use a win AD as a krb5
auth service and I did not change anything with my keyfiles and
everything, should OpenAFS 1.7.26 on
On Thu, 25 Jul 2013, Andrew Deason wrote:
On Thu, 25 Jul 2013 11:36:52 -0400 (EDT)
Benjamin Kaduk ka...@mit.edu wrote:
The short version is: a misconfigured KDC can cause problems for new
clients against old servers.
If that's true, we need to say specifically what that misconfiguration
I think jhutz has covered most of the points already, but:
On Thu, 25 Jul 2013, Andrew Deason wrote:
On Thu, 25 Jul 2013 11:36:52 -0400 (EDT)
Benjamin Kaduk ka...@mit.edu wrote:
and in the absence of other information, the KDC should not assume
that a service supports an enctype for which
On Thu, 25 Jul 2013, Sergio Gelato wrote:
I've been poking a bit into this. First of all, let's make sure I don't
misunderstand your expectation here: do you want the KDC to be willing to
issue a ticket with a des-cbc-crc session key (as requested by old aklog)
even though the afs service
On Thu, 25 Jul 2013, step...@physics.unc.edu wrote:
In going over the re-keying document, a few more questions popped into my
mind that weren't clear from my reading of the document.
In the Basic procedure for MIT, it mentions ensuring that DES should not be
one of the encryption types in
On Thu, 25 Jul 2013, Benjamin Kaduk wrote:
There's another MIT-specific reason to not include a DES key in the
rxkad.keytab, namely that the MIT KDC does not set requires_preauth on new
principals by default. This means that if there's a DES key in the KDB, an
unauthenticated attacker can
On Fri, 26 Jul 2013, Andrew Deason wrote:
On Thu, 25 Jul 2013 19:12:54 -0400 (EDT)
Benjamin Kaduk ka...@mit.edu wrote:
In going over the re-keying document, a few more questions popped
into my mind that weren't clear from my reading of the document.
In the Basic procedure for MIT
On Sat, 27 Jul 2013, Jeffrey Altman wrote:
On 7/27/2013 7:53 AM, Lars Schimmer wrote:
BUT on my laptop I get now this error:
PS C:\Program Files (x86)\MIT\Kerberos\bin kinit lschimmer
Password for lschim...@cgv.tugraz.at:
kinit.exe(v5): Ccache function not supported: read-only ccache type
On Tue, 30 Jul 2013, Jaap Winius wrote:
Hi folks,
Could someone please remind me how to remove stuff from the /afs directory? I
recently discovered an empty directory there, called:
/afs/.:mount
Obviously it was created there by accident, probably by me. However, when I
try to remove it I
On Tue, 30 Jul 2013, Jeffrey Altman wrote:
This is an incorrect description. The explicit problem occurs when the
following combination is true:
1. user has one or more strong enctype keys with non-default
password salts
2. the only keys with default password salts are weak enctypes
3.
Andrew is spot-on, just two minor clarifications (inline)
On Tue, 30 Jul 2013, Andrew Deason wrote:
On Tue, 30 Jul 2013 14:39:56 -0400
John Sopko so...@cs.unc.edu wrote:
Where is the session key for the afs/cell@REALM service principal
derived from?
Session keys aren't usually derived from
On Sun, 1 Sep 2013, Gémes Géza wrote:
Hi,
I've decided to start a project for building a swig based python interface
for afs commands/functions. The advantage is that a swig interface can be
further used for creating interfaces for other languages. Currently I know
about only one limited
On Mon, 2 Sep 2013, shuaijie wang wrote:
In linux man page, I found that there are a bunch of krb-wrapped afs
functions, like:
*k_hasafs*, *k_pioctl*, *k_unlog*, *k_setpag*, *k_afs_cell_of_file*, *
krb_afslog*, *krb_afslog_uid
*
But after I've installed openafs, I only found k_hasafs,
On Thu, 12 Sep 2013, Andrew Deason wrote:
While I was aware this was at least a theoretical possibility, I could
not remember any actual systems you can run an openafs server on that
supported non-des krb that didn't support all of the common enctypes
(aes256, aes128, des3, and rc4). If that's
On Mon, 23 Sep 2013, Russ Allbery wrote:
Andrew Deason adea...@sinenomine.net writes:
Either way, sure, makes sense to me. But the people that actually use
those commands really do need to say something, even if it's just yes,
sounds good.
Yes, indeed.
We use the backup suite here at
I was out sick yesterday, sorry I missed all the excitement.
On Mon, 23 Sep 2013, Andrew Deason wrote:
On Mon, 23 Sep 2013 09:08:35 +0300 (EEST)
Jukka Tuominen jukka.tuomi...@finndesign.fi wrote:
For Kerberos, if you're using about MIT or Heimdal, this may be
difficult, since usually the
On Thu, 3 Oct 2013, Jean-Marc Choulet wrote:
Hello,
We want to upgrade openafs-fileserver to squeeze-backports and we get this
errors :
LANG=C apt-get -t squeeze-backports install openafs-client
Sorry, are you upgrading the fileserver package or the client package?
The subject and body
On Thu, 3 Oct 2013, Jean-Marc Choulet wrote:
Le 03/10/2013 17:28, Benjamin Kaduk a écrit :
On Thu, 3 Oct 2013, Jean-Marc Choulet wrote:
Hello,
We want to upgrade openafs-fileserver to squeeze-backports and we get this
errors :
LANG=C apt-get -t squeeze-backports install openafs-client
On Thu, 28 Nov 2013, dorian taylor wrote:
Hello List,
I'm trying to diagnose a persistent problem since I upgraded an old
Mac from 10.5 to 10.6 and installed the latest OpenAFS.
The exact number will be much more ueseful than just saying the latest
OpenAFS.
Essentially what happens is
On Wed, 11 Dec 2013, Jose Manuel dos Santos Calhariz wrote:
Is anyone using OpenAFS with the future Linux kernel 3.13?
I need to use kernel 3.13.0-rc1 and 3.13.0-rc2 with OpenAFS for a OpenAFS
fileserver, but I get compile errors:
(...)
CC [M]
On Tue, 14 Jan 2014, Craig Huckabee wrote:
I'm in the process of converting our small cell over to rxkad-k5 and
eliminating DES but have hit a snag.
We have a library of utility functions based on old code from aklog and
gssklogd that give certain trusted applications the ability to
Hi Peter,
On Thu, 23 Jan 2014, Peter Grandi wrote:
I was reviewing in great detail the 'rxkad-{k5,kdf}' upgrade
instructions and in particular the rekeying HOWTO:
http://www.openafs.org/pages/security/how-to-rekey.txt
I wrote the majority of both this document and the 'retiring des'
Sorry for the delayed response. It looks like Jeffrey's and Andrew's
responses should have addressed the major issues.
It would also be a little easier for me if the attribution of who wrote
the quoted text was retained.
On Thu, 23 Jan 2014, Peter Grandi wrote:
** Crucial details for
On Fri, 14 Feb 2014, Ken Dreyer wrote:
On Thu, Feb 13, 2014 at 8:59 PM, fork forkandw...@gmail.com wrote:
I figure I would
install Kerberos and OpenAFS, but I am hoping to avoid BIND if I can. I
thought I would install the Kerberos key server on the same machine as
OpenAFS, since it is a toy
On Fri, 14 Mar 2014, Brandon Allbery wrote:
On Fri, 2014-03-14 at 13:39 -0400, Timothy Balcer wrote:
I realize I can delete and add back the replica, and retry the
release, however I am concerned about the error. How is it that an
authentication can expire when the client is automatically
Hi Frederick,
On Mon, 24 Mar 2014, Frederick Luehring wrote:
Hi Everyone,
I am running Mac Mavericks version 10.9.2. Over the December holiday break,
I was able to build and install OpenAFS 1.6.5.2 so AFS was working on
Mavericks. Since then I installed 1.6.6 from the
On Wed, 9 Apr 2014, Andrew Deason wrote:
On Wed, 09 Apr 2014 10:47:39 -0400
Jeff Blaine jbla...@kickflop.net wrote:
First, thank you very much for those who donate time and/or resources to
provide builds of OpenAFS.
How does one determine how these packages were built? What configure
args?
I think we had to change this code when bringing up the Mavericks
buildslave. (http://gerrit.openafs.org/#change,10731)
So, it should be fixed for the next release already; the only question is
whether there would be security implications.
-Ben
On Mon, 21 Apr 2014, D Brashear wrote:
data
On Wed, 7 May 2014, Dave B. wrote:
One of our main thoughts is that the version numbers should be indicative of
client/server compatibility.
clients and servers communicate via the AFS-3 network protocol; new
features (RPCs) are added to that protocol in a backwards-compatible
manner. The
On Tue, 27 May 2014, Stephen Joyce wrote:
Hello,
I have a server which runs several scripts with AFS tokens. These scripts
often manipulate PTS users and groups and less-often perform volume
operations.
For the past ~week, I occasionally see in the output the following message.
rx failed
Hi all,
When wiki.openafs.org (along with git.openafs.org and gerrit.openafs.org)
was migrated to new server hardware, the ability to edit the wiki over the
web was disabled, due to the unavailability of some perl modules on the
new system. Thanks to the packaging efforts of Ken Dreyer, we
On Wed, 2 Jul 2014, Jean-Marc Choulet wrote:
Hello,
Is it possible to change my cell key on all my afs servers. I made a mistake.
I changed the key value with ktadd without -norandkey
Now, I have problem with my AFS filesystem :
root@afs1:~# LANG=C ls /afs//users/bjaille2/
ls: cannot
On Wed, 2 Jul 2014, Jean-Marc Choulet wrote:
We use OpenAFS 1.6.1 on our servers (Debian Wheezy). I think it is not
possible to use rxkad-k5 and rxkad-kdf extensions ?
openafs 1.6.1-3+deb7u1 in wheezy-security received the patches for
OPENAFS-SA-2013-003, which allow the use of rxkad-k5 and
On Thu, 3 Jul 2014, Andrew Deason wrote:
be in the rxkad.keytab/KeyFile files on your servers. If I recall
correctly, if you're using the single-DES KeyFile, those two principals
need to be using different kvnos, but I don't think there's any such
restriction when using rxkad.keytab.
That is
On Fri, 4 Jul 2014, Jean-Marc Choulet wrote:
That works fine if I use :
# /sbin/afsd -verbose
... but not with /etc/init.d/openafs-client
Le 04/07/2014 22:48, Jean-Marc Choulet a écrit :
Hello,
I have a problem when I try to start afsd :
root@afs-db01:~# /etc/init.d/openafs-client start
[Sorry for delayed response; I was travelling.]
On Thu, 26 Jun 2014, Andrew Deason wrote:
The *BSDs have their ports, and we are using that for FreeBSD. I'm
honestly not sure why we are not relying on that for binaries.
We can get somewhat faster availability of binaries by providing our
On Mon, 21 Jul 2014, Jaap Winius wrote:
Hi folks,
After setting up Kerberos cross-realm access and then creating a
system:authuser@MY_REALM group in a foreign cell, it seems that basic rl
access to the cell's contents is only possible after that group is given rl
access to every single
On Mon, 21 Jul 2014, Andrew Deason wrote:
On Mon, 21 Jul 2014 16:16:50 +0200
Jaap Winius jwin...@umrk.nl wrote:
Is there an easy way around this, like something equivalent to making
system:authuser@MY_REALM a member of system:authuser?
No, but you might add system:authuser and
On Thu, 31 Jul 2014, Martin Richter wrote:
Hello,
since I wasn't able to find out now is there any official stantement whether
or when more secure kerberos tickets (like AES) will be supported?
DES isn't the best choice and anything I've found was dated back years ago.
Thanks in advance for
On Thu, 31 Jul 2014, Jeffrey Altman wrote:
On 7/31/2014 10:18 AM, Brandon Allbery wrote:
On Thu, 2014-07-31 at 16:12 +0200, Martin Richter wrote:
So this means that client caching can't be used anymore after DES has
been removed from the KDC?
No; rxkad-kdf derives a DES key from a stronger
On Thu, 31 Jul 2014, Brandon Allbery wrote:
For what it's worth, I am seeing more people move to (or start with)
NFSv4 and then run into the restrictions imposed by rpc.gssd and become
frustrated. This seems to be educational as to why OpenAFS uses tokens.
I find it interesting that we are
On Thu, 31 Jul 2014, Andrew Deason wrote:
To me, this represents a big dificulty for a project as cross-platform
as OpenAFS; it would probably require dedicated effort per-platform,
so we would likely end up in a fragmented state for some (long) period
of time.
Any discussion about
On Fri, 1 Aug 2014, Troy Benjegerdes wrote:
The problem with AFS seems to be everyone who knows you need to 'kinit ; aklog'
and it's been so long we have all forgotten the experience of what it was like
before we realized this.
Hmm, it is interesting that we don't seem to have heard from any
On Tue, 5 Aug 2014, Brandon Allbery wrote:
On Tue, 2014-08-05 at 09:34 -0500, Douglas E Engert wrote:
A side question is can AFS use some other authentication
method other then Kerberos?
Not yet. This is one of the things rxgk is supposed to address; we can
then use any GSSAPI-provided
On Mon, 25 Aug 2014, GALAMBOS Daniel wrote:
Hi,
Under debian 7 bos removeuser causes the bosserver to abort with
coredump. The cause is realpath requires that resolved_path is either
to be NULL or be more-or-equal to PATH_MAX, but both could have
portability problems according to the man
I have a vague recollection that the AFS perl modules only worked with
openafs 1.4, but have nothing to support that at hand.
Maybe someone else has a better memory than me...
-Ben
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
On Fri, 12 Sep 2014, D'Amato, Tony wrote:
We're currently running our OpenAFS 1.4 cell on a single set of servers.
We're preparing to migrate file services from those machines onto a new
set of machines, then later migrate the database services to a different
set of machines.
Since these
On Wed, 17 Sep 2014, Eric Shell wrote:
I tried to install security/heimdal port but it appears to have a conflict
with the net/openafs port in FreeBSD 10.0:
=== Registering installation for heimdal-1.5.2_16
pkg-static: heimdal-1.5.2_16 conflicts with openafs-1.6.7.20130128
(installs
On Wed, 17 Sep 2014, Benjamin Kaduk wrote:
On Wed, 17 Sep 2014, Eric Shell wrote:
I tried to install security/heimdal port but it appears to have a conflict
with the net/openafs port in FreeBSD 10.0:
=== Registering installation for heimdal-1.5.2_16
pkg-static: heimdal-1.5.2_16
On Fri, 26 Sep 2014, Jaap Winius wrote:
On 26/09/14 19:34, Brandon Allbery wrote:
This is because, if you specify a command, it runs that command and
then cleans up and exits. It's specifically intended to run a
long-running command or daemon while maintaining Kerberos tickets
and
On Fri, 26 Sep 2014, Jaap Winius wrote:
Quoting Benjamin Kaduk ka...@mit.edu:
Passing -t tells k5start to literally run 'aklog' (unless AKLOG is set in
the environment), not /path/to/long-running-command, when it gets tickets.
Well, that's all I want it to do, in addition to keeping
On Fri, 26 Sep 2014, Jaap Winius wrote:
Quoting Benjamin Kaduk ka...@mit.edu:
The k5start mindset is to avoid having to have a separate periodic process
that prepares tickets/tokens for some independent process to consume --
instead, the process consuming the tickets/tokens is a child
On Tue, 30 Sep 2014, Dan Van Der Ster wrote:
Hi all,
Today when I attempt to create an IP user I get a DB inconsistent error:
# pts createuser 188.184.140.136
pts: database is inconsistent ; unable to create user 188.184.140.136
Then I noticed that our max user id is currently 2^31-1:
#
On Tue, 30 Sep 2014, Eric Shell wrote:
That seems a little odd; is it only ptserver that fails? Try these, to
check each individual server:
bosserver: bos status server -localauth
vlserver: vos listaddrs -noresolv -localauth
ptserver: pts listmax -localauth
buserver: backup
On Wed, 1 Oct 2014, Eric Shell wrote:
So, it seems like no authentication is working yet. If I remember
correctly from previous mail, your cell name is the same as your realm
name, so you shouldn't need a krb.conf to make that mapping (that's a
common cause for this sort of behavior).
On Mon, 20 Oct 2014, Mattias Pantzare wrote:
I have tried to compile 1.6.10 on OS X 10.10.
The first problem is that it will not compile with xcode 5 or 6. I have not
checked if there is a way to change the compiler to gcc on xcode 6, so it
might be possible (the command gcc starts c-lang).
On Wed, 22 Oct 2014, Jan Pospíšil wrote:
Is there a way one can force the default kerberos in Yosemite to
allow-weak-crypto? Or do I have to install for example the MIT or Heimdal
kerboeros separately as a workaround before our keys will be upgraded to a
different encryption type (may take
On Thu, 23 Oct 2014, Garrett Wollman wrote:
Official FreeBSD packages are built from the ports collection on a
weekly basis, but the OpenAFS port cannot be built because the FreeBSD
package builders do not have the necessary kernel compile tree
available. It might be possible to make this
On Mon, 20 Oct 2014, Dave Botsch wrote:
I can request it on our account, but I need a *clear* explanation, for
Apple, of ... what your kernel extension does and why your customers
are required to install it.
If someone who knows the internals better than I can provide this text,
that'd be
On Thu, 30 Oct 2014, Harald Barth wrote:
I just mention this because I don't think there's any way to avoid this
one. Other userspace clients will not notice because they are
short-lived processes, but anything that's long running, we don't have a
way to notify of CellServDB changes.
(Replying to this old thread, which was Re: [OpenAFS] Re: HP-UX support)
On Mon, 3 Feb 2014, Andrew Deason wrote:
On Mon, 3 Feb 2014 14:32:59 -0500
chas williams - CONTRACTOR c...@cmf.nrl.navy.mil wrote:
On this note, as of 2013 December, IRIX is no longer a supported
product. Can IRIX
On Mon, 3 Nov 2014, Andrew Deason wrote:
On Mon, 3 Nov 2014 19:17:33 -0500 (EST)
Benjamin Kaduk ka...@mit.edu wrote:
I don't mind keeping the IRIX code around while we have a buildbot
running for it, but I do wonder if we can start trimming IRIX-specific
bits from our documentation
On Thu, 6 Nov 2014, chas williams - CONTRACTOR wrote:
On Thu, 06 Nov 2014 13:56:56 +0100
Volkmar Glauche volkmar.glau...@uniklinik-freiburg.de wrote:
strace of a starting server process shows that the old KeyFile and the
rxkad.keytab file are read. The segfault occurs right after closing
1 - 100 of 373 matches
Mail list logo