* Coy Hile [2005-10-27 12:19:30 -0700]:
On Thu, 27 Oct 2005, E. Chris Garrison wrote:
Thanks for the suggestions, Coy.
It doesn't complain about any of those, but the afsd processes are
still running and 'modinfo' still shows the module.
I've seen the same thing here on my systems.
we have a strange problem with afsd on our Windows 2003-Terminalservers.
I guess it isn't a bug but maybe we have overseen something.
We run several Windows 2003-Terminalservers with Citrix for a pool with 120
Thin-Clients.
Home-directories (and profiles) are in AFS-Land and are accessed via
chas williams - CONTRACTOR wrote:
its in the head and the openafs-stable-1_4_x branch.
Great! I'm using 1.4.x.
In that case, is there any documentation regarding how big a
cache is supported and what to set the various afsd parameters
to? I lack understanding of the cache data structures and
W. Aufsattler wrote:
we have a strange problem with afsd on our Windows 2003-Terminalservers.
I guess it isn't a bug but maybe we have overseen something.
We run several Windows 2003-Terminalservers with Citrix for a pool with
120 Thin-Clients.
Home-directories (and profiles) are in
On Fri, 28 Oct 2005, Sergio Gelato wrote:
One caveat though is that if things are trying to access files in AFS on
the client while you shutdown the client, the afsd processes won't die.
Precisely. Having recently tried to upgrade OpenAFS on a Solaris 8
test system via the modunload route, I
In message [EMAIL PROTECTED],Joe Buehler writes:
In that case, is there any documentation regarding how big a
cache is supported and what to set the various afsd parameters
to? I lack understanding of the cache data structures and
what chunksize is etc.
i believe everything is counted in blocks,
* Derrick J Brashear [2005-10-28 08:51:46 -0400]:
On Fri, 28 Oct 2005, Sergio Gelato wrote:
Precisely. Having recently tried to upgrade OpenAFS on a Solaris 8
test system via the modunload route, I can say that if AFS is in active
use there is a good chance of the modunload approach triggering
The default afsd options (for AIX machines at least) end up
producing a /afs directory that is mode 777. This causes
sshd to refuse to use public key files stored in .ssh
directories somewhere under /afs.
Adding -afsdb -dynroot -fakestat causes the mode to change
to 755, which works properly. I
The default afsd options (for AIX machines at least) end up
producing a /afs directory that is mode 777. This causes
sshd to refuse to use public key files stored in .ssh
directories somewhere under /afs.
You need StrictModes no in sshd_config.
My question is, where does the mode 777
Thus spake Joe Buehler ([EMAIL PROTECTED]):
My question is, where does the mode 777 come from?
Well, who created the directory?
Is there any real reason for it to be 777 given that it's the AFS
mount point? Wouldn't 755 be a better mode?
[10:38] [EMAIL PROTECTED]:~ $ ls -dl /afs
drwxr-xr-x
On 10/28/05, Joe Buehler [EMAIL PROTECTED] wrote:
The default afsd options (for AIX machines at least) end up
producing a /afs directory that is mode 777. This causes
sshd to refuse to use public key files stored in .ssh
directories somewhere under /afs.
Something of importance, is putting
Jim Rees wrote:
You need StrictModes no in sshd_config.
This seems like a bad idea for security reasons...
As far as I know, there is nothing special about the mode on /afs. You
could probably have your admin chmod it.
Can't do that -- EROFS
--
Joe Buehler
Thus spake Joe Buehler ([EMAIL PROTECTED]):
Jim Rees wrote:
You need StrictModes no in sshd_config.
This seems like a bad idea for security reasons...
Well ... erm ... since afs doesn't care about these permissions anyhow
you're talking about the security-by-obscurity concept, without even
Hendrik Hoeth wrote:
[10:38] [EMAIL PROTECTED]:~ $ ls -dl /afs
drwxr-xr-x 2 root root 4096 Nov 9 2004 /afs
[10:38] [EMAIL PROTECTED]:~ $
Works for me ... ;-)
What are your afsd options and what OS is this? Some
OS's are fine -- AIX 5.2 isn't, in our case.
--
Joe Buehler
[EMAIL PROTECTED] wrote:
Something of importance, is putting sensitive information like ssh
private keys and PGP keys, etc in AFS is a bad idea unless you have
encryption in there someplace. Same is true for any network based
filesystem.
Yes -- the private keys are encrypted and the
I'd like to announce the first release of an AFS ACL extension for
Gnome's file manager Nautilus. The ACL editor will turn up as a tab in
the properties dialog of a directory in AFS.
Kvibille 0.1 can be found through various means:
/afs/nada.kth.se/misc/hacks/ftp/kvibille/kvibille-0.1.tar.bz2
Jim Rees wrote:
You need StrictModes no in sshd_config.
This seems like a bad idea for security reasons...
Why?
Not everyone on the machine has his .ssh under /afs.
--
Joe Buehler
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
[EMAIL PROTECTED] wrote:
On 10/28/05, Joe Buehler [EMAIL PROTECTED] wrote:
Something of importance, is putting sensitive information like ssh
private keys and PGP keys, etc in AFS is a bad idea unless you have
encryption in there someplace. Same is true for any network based
filesystem.
It would be a Good Thing if encryption were a per directory thing like
an ACL, enforced by the server, so you could make sure your sensitive
information was never passed in the clear. I have no idea how hard it
would be to implement an encrypted directory flag, but I suspect it
would mean
Todd M. Lewis wrote:
Unfortunately, the only available someplace to turn on encryption is
on the client. Turning on encryption on a client encrypts all traffic
bound to that client (most of it unnecessarily). Yet the same data
passes in the clear if another client accesses it.
It would be
On 10/27/05, aK [EMAIL PROTECTED] wrote:
any links do you know where I can get a doc on how to setup a afs server on
Panther?
To my knowledge there is no Panther specific AFS documentation at this time.
___
OpenAFS-info mailing list
AFS administrators attending the LISA 2005 conference in San Diego are
invited to participate in a one-day AFS workshop. The workshop will
be held on Tuesday, December 6; the LISA conference is December 7-9.
The AFS workshop at LISA is designed for experienced AFS
administrators to share
Hello,
We have a large user base for AFS, some of whom are using the last version of
the Transarc client. We'd like to migrate all of them to OpenAFS if possible. My
two main questions at this point are:
* Is it possible to do a clean uninstall of the Transarc client without having
to
Nancy:
Both the MSI and EXE installers distributed from openafs.org are
designed to upgrade previous IBM AFS clients. Of course, it is
preferable to perform a clean uninstall of IBM AFS first. Performing
an uninstall via Add/Remove Programs of the IBM AFS client should
be successful unless it
24 matches
Mail list logo