RE: [OpenAFS] ad+openafs

2016-05-03 Thread Benjamin Kaduk
1.6.14 doesn't need to have single-DES enabled; we shouldn't be recommending it. The rxkad.keytab method should work fine with AES keys. -Ben On Tue, 3 May 2016, Brandon Allbery wrote: > -1765328370 is KRB5KDC_ERR_ETYPE_NOSUPP. This often means that DES is > disabled somewhere. Note that the

Re: [OpenAFS] ad+openafs

2016-05-03 Thread Dirk Heinrichs
Am 03.05.2016 um 10:39 schrieb zhaoxy...@ustc.edu.cn: > 2 install ad on windows 2008 r2 If you don't already have AD and or Windows, yet, you can also use Linux/Samba. Bye... Dirk -- Dirk Heinrichs GPG Public Key CB614542 | Jabber: dirk.heinri...@altum.de Tox:

Re: [OpenAFS] AFS in the age of the wild west internet

2016-05-03 Thread Jan Iven
On 03/04/2016 04:04 PM, Steve Gaarder wrote: While I really like the concept of AFS as a world-wide filesystem, I'm starting to wonder if it's a good idea in the modern age of cyberattacks. How safe is it to leave AFS open to the world? Some of the data we store in AFS does not need to be

RE: [OpenAFS] AFS in the age of the wild west internet

2016-05-03 Thread Brandon Allbery
fs sa /path/to/whatever system:anyuser none -Original Message- From: openafs-info-ad...@openafs.org [mailto:openafs-info-ad...@openafs.org] On Behalf Of Steve Gaarder Sent: Friday, March 4, 2016 10:05 AM To: openafs-info@openafs.org Subject: [OpenAFS] AFS in the age of the wild west

RE: [OpenAFS] ad+openafs

2016-05-03 Thread Brandon Allbery
-1765328370 is KRB5KDC_ERR_ETYPE_NOSUPP. This often means that DES is disabled somewhere. Note that the client library *also* needs DES enabled; you might need to add to the [libdefaults] section of /etc/krb5.conf on the RH system, allow_weak_crypto = true From:

[OpenAFS] /var/cache/openafs on btrfs

2016-05-03 Thread Fred Drueck
Hello Everyone, According to the OpenAFS admin FAQ, it appears that the officially supported file systems for the disk cache are: ext2 ext3 hfs (HP-UX) xfs (at least on IRIX 6.5) ufs (Solaris, ?Tru64Unix) which is clearly out of date, since there is a working implementation for OS X that runs

[OpenAFS] Talk slides from 2009 BPW appear unavailable?

2016-05-03 Thread Ben Rosser
Hello, As per some brief discussion on IRC, it looks like slides of talks given during the 2009 Best Practices Workshop appear unavailable. For instance, the following both result in an Error 500 for me: * http://workshop.openafs.org/afsbpw09/talks/thu_2/kafs.pdf *

[OpenAFS] ad+openafs

2016-05-03 Thread zhaoxy299
hi i install openafs1.6.14 on redhat 6.7 and i want to use the ad as krb5 auth . here is my steps: 1 install openafs1.6.14 on redhat6.7 2 install ad on windows 2008 r2 3 ktpass -princ afs/cellname@ADDOMAINNAME -mapuser afscell@ADDOMAINNAME \ -mapOp add -out afs-keytab +rndPass -crypto

[OpenAFS] Re: Keeping PTS in sync with LDAP

2016-05-03 Thread Kai-Martin Knaak
Stephen Joyce email.unc.edu> writes: > I wrote a collection of scripts that > scrape my campus's LDAP directory to keep PTS in sync with it. Generally > querying LDAP and: > > - discovering new users and creating PTS entries. > - discovering former users and initiating grace period

[OpenAFS] Request for Assistance with OpenAFS

2016-05-03 Thread Nicolas Melot
Hi, I'm trying to setup and use openafs for mobile nodes, not always having a connection to the openAFS server. I would like to use the openAFS caching mechanism as an offline disk that synchronizes everything once online again. I installed an openAFS 1.6.9 server and client, together with

[OpenAFS] AFS in the age of the wild west internet

2016-05-03 Thread Steve Gaarder
While I really like the concept of AFS as a world-wide filesystem, I'm starting to wonder if it's a good idea in the modern age of cyberattacks. How safe is it to leave AFS open to the world? Some of the data we store in AFS does not need to be accessed from outside of our network; is there a