Re: [OpenAFS] Changing host- and domainname

What files are present in /etc/openafs/server and what are the contents of CellServDB in that directory? > On Jan 20, 2024, at 4:01 PM, Sebix wrote: > > On 1/20/24 21:58, Jeffrey E Altman wrote: >>> On 1/20/2024 3:49 PM, Sebix wrote: >>> Hi, >>> On 1/20/24 21:46, Jeffrey E Altman wrote:

Re: [OpenAFS-devel] Re: [OpenAFS] 2020 AFS Technologies Workshop Cancelled.. kafs update

On 4/6/2020 8:59 AM, David Howells wrote: > Giovanni Bracco wrote: >> My feeling is that to put it really in production the main missing points >> are: >> >> 1) pam module > > Yep. But the systemd folks are doing their best to make this tricky, I > believe... When "systemd --user" services

Re: [OpenAFS] Borderline offtopic: OpenAFS as ~ for Samba AD?

entity aliasing to the protection service. The protocol extensions to do so were standardized nine years ago but no implementation was ever developed for OpenAFS. I believe in your scenario, treating both realms as local is sufficient. Jeffrey Altman smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Limit on number of servers?

mit write transactions to succeed when one of the servers is shutdown or becomes unreachable. For AuriStorFS the maximum UBIK server limit and maximum number of vlservers that can be specified in a cell configuration is 80. There are no performance restrictions that limit their use. Jeffr

[OpenAFS] Re: [OpenAFS-devel] July? Re: Proposal for AFS Conference - June 2019

On 4/1/2019 3:31 PM, Dave Botsch wrote: > Are folk better able to attend a July 10-12 conference? Here is a partial list of 2019 conferences and events that might be important to members of the community. The dates specified are the approximate week of the event. April 29th: Linux Storage,

Re: [OpenAFS] Re: Starting an server (both DB and FS) without `BOS` (e.g. on Linux with systemd)

e fetching of log files. 5. Remote execution of arbitrary commands. Most but not all of these functions could be performed with other tools. Managing the special inter-dependencies of the "fs" and "dafs" bnode processes and salvaging are the two exceptions. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] new RW root.cell

root.cell If you are still seeing errors, examine the VolserLog on velma.psc.edu and use vos listvol -server velma.psc.edu -fast | grep 537176385 to see if there are stranded readonly volumes left on somewhere. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] AFS Performance / ZFS

partitions but do so by exporting the ZFS storage via iSCSI to RHEL7 systems connected to the TrueNAS server with dedicated bonded 10-gbit NICs. This combination is reliable and is capable of filling the iSCSI path. Jeffrey Altman AuriStor, Inc. <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] kafs client bugs

On 3/7/2019 6:12 AM, David Howells wrote: > From just the filenames, I don't see what some of the tests are meant to do - > take "discon-create" for example. This seems to be using some feature of Arla > that isn't in OpenAFS. disconnected mode was added to OpenAFS. However, there is no

Re: [OpenAFS] new RW root.cell

uth > Failed to clone the volume 537176384 > : Invalid cross-device link > Error in vos release command. > Clone volume is not in the same partition as the read-write volume. Susan, The problem with root.cell is on velma. The RW and RO must be on the same partition. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Offline migration of AFS partition files (i.e. the contents of `/vicepX`)

te to the fileserver processes. It is not portable and should not be used as a backup or transfer mechanism. > BTW, is there a document that outlines the actual layout of the > `/vicepX` structure? I've searched a bit but found nothing useful. The source code comments provide the best documentation. Jeffrey Altman smime.p7s Description: S/MIME Cryptographic Signature

[OpenAFS] BoF at Vault '19: Justifying the inclusion of Linux kernel AFS in Enterprise Distributions

9 USA Pizza and non-alcoholic beverages will be provided. I hope to see you there. https://www.auristor.com/events/kafsvault19 Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Vhosts as AFS servers?

of eventually deploying AuriStorFS servers on it, maximize the number of processor threads and use more power efficient processors with lower clock speeds. AuriStorFS servers unlike OpenAFS can make use of as much CPU and I/O bandwidth as is available. Jeffrey Altman On 1/15/2019 1:56 PM, Steve

Re: [OpenAFS] Update time loses 67 seconds on new volume

partition. It will match the Creation field. The copy date is not stored in volume dumps and cannot be restored or migrated to another File Server or partition. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Red Hat EL Support Customers - Please open a support case for kafs in RHEL8

ls such as RHEL, SuSE, Ubuntu, Oracle, RHEL 8 is in beta. The next opportunity to argue for inclusion of the in-tree AFS client will be RHEL 9. The clock is ticking Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Red Hat EL Support Customers - Please open a support case for kafs in RHEL8

2001 Red Hat couldn't support AFS because of GPL vs IPL10 conflicts. Now that kafs is available, it becomes possible for Red Hat to do so. Its up to all OpenAFS and AuriStorFS end user organizations to make the case. Good luck to all. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

[OpenAFS] Red Hat EL Support Customers - Please open a support case for kafs in RHEL8

needs and highly managed environments. Thanks for your assistance on behalf of the entire AFS/AuriStorFS community. Jeffrey Altman [1] https://www.infradead.org/~dhowells/kafs/ [2] https://copr.fedorainfracloud.org/coprs/jsbillings/kafs/ [3] https://lists.openafs.org/pipermail/openafs-info/2018

Re: [OpenAFS] Tracing VLDB queries

b0:49c0]:7001 STR root.cell Mon Dec 03 06:36:05 2018 [71] EVENT AFS_VL_GetEntByN CODE 0 NAME --UnAuth-- HOST [2604:2000:1741:a019:6d77:8346:dab0:49c0]:7001 STR root.public In OpenAFS the audit infrastructure can be enabled per-service and its output can be set to files, named pipes, syslog, Linux

Re: [OpenAFS] Current "balance" practice?

#define REL_FULLDUMPS 0x02 /* force full dumps */ #define REL_STAYUP 0x04 /* dump to clones to avoid offline time */ The introduction of enum vol_s2s_crypt came much later. If you would prefer AuriStor can submit a change to restore the prior signature. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] in tree kernel module kafs fedora 29

e code. That is why they can be part of the Linux kernel as in-tree networking stack and file system components. OpenAFS does not work with the kafs kernel module because the kafs file system is an alternative client compatible with IBM AFS 3.6, OpenAFS and AuriStorFS services. Jeffrey Altman <>

Re: [OpenAFS] Unexpected no space left on device error

I'm placing a beer on the directory being full. For extra credit I will guess that the directory is full as a result of abandoned silly rename files. You should try salvaging the volume with the rebuild directories option. Jeffrey Altman > On Nov 14, 2018, at 4:36 AM, Benjamin Kaduk wr

Re: [OpenAFS] automatic replication of ro volumes

ated RW volumes. RW replication is a feature which was never completed for OpenAFS. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

[OpenAFS] accessing /afs processes go into device wait

ccess.cs.unc.edu entry to CellServDB. You can add a blacklist for that name. You can stop using -afsdb or you can stop using -dynroot and rely upon a locally managed root.afs volume. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Current "balance" practice?

w.eyrie.org/~eagle/software/afs-balance/ ) Although similarly named Russ Allbery's balance which was developed at Stanford is unrelated to Dan Lovinger's balance. Russ' balance can make decisions based upon volume count and volume size whereas Dan's can make decisions based upon weekly vo

Re: [OpenAFS] rxmaxmtu for volserver

server, volserver and vlserver in 2006. The option is present in all 1.6 releases. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] OpenAFS Security Releases 1.8.2, 1.6.23 available --> butc & backup security update question --> why only root?

To do so butc must have knowledge of the cell-wide key because without knowledge of that key it cannot decrypt the AFS token presented by the RPC issuer. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

[OpenAFS] OpenAFS Security Releases 1.8.2, 1.6.23 available --> butc & backup security update question

nd the use of volume security policies to ensure that volumes cannot be restored to a fileserver with an incompatible security policy. Jeffrey Altman AuriStor, Inc. On 9/13/2018 3:12 AM, Giovanni Bracco wrote: > Hello everybody! > > I have read about the butc & backup security update. &g

Re: [OpenAFS] Obtaining tokens at login on Ubuntu 18.04

each session by default is incompatible with "systemd --user". PAGs can still be used to transition to a separate AFS identity for administrative operations. Please do not make assumptions that AFS PAGs can somehow protect end users from trusted administrators who choose to violate that trust or whose accounts have been compromised. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Obtaining tokens at login on Ubuntu 18.04

te perfect yet. Gaja, The "aklog.service" approach introduces a significant amount of complexity with zero security improvement over the pam_afs_session "nopag" configuration. The reason that aklog can be executed by "aklog.service" is because the Kerberos credentials from which the AFS tokens are derived are accessible to any process running as the UID. Sincerely, Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Obtaining tokens at login on Ubuntu 18.04

PAG) for each user login session. USM relies upon the assumption that all processes running with the same UID share the same security context including network authentication tokens. pam_afs_session "nopag" should be used in conjunction with USM. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Does vos release/volume replication always initiates data transfer from RW site?

not rank volume sites based upon performance characteristics. How are you ensuring that clients contact the local fileserver? Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Does vos release/volume replication always initiates data transfer from RW site?

to be present and consistent with other sites. Note that the -valid switch will not mark a site as "new" if a "vos release" failed to update one or more sites. Be careful to use publicly visible addresses when executing these commands. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] check in c (linux) whether a directory entry is a mount point for an AFS volume

he details of the target volume root directory unless the target volume cannot be located or accessed. Jeffrey Altman smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] fs newcell / clients CellServDB / adding new db server

On 6/18/2018 9:07 AM, Andreas Ladanyi wrote: >> >> The ubik clients do not rank servers based upon IP address. What they >> do is: > ok. Then maybe i misunderstood the documentation > (http://docs.openafs.org/QuickStartUnix/HDRWQ114.html) which tells me > the machine with lowest ip is "usually" 

Re: [OpenAFS] fs newcell / clients CellServDB / adding new db server

ill attempt to contact every ubik server in order until the coordinator is determined. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] fs newcell / clients CellServDB / adding new db server

ty period for the server list by the cache manager. In this way, clients automatically update their server list information and administrators can control how frequently the server lists are updated. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Add new database server with lowest IP

otice this server shutdown which is necessary to avoid bugs in most OpenAFS versions that can lead to database corruption.) c. Start server (bos start -all) d. Repeat for the next lower ranked server. 5. Start the new server This order will ensure that there is never any confusion for clients or ubik servers. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] About the upgrading from kaserver toKerberos 5

v5 for authentication. See the OpenAFS krb.conf man page. Again, good luck. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] aklog: unknown RPC error (-1765328377) while getting AFS tickets

On 4/25/2018 2:34 PM, Steven Schoch wrote: > > Kerberos error code returned by get_cred : -1765328352 > aklog: Couldn't get example.com AFS tickets: > aklog: unknown RPC error (-1765328352) while getting AFS tickets > > Did I mess up file permissions somewhere? Running klist

Re: [OpenAFS] Linux: systemctl --user vs. AFS

same tokens and an effective uid change permits access to those same tokens. Process Authentication Groups (PAGs) exist explicitly to establish a security barrier to prevent such credential leakage. Just my two cents ... Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Invalid AFSFetchStatus - inaccesible data

ackup or other sources 4. delete the vnode in the vice partition and salvage to cleanup the directory The warning message from the client is misleading in that the fileserver is not generating bogus information but the data on-disk is already bogus. Jeffrey Altman AuriStor, Inc. <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] RHEL 7.5 beta / 3.10.0-830.el7.x86_66 kernel lock up

e both due to back porting functionality in this manner. Such incompatibilities can result in system panics or silent data corruption depending upon the change. Jeffrey Altman AuriStor, Inc. <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] connection timed out, how long is the timeout?

sfully tested with 80 ubik servers in a cell. This is possible because of a more efficient protocol that is incompatible with AFS3 UBIK and the efficiencies in AuriStor's Rx implementation. Jeffrey Altman AuriStor, Inc. <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] connection timed out, how long is the timeout?

en the FS and both PT servers and CMs. Its time for the Super Bowl so I will send off this message as is. Perhaps it will be useful. Jeffrey Altman AuriStor, Inc. <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Re: RHEL 7.5 beta / 3.10.0-830.el7.x86_66 kernel lock up

e KABI functionality might have compatibility issues. There was a compatibility issue with RHEL 7.4 kernel (3.10.0_693.1.1.el7) as well that was only fixed in the OpenAFS 1.6 release series this past week as part of 1.6.22.2: http://www.openafs.org/dl/openafs/1.6.22.2/RELNOTES-1.6.22.2 Jef

Re: [OpenAFS] convert 'vos dump' output to tar or zip?

We would like to be able to access the contents of these backups without deploying a new cell. Sincerely, Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Is member of a machine group honored as system:authuser?

s permissions to be granted to each of the following combinations: authenticated user on unauthenticated host authenticated user on authenticated host anonymous user on authenticated host anonymous user on anonymous host The anonymous user on authenticated host communications with the file server are authenticated using the host principal and all data is both integrity protected and encrypted for wire privacy. Jeffrey Altman AuriStor, Inc. <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] KeyFile issues upgrading servers from 1.4 to 1.6

is critical that the DES cell key be replaced with an AES256-CTS-HMAC-SHA1-96 Kerberos service key. Failure to do so leaves the cell vulnerable to brute force attacks. AuriStor provides professional OpenAFS support services to assist organizations such as PSC when upgrading cells. https://www.auristor.com/openafs/ Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] changing just the name of a database server?

le that the > Auristor client has implemented that TODO item, but I have no way to > check. > > -Ben When building a DNS SRV or DNS AFSDB record you MUST use names that can be resolved by A and records. However, you can use CNAME records for the name listed in the CellServDB file. This is true not only for OpenAFS but for AuriStorFS as well. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

[OpenAFS] URGENT: macOS High Sierra to be released next week - must upgrade to AuriStorFS v0.160 first

panic after upgrade issue a couple of days ago. Jeffrey Altman AuriStor, Inc. smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] OpenAFS on OpenBSD

en management or otherwise manage the cache manager. Therefore, the existing FUSE implementation only supports anonymous operations. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Problem deleting volumes

in the VLDB. velma.psc.edu [128.182.66.184] has 22947 volume entries in the VLDB. If these are intended to be the same server, you might want to consider rebuilding your VLDB from scratch. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] OpenAFS windows clients (Orpheus' Lyre)

k we used MIT Kerberos. > > Which I suppose brings me to my wider question: what AFS clients are > others using on Windows? I am unaware of any AFS client for Microsoft Windows 10 that is available from anywhere other than AuriStor, Inc. Jeffrey Altman AuriStor, Inc. <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] New installation, linux server, AD kerberos

or, Inc. will work with IBM AFS 3.6, OpenAFS and AuriStorFS servers. https://www.auristor.com/openafs/client-installer/ Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] New installation, linux server, AD kerberos

ses '.' as the component separator, a Kerberos v5 principal name with a '.' in the first component cannot be safely converted to Kerberos v4. To override that restriction you must add -allow-dotted-principals to all server command lines. Jeffrey Altman <> smime.p7s Description: S/MIME Cryp

Re: [OpenAFS] New installation, linux server, AD kerberos

; bos: could not find entry (configuring connection security) My guess is that you need to add the cell wide key via asetkey before you can start the service. Key management is an area that has changed from OpenAFS 1.6 and OpenAFS 1.8 went in a different direction than AuriStorFS so I'm not entirel

Re: [OpenAFS] vos move: Error reading dump file

e the volume remains in place OpenAFS servers will happily serve the data but it is possible that the volume can no longer be represented by the dump format and that the salvager can no longer reference all of the vnodes that are present in the volume. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] ls: : Operation timed out

the network. If the packets do arrive, its a problem with the fileserver. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] volume throughput

rred can be computed from fileserver audit logs. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Re: build error when linking with heimdal-dev (Re: [OpenAFS] bosserver -noauth& changes cell to localcell)

). Currently that is only done when building aklog. That is an incorrect fix. -lasn1 should neither be added for aklog nor libauth. akimpersonate_v5gen.c is wrong in the Heimdal case. It is making direct usage of Heimdal ASN1 macros when it should be following the model used for rxkad.

Re: [OpenAFS] bosserver -noauth& changes cell to localcell

ed and its attempt to load a valid configuration fails, it then attempts to create a valid configuration. src/bozo/bosserver.c line 1032 of openafs-stable-1_6_x Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] vos dumps to S3 via S3 Storage Gateway?

ts IBM Spectrum Protect and the older Tivoli Storage Manager releases. This is in addition to our support of Teradactyl's True Incremental Backup System and BackupAFS. The XBSA implementation is modular so we can add support for Veritas NetBackup and object stores in the near future. Jeffrey Altman AuriStor, Inc. <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] vos dumps to S3 via S3 Storage Gateway?

the dump stream through a block cipher before passing it into the AWS CLI. Jeffrey Altman On 2/27/2017 2:42 PM, Shane wrote: > We have a legacy EC2 environment setup in which vos dumps are pulled in > by Zmanda backup, using a custom tar wrapper. These are stored on s3 via > Zmanda's vir

Re: [OpenAFS] Is the OpenAFS-info mailing list still working?

servers it is blocked. The mailing list is not broken. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] OpenAFS Windows build environment

ght there was benefit in maintaining an out of date tool chain I would not have shutdown the prior builders. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] OpenAFS Windows build environment

On 2/14/2017 7:37 AM, Kostas Liakakis wrote: > > Hi Jeffrey, > > Thanks for taking the time to answer. Please read below inline. > > > On 2017-02-14 03:53, Jeffrey Altman wrote: >> They are built with WiX 3.9 scripts. The >> installation packaging in the O

Re: [OpenAFS] OpenAFS Windows build environment

) functions. The IDN is required when building for pre-Vista because you have to install the normaliz.dll library as part of the installer. > Well, at least my openafs/dest directory is now populated and I > could at least run "pts help" and "fs help". Neither pts nor fs us

Re: [OpenAFS] OpenAFS Windows build environment

https://www.auristor.com/openafs/client-installer/ can be installed on Windows 10 and Windows Server 2016 because they are grand-fathered. If the same sources were built today they would not produce a working file system. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] OpenAFS 1.6.20.1 on AIX 7.1

question, I am unaware of anyone that has installed OpenAFS on AIX 7.1. If you can provide more details on the failure, perhaps the community can assist? If the ability to use OpenAFS on AIX 7.1 is important to your institution, perhaps it would be willing to provide a build host for use

Re: [OpenAFS] Check free space on AFS share before login

portant. AuriStor, Inc. supports David Howells' development of kafs. Others should as well. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Procedure for changing database server IP addresses

even a packet sniffer) to see > what clients might still be using the OLD dbservers prior to the final > decommissioning. rxdebug -peer > Seems a bit too simple. What am I missing? Good luck. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] OpenAFS 1.8.0 alpha 1 available

g passed to Matlab? /afs/cell-name/appl/@sys/bin/prog 2. a path component that is a symlink whose target path contains @sys? /afs/cell-name/appl/bin/prog where "bin" is a symlink to "@sys" or to ".bin/@sys" where ".bin" is a directory containing sub-directories "amd64_linux26". Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Fw: it would be nice to have an administrators guide

[ { afslog = } [libdefaults] afslog = The option doesn't have any impact on OpenAFS aklog. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] OpenAFS 1.8.0 alpha 1 available

in 4953 commits authored by the following individuals: 1334 Jeffrey Altman 913 Simon Wilkinson 715 Andrew Deason 320 Michael Meffie 292 Daria Phoebe Brashear 289 Benjamin Kaduk 233 Marc Dionne 88 Chas Williams 83 Garrett Wollman 53 Mark Vitale

Re: [OpenAFS] dbservers version

l critical bugs in the ubik protocol implementation have been fixed which can result in corrupted databases. Some of the scenarios result in empty databases being replicated to all servers. The safest path is to upgrade the existing database server to OpenAFS 1.6.20 before increasing the size of

Re: [OpenAFS] Additonal question about the OpenAFS Security Advisory 2016-003

ectory it rewrites it risks data corruption. The next incremental dump would include all of the directories (which it does in general anyway) but it wouldn't included normal files or symlinks that have not changed. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Additonal question about the OpenAFS Security Advisory 2016-003

ation stored in the original directory file. 2. It will compact the directory to reduce fragmentation that could have resulted in directory full errors when attempting to store a filename that required more directory blocks than are available contiguously. I hope this information is help

[OpenAFS] AuriStor, Inc at LISA 2016

forward to seeing old friends and discussing the accomplishments of the AuriStor team. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Connection timed out on new mount point

> Thanks... > > Dirk The client has cached information for the volume group that indicates that no backup volume exists. fs checkvolumes Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] space and vos zap problem

at's certainly something to be aware of. I only suggested > that because Gary said he had moved all of the volumes off of that > partition. > > --Ken In that case, wipe the partition and restart the fileserver. The bosserver must stop the fileserver anyway to perform a full partition sal

Re: [OpenAFS] space and vos zap problem

t of total 488735480 The one concern with -orphans remove when salvaging the entire partition is if there were orphans that belonged volumes other than the one that was deleted. If such files existed they are now lost. Jeffrey Altman smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] best practice for a service to access a user AFS token? and why ruid instead of euid?

ros v5 ticket granting ticket or an AFS token some other way. This typically made use of an impersonation service to acquire a TGT or Token after asserting it had authenticated the user identity. Many single sign-on web authentication services utilize a similar model. > Your suggestions greatly appreciated. The best approach in my opinion is to follow the LSF model. Jeffrey Altman AuriStor Inc. <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Mac OS sierra support - any news?

SX Sierra client compatible with IBM AFS and OpenAFS since OSX Sierra was publicly released. https://www.auristor.com/filesystem/client-installer/ Sincerely, Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Moving volumes between different cell and different realm names

On 10/10/2016 4:51 AM, Andreas Ladanyi wrote: > Am 07.10.2016 um 22:58 schrieb Jeffrey Altman: >> >>> >>> I read the thread: >>> https://lists.openafs.org/pipermail/openafs-info/2009-March/031004.html >>> >>> So if i understand the thread and

Re: [OpenAFS] OpenAFS Installation on Windows

in this installer are accepted under the grandfather exception for cross-signing certificates issued before 29 June 2015. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] VerboseLogging registry values?

On 9/1/2016 11:43 AM, Caldwell, Hugh wrote: > Could someone tell me what the appropriate values are for > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TransarcAFSDaemon\NetworkProvider\VerboseLogging > ? > > This page is the only reference I can find to it and the values aren't > defined

Re: [OpenAFS] Access an OpenAFS cell in LAN and WAN with dynamic DNS (DDNS) address

vice but the VL service would only disclose one based upon which address the client's query is received from. It would not be safe to convert the Ubik servers to rely upon DNS host names. Not with the current Ubik protocol specification. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Alternate source of Windows grind all Kerberos

irected to a broken site. The https://www.secure-endpoints.com/ is working. I will also note that at the time of the OP's e-mail the Secure Endpoints ISP was in the middle of a four hour maintenance window that resulted in a total loss of connectivity to https://www.secure-endpoints.com/. Jeffrey Altman Se

Re: [OpenAFS] some older openafs-client versions have started failing

ould obtain a stack trace for the hung "ls" process and collect cmdebug output for the affected cache manager. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Number of files in an OpenAFS volume...

On 7/4/2016 12:48 PM, Stephan Wiesand wrote: > > On Jul 4, 2016, at 16:27 , Jeffrey Altman wrote: > >> The directory size restrictions are one of the reasons that /afs cannot >> be used for a large number of applications. The AuriStor File System >> implements a

Re: [OpenAFS] Number of files in an OpenAFS volume...

e, etc store utf8 sequences. Any character that cannot be represented by ISO-8859-1 will require more than one octet. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Number of files in an OpenAFS volume...

directories to grow to store an unlimited number of entries. However, the AuriStor file servers currently apply an artificial limit of approximately 20 million entries. More details on the AuriStor File System can be obtained at https://www.auristor.com/openafs/migrate-to-auristor/ Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Client install on Windows Server 2012R2

; our cell in IU's KB, and I'm trying to clarify for him to be able to get set > up and working. I would install https://www.auristor.com/openafs/client-installer/ Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Client install on Windows Server 2012R2

Windows 7 or above. FYI, as of July 29th all new installations of Windows will require Secure Boot. At that time Microsoft signed device drivers will become mandatory. AuriStor, Inc. hopes to have its Windows client approved for Microsoft's signatures by that date. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Access an OpenAFS cell in LAN and WAN with dynamic DNS (DDNS) address

client in particular caches volume location information for hours and must manually "fs checkvolumes" be forced to refresh it when the file servers' IP address changes. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Problem restore / mount volume

the ACL, you won't be able to obtain access. Use the system:administrator rights to query the ACL and set it as necessary. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Read-only volume issues

t;fs trace" output would show what the AFS cache manager thinks the Samba server is requesting. Samba logs will show what Samba is receiving from its clients. All of those sources will need to be correlated to identify the actual flow of requests and failures. Jeffrey Altman <> smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Problem restore / mount volume

he root directory of the user.test volume? Does the current user have at least lookup permission? Finally, what version of the file server is hosting the volume? Jeffrey Altman smime.p7s Description: S/MIME Cryptographic Signature

Re: [OpenAFS] Read-only volume issues

ssues for a long time, so we > are kind of on our own. Which is one of the reasons we are retiring this > system. > > Chris Another approach you can take is to use the -readonly switch on the fileserver process. In that situation it won't matter if the volumes are .readonly or n

Re: [OpenAFS] Read-only volume issues

ust not Samba. > > OS X at least says: > > "The document “Document.rtf” could not be opened." > > ...and if I copy to the desktop, it says: > > "The Finder can’t complete the operation because some data in “Document.rtf” > can’t be read or written. > (Error co

  1   2   3   4   5   6   7   8   9   10   >