You can't sensibly virtualize IBM POWER / PowerPC architecture on Intel CPUs.
(Or even "at all"; I think the closest you get is qemu's PrEP which will not
boot AIX.)
-Original Message-
From: openafs-info-ad...@openafs.org [mailto:openafs-info-ad...@openafs.org] On
Behalf Of Ted Creedon
] On
Behalf Of zhaoxy...@ustc.edu.cn
Sent: Tuesday, May 24, 2016 4:57 AM
To: Benjamin Kaduk <ka...@mit.edu>
Cc: Brandon Allbery <ballb...@sinenomine.net>; openafs-info@openafs.org
Subject: [OpenAFS] openafs can not delete file
hi,
the openafs has been successfully installed ,but i have met s
To: Benjamin Kaduk <ka...@mit.edu>
Cc: openafs-info@openafs.org; Brandon Allbery <ballb...@sinenomine.net>
Subject: Re: Re: Re: RE: [OpenAFS] ad+openafs
hi,
sorry,i need to add something .
i have three servers.
ad +kerberos win2008
nis server openafs server linux redhat 6.
ZFS requires specific tuning for use as a cache partition; otherwise, its
allocation size interacts poorly with the allocation size of cache chunks,
IIRC. I'd imagine something similar is true of btrfs, but I know even less
about btrfs implementation details than ZFS.
-Original
fs sa /path/to/whatever system:anyuser none
-Original Message-
From: openafs-info-ad...@openafs.org [mailto:openafs-info-ad...@openafs.org] On
Behalf Of Steve Gaarder
Sent: Friday, March 4, 2016 10:05 AM
To: openafs-info@openafs.org
Subject: [OpenAFS] AFS in the age of the wild west
-1765328370 is KRB5KDC_ERR_ETYPE_NOSUPP. This often means that DES is disabled
somewhere. Note that the client library *also* needs DES enabled; you might
need to add to the [libdefaults] section of /etc/krb5.conf on the RH system,
allow_weak_crypto = true
From:
That documentation sounds out of date, or possibly just incomplete.
When dynroot is enabled, /afs is virtual and you cannot set the ACL. When the
client is using an actual root.afs volume, the command you gave will only work
before a read-only replica has been created and released (vos addsite
Did you upgrade the servers recently? Wildcards were disabled from 1.6.13 on
due to a buffer overflow vulnerability; see
https://www.openafs.org/security/OPENAFS-SA-2015-006.txt for details.
-Original Message-
From: openafs-info-ad...@openafs.org [mailto:openafs-info-ad...@openafs.org]
Not until someone adds pioctl support to it.
-Original Message-
From: openafs-info-ad...@openafs.org [mailto:openafs-info-ad...@openafs.org] On
Behalf Of Ted Creedon
Sent: Wednesday, March 2, 2016 10:13 AM
Cc: openafs-info@openafs.org
Subject: Re: [OpenAFS] compile fails kernel version
That looks like pretty much textbook token expiration in mid-volume copy, yes.
You will need to "vos unlock" the original volume and possibly "vos endtrans"
on the server (warning, this ends *all* active transactions! Might be better to
wait 10-15 minutes for it to time out).
It shouldn't be
On 11/14/2015 03:11 PM, Stephan Wiesand wrote:
> Thanks to Mike for doing this. http://gerrit.openafs.org/#change,12095 was
> merged and will thus be part of 1.6.16pre1. It is sad though that we
> sacrifice scout(1) and afsmonitor(1) this way, rather than fix gtx. Amy
> volunteers?
Turns out
On 11/13/2015 12:01 PM, Ted Creedon wrote:
> make[3]: Entering directory '/data/openafs-1.6.15/src/gtx'
> gcc -fPIC -O -I/data/openafs-1.6.15/src/config
> -I/data/openafs-1.6.15/include -I. -I. -D_LARGEFILE64_SOURCE -c
> curseswindows.c
> curseswindows.c: In function
On 11/11/2015 01:25 PM, Benjamin Kaduk wrote:
> Fundamentally, we wnat to know what code-level operation is failing. A
> quick search does not seem to find any universal ways to do so (akin to a
> linux ltrace or strace), but perhaps the logger functionality in
> WinDbg.exe would suffice.
On Tue, 2015-09-15 at 18:04 +, Stephan Wiesand wrote:
> OpenAFS releases since 1.6.10 include the volscan(8) utility. It will not be
> quite as trivial to use for your purposes since you need to run it on volumes
> and stitch paths as seen by clients together yourself, but for just that
>
On Tue, 2015-08-11 at 13:20 +0200, Youssef Eldakar wrote:
1. Install openafs-dbserver and openafs-fileserver on new machine.
2. Configure new machine as 'secondary site' for the OpenAFS admin
databases with the 'synchronization site' being the old machine.
3. Set the new machine as the
On Fri, 2015-08-07 at 09:04 -0500, John Hascall wrote:
I installed a new RHEL6 box and the kernel version is:
2.6.32-573.el6.x86_64
Prebuilt kernel modules aren't always available. If you install
dkms-openafs instead of a kmod-openafs then the system will (try to)
rebuild the kernel module
On Mon, 2015-08-03 at 15:53 +0200, Lars Schimmer wrote:
Do we have a issue here? Do I misread the information fsck gave me?
Am I out of iNodes? I guess not, but why do I get the error 17 ?
If that's an OS error code, it's EEXIST (File exists). This would not
relate to the actual file created; a
On Wed, 2015-07-29 at 01:12 -0600, Antoine Verheijen wrote:
What guarantee(s) is the certifier prepared to live up to via their
certification? If none, why is it required?
It is a point... Apple is apparently willing to let anyone request a
kext signing certificate, whereas Microsoft requires
On Thu, 2015-07-02 at 15:42 +0200, Andreas Ladanyi wrote:
fs la /afs/
fs: Invalid argument; it is possible that /afs/ is not in AFS.
fs mkmount /afs/cellname root.cell
fs: mount points must be created within the AFS file system
If you're using dynroot, /afs is indeed not in AFS (it's a fake
On Mon, 2015-06-22 at 10:12 -0400, Daria Brashear wrote:
On Mon, Jun 22, 2015 at 10:09 AM, Ted Creedon
tcree...@easystreet.net wrote:
EG OSX has a memory leak that requires weekly rebooting (per
apple support)
Details? Cuz uh, I'm not rebooting weekly and...
I've been
On Mon, 2015-04-06 at 14:36 +, Kieffer, Catherine wrote:
I just downloaded and installed the openafs-1.6.11-1.src.rpm source
RPM. It didn't put it into /usr/src but into /root/rpmbuild. I tried
running the openafs-buildall.sh and received this.
rpmbuild -ba
On Mon, 2015-04-06 at 14:43 +, Brandon Allbery wrote:
rpmbuild -ba /root/rpmbuild/SPECS/openafs.spec
I should also mention that it is entirely possible that RH has
backported a kernel that's too new for the latest release. You can look
for prereleases (probably not available in .src.rpm form
On Tue, 2015-03-24 at 15:46 +0100, Staffan Hämälä wrote:
$ pts creategroup sh:test20
pts: may not create more groups ; unable to create group sh:test20
Where can I find info about this limit?
vikktakkht:1134 Z$ pts ex ballbery
Name: ballbery, id: 2509, owner: system:administrators,
On Mon, 2015-03-02 at 23:13 +0200, Jukka Tuominen wrote:
What if OpenAFS would be known to be safe? I agree that there would be
a high market value for that.
There is ongoing work on this. It's not trivial.
--
brandon s allbery kf8nh sine nomine associates
On Tue, 2014-12-30 at 17:08 +0100, Dirk Heinrichs wrote:
This data has to be migrated within the same server to AFS.
Why same server? An AFS setup usually consists of several servers, especially
if you want to serve terabytes of data. Not to mention the needed kerberos
server.
On Thu, 2014-12-11 at 14:37 +0100, Voss wrote:
I set up an afs-server this morning, it works well. The initial goal I had
was exporting our /home directory with afs, it is, however, an nfs file
system. Is there any possibility to export these directories using afs,
without changes to the
On Fri, 2014-11-07 at 11:41 +0100, Andreas Ladanyi wrote:
Kerberos error code returned by get_cred : -1765328370
KRB5KDC_ERR_ETYPE_NOSUPP
You are probably still using DES, and need allow_weak_crypto = true in
[libdefaults] on clients and the KDC. An answer for the future (and
possibly necessary
On Fri, 2014-11-07 at 15:42 +0100, Andreas Ladanyi wrote:
Am 07.11.2014 um 14:46 schrieb Brandon Allbery:
On Fri, 2014-11-07 at 11:41 +0100, Andreas Ladanyi wrote:
Kerberos error code returned by get_cred : -1765328370
KRB5KDC_ERR_ETYPE_NOSUPP
You are probably still using DES, and need
On Fri, 2014-11-07 at 11:15 -0600, Andrew Deason wrote:
It seems likely the 0 kvno is the problem. We only copy in a principal
if the kvno in the keytab is greater than 'vno' in
akimpersonate.c:pick_principal, which starts out at 0. I assume that's
valid and we just hadn't encountered this
So, an interesting and undoubtedly temporary workaround for unsigned
kexts on Yosemite/OS X 10.10 is that they can apparently be loaded by
LaunchDaemons.
http://dan.langille.org/2014/10/28/getting-openconnect-tuntap-working-on-yosemite-osx/
It wouldn't surprise me if Apple closed that loophole
On Fri, 2014-10-24 at 09:06 -0400, D Brashear wrote:
It's worth noting, OSXFUSE is signed.
Only if you get the prebuilt one from their distribution. Ports systems
(MacPorts, Homebrew, FreeBSD ports, Gentoo portage, etc. --- of course
only the first two are relevant here) build from source and
On Thu, 2014-10-23 at 20:37 -0500, Andrew Deason wrote:
On Thu, 23 Oct 2014 18:27:27 -0400
Stephen Joyce step...@email.unc.edu wrote:
In any case, OpenAFS is not the only project which must decide how to
move forward in this scenario. It might be instructive to see how
macports,
On Fri, 2014-09-26 at 19:27 +0200, Jaap Winius wrote:
The -t option seems to do nothing for me, while any command option
placed at the end of the statement only causes another problem that
makes init disable the process after respawning too quickly.
This is because, if you specify a
On Fri, 2014-09-26 at 22:29 +0200, Jaap Winius wrote:
So, I was getting into trouble because aklog is not a long-running
command? Anyway, the daemon in question doesn't understand Kerberos
or
AFS; I'm just trying to give an average daemon access to some files
in
AFS.
That is *exactly*
On Wed, 2014-09-17 at 10:42 -0700, Eric Shell wrote:
When I run ktutil copy /tmp/afsv5key AFSKEYFILE:/tmp/KeyFile
the /tmp/KeyFile file is not created. If I run it with truss I see a
bunch of lines complaining about missing files.
99% of those are not relevant and are just looking for shared
whoops, sorry, freebsd. My freebsd 10-R seems to understand AFSKEYFILE
but I don't have admin access to a KDC at the moment that I can use for
testing.
--
brandon s allbery kf8nh sine nomine associates
allber...@gmail.com
On Wed, 2014-09-17 at 10:42 -0700, Eric Shell wrote:
I'm following the AFS server set up steps
at https://wiki.freebsd.org/afs-server but I'm stuck at the ktutil
copy command to create the AFS KeyFile.
I set up a test realm and partially set up a cell on a 10.0-R VM. It
looks like this is a
On Thu, 2014-09-11 at 14:28 -0400, Phillip Moore wrote:
What my modules do NOT have are things like setpag(). If I ever get
back into working on OpenAFS again (probability totally
indeterminate), the first time I need setpag(), I will code up a
standalone perl module that provides that,
On Wed, 2014-09-03 at 12:40 -0400, Dave Botsch wrote:
EPEL is really good about making sure that they don't override base
redhat packages and that packages in the repo don't brake w.r.t.
dependencies.
As has been pointed out, EPEL is no-go; they require all kernel modules
to come from the
On Wed, 2014-08-06 at 23:29 -0500, Andrew Deason wrote:
However, even if that is working, I would think that setup would only
work if samba uses separate processes for connections for different
users; I don't know if that's true. You could ask samba for more info
It does; otherwise it'd need
On Thu, 2014-08-07 at 11:09 -0400, John P Janosik wrote:
On Wed, 2014-08-06 at 23:29 -0500, Andrew Deason wrote:
However, even if that is working, I would think that setup would
only
work if samba uses separate processes for connections for
different
users; I don't know if that's
On Thu, 2014-08-07 at 12:46 -0500, Andrew Deason wrote:
On Wed, 06 Aug 2014 15:33:02 -0400
Dale Pontius pont...@btv.ibm.com wrote:
Obviously this was client side, but I find it hard to believe that
keeping a connection mapped for the 2 hours mentioned elsewhere would
be necessary.
On Wed, 2014-08-06 at 15:32 +0200, Markus Koeberl wrote:
What exactly may be the problem with -afsdb. Are my SRV records wrong
or is there a problem with my name server?
I am happy for any hints because removing the -afsdb option is
complicated...
I'm seeing this problem locally in a
On Wed, 2014-08-06 at 13:47 +, Brandon Allbery wrote:
I'm not sure how to mitigate this, though. Even if you could add a
dummy AFSDB or SRV record to intercept this lookup,
Actually, for your case it might be sufficient to add an entry to the
CellAlias file pointing .git to the local cell
On Wed, 2014-08-06 at 13:47 +, Brandon Allbery wrote:
read-write root.afs volume
SIgh, thinko, was thinking about having to verify my default cell's
root.afs is sane before I kill -dynroot locally while I was composing
that. It's looking up root.cell, of course.
--
brandon s allbery kf8nh
On Tue, 2014-08-05 at 09:30 +0200, Alex wrote:
Now, I didn't find in the admin guide or wiki[1] some useful
information
about client's firewall, but I could find some information on the
Internet saying that client doesn't work without opening 7001 for
incoming UDP [2]. This should be open for
On Tue, 2014-08-05 at 16:12 +0200, Alex wrote:
Parallel access is a must for us.The main
concern is the possibility that one client overwrites modifications of
another one who is editing the file in the same time.
This is going to bite you if you don't have callbacks working.
--
brandon s
On Tue, 2014-08-05 at 09:34 -0500, Douglas E Engert wrote:
A side question is can AFS use some other authentication
method other then Kerberos?
Not yet. This is one of the things rxgk is supposed to address; we can
then use any GSSAPI-provided service. (The Globus stuff included a
minimal
On Tue, 2014-08-05 at 16:08 +0100, Simon Wilkinson wrote:
The complication is that firewalls/NATs only preserve these mappings
for a finite length of time. We attempt to keep them open through
regular fileserver pings, but sometimes that isn't enough. When a
mapping expires, the client is
On Tue, 2014-08-05 at 10:36 -0500, Andrew Deason wrote:
On Tue, 05 Aug 2014 16:12:41 +0200
Alex euergetiko...@gmail.com wrote:
On 08/05/14 15:08, Brandon Allbery wrote:
So you might be able to get by with just running fs checkvolumes
periodically in a cron job to make up for missing
On Fri, 2014-08-01 at 10:55 -0400, Dave Botsch wrote:
Could AFS work like other Kerberos apps with more direct use of
kerberos
tickets and just getting the service ticket when needed, versus having
to do something extra (ie aklog)? Dunno. Would be nice, but not
required, IMHO, as long as the
On Fri, 2014-08-01 at 11:32 -0400, Chas Williams (CONTRACTOR) wrote:
We can do a userspace upcall on any platform; that's not the hard
part...
Yes, but it's mostly useless since it doesn't preserve any existing
security context. Unless your kinit puts the tickets in a well known
(and
On Fri, 2014-08-01 at 17:35 -0500, Troy Benjegerdes wrote:
So why don't we use the kernel keyring on Linux, and the built-in OS support
on both MacOS and Windows for Kerberos to grab the key that matches the
default realm? If you have weird situations, or where administrators feel
they must
On Thu, 2014-07-31 at 15:32 +0200, Martin Richter wrote:
for any reason I just missed the three documents Thanks a lot!
On Thu, 31 Jul 2014 09:09:11 -0400 (EDT)
Benjamin Kaduk ka...@mit.edu wrote:
On Thu, 31 Jul 2014, Martin Richter wrote:
since I
On Thu, 2014-07-31 at 16:12 +0200, Martin Richter wrote:
So this means that client caching can't be used anymore after DES has
been removed from the KDC?
No; rxkad-kdf derives a DES key from a stronger key. Also clients still
default to no encryption in the cache manager (fs setcrypt). Just
On Thu, 2014-07-31 at 17:32 -0500, Andrew Deason wrote:
But even this seems like a good example of why some people are
frustrated or annoyed by all of this. Every single authentication
framework thing needs to have its own AFS plugin, or AFS tool, or
whatever; you just listed two different
On Fri, 2014-07-04 at 22:48 +0200, Jean-Marc Choulet wrote:
root@afs-db01:~# /etc/init.d/openafs-client start
Starting AFS services: openafs afsd.
afsd: ASSERT: cacheFiles 1000 diskblocks -26
That looks like a corrupt cache partition to me?
--
brandon s allbery kf8nh
On Thu, 2014-06-26 at 08:19 -0700, Andrew Deason wrote:
OS X has a few things like fink, macports, and brew, but that would be
an extra big thing you'd have to install, which is pretty terrible to
ask of users. I also don't know if those work with kernel modules at
all, and some have had some
On Mon, 2014-05-05 at 19:17 +0200, Stephan Wiesand wrote:
On May 5, 2014, at 00:44 , Brandon Allbery wrote:
On Sun, 2014-05-04 at 13:17 -0400, Jon Stanley wrote:
In the default configuration of OpenAFS as shipped (1.6.7), the
systemd unit file attempts to edit /usr/vice/etc/CellServDB
On Sun, 2014-05-04 at 13:17 -0400, Jon Stanley wrote:
In the default configuration of OpenAFS as shipped (1.6.7), the
systemd unit file attempts to edit /usr/vice/etc/CellServDB. In a new
method of OS deployment, called rpm-ostree[1], the /usr namespace is
completely immutable and versioned.
On Fri, 2014-03-14 at 13:39 -0400, Timothy Balcer wrote:
I realize I can delete and add back the replica, and retry the
release, however I am concerned about the error. How is it that an
authentication can expire when the client is automatically reinitiated
and aklog'd every 6 hours?
The
On Thu, 2014-03-06 at 16:54 +0100, Dan van der Ster wrote:
Normally, signed executables can have ports opened (evidenced by the
similarly named checkbox in the system prefs). But since 1.6.6 is not
signed, I presume its ports are not being opened by mac os.
It's a little more complex than
On Thu, 2014-02-27 at 23:30 -0600, Andrew Deason wrote:
As for what is triggering this behavior, as far as I can tell it's
just
a normal short read from the fssync socket. That is, one side sends
292
bytes, and the other receives 200 bytes (and then would receive
another
92 bytes if it
On Thu, 2014-02-20 at 13:14 -0600, Troy Benjegerdes wrote:
I remember hearing lots of arguments that getting rid of DES keys would take
tens or hundreds of thousands of dollars, and that 'developers need to eat'
etc etc.
Then one day an exploit was announced, and all of a sudden we got
On Fri, 2014-02-14 at 00:59 -0600, Andrew Deason wrote:
You don't need a DNS server (BIND), but you do need to pick a name for
the AFS cell, and some people will recommend that having a real DNS
server can make things easier. The cell name is usually a DNS FQDN, but
it doesn't actually need to
On Wed, 2014-02-12 at 14:20 +0100, Staffan Hämälä wrote:
For some reason, we're still getting a DES session key after removing
the KeyFile on all OpenAFS-servers, and touching CellServDB, according
to these instructions:
https://www.openafs.org/pages/security/install-rxkad-k5-1.6.txt
Old
On Wed, 2014-02-12 at 09:49 -0600, Andrew Deason wrote:
Heimdal and MIT I think, the allow_weak_crypto (not
allow_weak_enctypes,
unless I have that reversed) option can turn that off. Newer MIT also
Sigh, I seem to always get that one wrong if I don't look first. :/
--
brandon s allbery
On Fri, 2014-01-24 at 11:41 -0500, Jeffrey Hutzelman wrote:
The problem is the one-off clients that make _one RPC_ and then exit.
They have no opportunity to remember what didn't work last time. It
Has it been considered to write a cache file somewhere (even a user
dotfile) that could be used
On Fri, 2014-01-17 at 11:05 +, Germán Ferrari wrote:
I don't understand the part about the salvager deleting the data. I
have the recovered /vicepa folder on a ntfs partition. I'm trying to
Last I checked, we don't have a working server for Windows... how did
the server partition end up
On Wed, 2014-01-08 at 18:11 +, Jose Manuel dos Santos Calhariz
wrote:
I have a cell of OpenAFS and a kerberos5 realm for tests. I have done
the re-keying
of afs/celname@REALMNAME as explained in
http://openafs.org/pages/security/install-rxkad-k5-1.6.txt
On Mon, 2014-01-06 at 15:19 -0500, predr...@andrew.cmu.edu wrote:
consequently people could not use AFS. No big deal I thought
thanks to these guys
http://dl.openafs.org/dl/openafs/1.6.5/rhel6/x86_64/
However
[root@loco init.d]# rpm -Uhv
On Sat, 2013-12-21 at 09:33 +0200, Jukka Tuominen wrote:
Thank you Atro,
That is very promising, I will look into it. I remember tweaking ff
preferences more network friendly earlier, but this particular one I can't
recall.
I'd be happy to fix the ff issue, but I still think there is
On Sun, 2013-12-22 at 00:06 +0200, Jukka Tuominen wrote:
Brandon,
I'm afraid redirecting to local files is unlikely to work in this case,
since the client image is read-only. Only the homedirs on the server
survive client reboots. That is intentional and an important feature of
the Liitin
On Fri, 2013-12-20 at 17:03 +0100, nicolas prochazka wrote:
1 - find /afs/test.com -type f -exec cat {} /dev/null \;
2 - fs discon off
3 - I can use all files without problem,
but after a an indefinite period ( 1 minutes and 5 hours )
i get ls: cannot access /afs/test.com/ : Network
On Mon, 2013-12-16 at 15:39 -0500, David Flatley wrote:
I compiled OpenAFS 1.6.1 for a Red Hat 5.6 server. In the /afs
directory there are all the cells for all our various AFS cells. On an AIX
system there is a link for the short name for our local cell.
On my Linux system there is no
On 10/22/13 05:38, huangql huan...@ihep.ac.cn wrote:
The questions stuck me for weeks. Does anyone get the same problem and
could you give me some suggestions?
You don't provide enough information, because all the stacks you provided
use pam_stack.so to load the system-auth stack which you didn't
...@ihep.ac.cnmailto:huan...@ihep.ac.cn
Date: Tuesday, October 22, 2013 10:53
To: Brandon Allbery ballb...@sinenomine.netmailto:ballb...@sinenomine.net,
openafs-info@openafs.orgmailto:openafs-info@openafs.org
openafs-info@openafs.orgmailto:openafs-info@openafs.org
Subject: Re: Re: [OpenAFS] PAM
On 10/3/13 14:08, nicolas prochazka prochazka.nico...@gmail.com wrote:
hello,
sorry for the spam, this is a misconfigured cache option.
Regards,
Nicolas Prochazka.
2013/10/3 nicolas prochazka prochazka.nico...@gmail.com:
Hello again ,
after some tests to use zfs as afs cache,
linux kernel
On 10/3/13 15:47, Andrew Deason adea...@sinenomine.net wrote:
On Thu, 03 Oct 2013 11:39:34 -0700
Russ Allbery r...@stanford.edu wrote:
+ exec /usr/share/debconf/frontend configure
[...]
set -x doesn't follow shell scripts through debconf because debconf does
some black magic to reinvoke
On 9/24/13 15:50, Jukka Tuominen jukka.tuomi...@finndesign.fi wrote:
I understood the client pointing to two different domains with a single
destiny. I can also switch between the two servers (old and new) one at
the time, but I can't understand how the server can hold the two domains
at once.
On 9/22/13 20:51, Russ Allbery r...@stanford.edu wrote:
Failing that, I'm probably going to split butc, backup, and fms into a
separate package to make it easier for other packages to conflict with it
due to the poorly-chosen command name instead of conflicting with all of
openafs-client.
On 9/1/13 12:49, Gémes Géza g...@kzsdabas.hu wrote:
2013-09-01 14:57 keltezéssel, Gémes Géza írta:
Sorry if it sounds nitpickering, but I want to be sure, I didn't
misunderstood your idea.
In a nutshell your proposal for me is to design a swig interface
around exec calls for the existing
On 7/30/13 12:01, Jaap Winius jwin...@umrk.nl wrote:
Hi folks,
Could someone please remind me how to remove stuff from the /afs
directory? I recently discovered an empty directory there, called:
/afs/.:mount
If you're using dynroot, that's an autocreated directory which can be used
to
On 7/30/13 14:39, John Sopko so...@cs.unc.edu wrote:
Where is the session key for the afs/cell@REALM service principal
derived from? If I remove the des-cbc-crc encryption type from both the
afs/cell@REALM and the user principals will things still work without
having to upgrade all clients to
On 7/17/13 14:28, Ciprian Dorin Craciun ciprian.crac...@gmail.com
wrote:
In that case, you use the -rxbind option, which tells the
servers to bind to a specific address instead of INADDR_ANY. That
option needs to be passed to each server process for which you want that
behavior.
Indeed
I should note here that salvage is like fsck; most Unix-like systems force you
to periodically run fsck to catch any incidental filesystem damage that may
have occurred. Hard drives are far from perfect; having worked with a number of
storage researchers over the past 10+ years, I have learned
In a normal AFS configuration, disk cache is persistent. I don't know how
Gentoo configures its openafs packages; it may be using a ramdisk or tmpfs or
etc. for the cache partition.
-Original Message-
From: openafs-info-ad...@openafs.org [mailto:openafs-info-ad...@openafs.org] On
On 4/22/13 14:48 , Greg Wilson
greg.wil...@asu.edumailto:greg.wil...@asu.edu wrote:
Here at ASU we currently have the 3 defined authen servers know by our AFS
clients all in one network subnet.
We have a need to be able to split these up to several different network
locations.
What are the
On 4/8/13 14:09 , jukka.tuomi...@finndesign.fi
jukka.tuomi...@finndesign.fi wrote:
understanding the depths of afs - isn't the afs cache meant to be always
in sync with the server, or is it possible (default?) for the applications
to let go the data before it is confirmed to exist on the server?
A host or network which drops all ICMP indiscriminately is fundamentally
broken, and I could make an argument for not allowing it to communicate with
other networks at all. If someone is demanding drop-all-ICMP as security best
practice then you need to find someone who actually understands
, openafs, kerberos, infrastructure, xmonadhttp://sinenomine.net
From: Derek Atkins [warl...@mit.edu]
Sent: Thursday, February 07, 2013 13:36
To: Brandon Allbery
Cc: Antony Mayi; Andrew Deason; openafs-info@openafs.org
Subject: Re: [OpenAFS] Re: mtu
On 1/18/13 20:22, Dimitris Z dimitr...@gmail.com wrote:
It looks like the rsync I did did not preserve ownership information.
This may explain why the salvager cannot do a proper restoration of
the volumes or why the volumes are not working. Is there a way to get
around this? It does not really
1) When shutting down, should all database servers be shutdown
before the fileservers, or should the fileservers be shutdown
first?
2) When starting up, should the fileservers be started first,
or should the database servers be started first?
You need the database servers to be up while
On Wed, 9 Jan 2013 10:16:25 +0800 (CST)
杭友春 idealh...@163.com wrote:
fs setacl /afs system:anyuser rl
it tells me :
fs:You don't have the required access rights on '/afs'
I know I have no right.But how can I get the access right?
You need to have AFS tokens as an AFS
On Mon, Dec 17, 2012 at 12:41 PM, Booker Bense bbe...@gmail.com wrote:
Is this statement in the IBM man page still true?
Specifies the name of each group to create. Provide a string of up to 63
characters, which can include lowercase (but not uppercase) letters,
numbers, and punctuation
On Wed, Dec 12, 2012 at 8:45 AM, Steve Gaarder gaard...@math.cornell.eduwrote:
On Tue, 11 Dec 2012, Harald Barth wrote:
1. Create
afs/math.cornell.edu@MATH.**CORNELL.EDUmath.cornell@math.cornell.edu
2. Store the key in a keytab file
3. Use asetkey to add the key to the keyfile on each
On Wed, Dec 12, 2012 at 3:30 PM, Steve Gaarder gaar...@math.cornell.eduwrote:
THanks. Do I need to restart the afs servers in order to have them use
the new key?
Shouldn't be.
--
brandon s allbery kf8nh sine nomine associates
allber...@gmail.com
On Tue, Dec 11, 2012 at 4:16 PM, jukka.tuomi...@finndesign.fi wrote:
I am by no means an administrator, rather a UX designer building a concept
design as easy as possible for the end users. So, I take it, it is
possible to build an afs client without static pointers to afs servers. I
hope
On Tue, Dec 11, 2012 at 4:38 PM, Simon Wilkinson
simonxwilkin...@gmail.comwrote:
On 11 Dec 2012, at 21:29, Brandon Allbery wrote:
This is what SRV records are for, yes. Ideally, the CellServDB on
clients is for legacy use with old cells
Sadly, there are loads of situations where the client
On Mon, Dec 10, 2012 at 5:12 PM, jukka.tuomi...@finndesign.fi wrote:
What do you mean by publishing DNS SRV records? The server has a FQDN but
do you mean something else?
Modern AFS autodiscovers the servers for a cell via DNS, much like other
modern services. See
1 - 100 of 143 matches
Mail list logo