Re: [OpenAFS] (no subject)
Hello! On Thu, 27 Jun 2024, Cheyenne Wills wrote: It appears that the latest CentOS-9 stream has pulled in changes from the Linux 6.8 kernel, specifically commit 'dentry: switch the lists of children to hlist' (da549bdd15). I will double check to see if the latest RHEL9 kernel is pulling this in (Centos9-Stream is the beta version that eventually feeds into RHEL9) Sounds reasonable. This specific problem was addressed in the upcoming 1.8.12 by gerrit 15704 "Linux 6.8: use hlist iteration for dentry children". 1.8.12 will have support for linux kernels up to and including 6.9. I find it odd that 1.8.10 was able to build when 1.8.11 failed. Was the build using the same updated kernel level? Yes, I did the builds with the very same kernel. Especially to recheck whether 1.8.10 would still build. Dipl. Chem. Dr. Stephan Wonczak Regionales Rechenzentrum der Universitaet zu Koeln (RRZK) Universitaet zu Koeln, Weyertal 121, 50931 Koeln Tel: +49/(0)221/470-89583, Fax: +49/(0)221/470-89625 ___ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] (no subject)
Just verified that the 1.8.11 src rpm will build cleanly on a fresh RHEL9.4 install (kernel.x86_64 5.14.0-427.22.1.el9_4) -- which is the latest according to the RedHat site. [cwills@rhel9-builder ~]$ rpmbuild --rebuild --with kauth openafs-1.8.11-1.src.rpm ... + rm -fr /home/cwills/rpmbuild/BUILDROOT/openafs-1.8.11-1.el9.x86_64 + RPM_EC=0 ++ jobs -p + exit 0 Executing(--clean): /bin/sh -e /var/tmp/rpm-tmp.VzW5gf + umask 022 + cd /home/cwills/rpmbuild/BUILD + rm -rf openafs-1.8.11 + RPM_EC=0 ++ jobs -p + exit 0 [cwills@rhel9-builder ~]$ -- Cheyenne Wills [email protected] On Thu, 27 Jun 2024 10:13:30 -0600 Cheyenne Wills wrote: > It appears that the latest CentOS-9 stream has pulled in changes from > the Linux 6.8 kernel, specifically commit 'dentry: switch the lists of > children to hlist' (da549bdd15). > > I will double check to see if the latest RHEL9 kernel is pulling this > in (Centos9-Stream is the beta version that eventually feeds into > RHEL9) > > This specific problem was addressed in the upcoming 1.8.12 by gerrit > 15704 "Linux 6.8: use hlist iteration for dentry children". 1.8.12 > will have support for linux kernels up to and including 6.9. > > I find it odd that 1.8.10 was able to build when 1.8.11 failed. Was > the build using the same updated kernel level? > > -- > Cheyenne Wills > [email protected] > > > > On Thu, 27 Jun 2024 12:33:51 +0200 (CEST) > Stephan Wonczak wrote: > [...] > > ___ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] (no subject)
It appears that the latest CentOS-9 stream has pulled in changes from the Linux 6.8 kernel, specifically commit 'dentry: switch the lists of children to hlist' (da549bdd15). I will double check to see if the latest RHEL9 kernel is pulling this in (Centos9-Stream is the beta version that eventually feeds into RHEL9) This specific problem was addressed in the upcoming 1.8.12 by gerrit 15704 "Linux 6.8: use hlist iteration for dentry children". 1.8.12 will have support for linux kernels up to and including 6.9. I find it odd that 1.8.10 was able to build when 1.8.11 failed. Was the build using the same updated kernel level? -- Cheyenne Wills [email protected] On Thu, 27 Jun 2024 12:33:51 +0200 (CEST) Stephan Wonczak wrote: >Hi everyone, >nb: For some reason my original report did not make it to > the list. Maybe because of my attachment; are these forbidden? >A few days ago I hit a regression while building 1.8.11 for > CentOS-9. As an rpm was missing from the release, I created a > source-RPM from the .bz2-tarballs as per documentation and did did a > rpmbuild. Command line used (yes, we still have need for ka...): > >rpmbuild --rebuild --with kauth openafs-1.8.11-1.src.rpm > >This worked fine on RHEL-8 (fully updated) >That very same src.rpm has a problem building the modules on a > fully updated CentOS-9 Stream (kernel 5.14.0-457). > Last relevant lines from the build are: > > (...) > ./include/linux/list.h:562:9: note: in expansion of macro 'list_entry' >562 | list_entry((pos)->member.next, typeof(*(pos)), > member) | ^~ > ./include/linux/list.h:689:20: note: in expansion of macro > 'list_next_entry' >689 | pos = list_next_entry(pos, member)) >|^~~ > /root/rpmbuild/BUILD/openafs-1.8.11/src/libafs/MODLOAD-5.14.0-457.el9.x86_64-SP/osi_vcache.c:315:13: > > note: in expansion of macro 'list_for_each_entry' >315 | list_for_each_entry(child, &dp->d_subdirs, > d_child) { | ^~~ > make[4]: *** [scripts/Makefile.build:268: > /root/rpmbuild/BUILD/openafs-1.8.11/src/libafs/MODLOAD-5.14.0-457.el9.x86_64-SP/osi_vcache.o] > > Error 1 > make[4]: *** Waiting for unfinished jobs > make[3]: *** [Makefile:1942: > /root/rpmbuild/BUILD/openafs-1.8.11/src/libafs/MODLOAD-5.14.0-457.el9.x86_64-SP] > > Error 2 > make[3]: Leaving directory '/usr/src/kernels/5.14.0-457.el9.x86_64' > FAILURE: make exit code 2 > make[2]: *** [Makefile.afs:283: openafs.ko] Error 1 > make[2]: Leaving directory > '/root/rpmbuild/BUILD/openafs-1.8.11/src/libafs/MODLOAD-5.14.0-457.el9.x86_64-SP' > make[1]: *** [Makefile:188: linux_compdirs] Error 2 > make[1]: Leaving directory > '/root/rpmbuild/BUILD/openafs-1.8.11/src/libafs' > make: *** [Makefile:463: libafs] Error 2 > error: Bad exit status from /var/tmp/rpm-tmp.ZUYDKT (%build) > >Full build log available on request. >A few more data points: > > - Building with "rpmbuild --rebuild --with kauth --define > "build_modules 0" works fine and creates RPMs. > - Builing 1.8.10 on that machine works fine (checked today) > - Building 1.8.12pre1 on that machine works fine, too. > >So only the released version of 1.8.11 is broken on CentOS-9 > stream, and I suspect on RHEL-9, too. > > Dipl. Chem. Dr. Stephan Wonczak > > Regionales Rechenzentrum der Universitaet zu Koeln (RRZK) > Universitaet zu Koeln, Weyertal 121, 50931 Koeln > Tel: +49/(0)221/470-89583, Fax: +49/(0)221/470-89625 > ___ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] (no subject)
On Tue, Nov 22, 2011 at 23:35, Atro Tossavainen wrote: > If OpenAFS with Kerberos 5 still uses single DES only, how is it > fundamentally better security-wise than using kaserver...? > The Kerberos 4 protocol (including the ancient variant used by kaserver) has significant *structural* security flaws, over and above those related to enctypes. -- brandon s allbery [email protected] wandering unix systems administrator (available) (412) 475-9364 vm/sms
Re: [OpenAFS] (no subject)
Garrison, Eric C wrote: > Default principal: [email protected] > > Valid starting ExpiresService principal > 07/08/09 14:53:40 07/09/09 00:53:44 krbtgt/[email protected] >renew until 07/09/09 14:53:40, Etype (skey, tkt): AES-256 CTS > mode with 96-bit SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC > 07/08/09 14:53:56 07/09/09 00:53:44 afs/[email protected] >renew until 07/09/09 14:53:40, Etype (skey, tkt): AES-256 CTS > mode with 96-bit SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC > > So what else should I look for in the token being bad in another way? The enctype must be DES-CBC-CRC for use with AFS. AES is not supported. Jeffrey Altman ___ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] (no subject)
"Lara Lloret Iglesias" <[EMAIL PROTECTED]> writes: > Yes, I meant "cell" :) > > Sorry, I don't understand. > When the content of AFS is not generated by CellServDB what should I do? cd /afs/athena.mit.edu/ This will automagically create "athena.mit.edu" if you're using dynroot. I'm PRETTY sure that it wont create the entry until it needs to. > Lara -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available ___ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] (no subject)
$ /usr/openafs/sbin/afsd -help Usage: /usr/openafs/sbin/afsd [-blocks <1024 byte blocks in cache>] [-files ] [-rootvol ] [-stat ] [-memcache] [-cachedir ] [-mountdir ] [-daemons ] [-nosettime] [-verbose] [-rmtsys] [-debug] [-chunksize ] [-dcache ] [-volumes ] [-biods ] [-prealloc ] [-confdir ] [-logfile ] [-waitclose] [-shutdown] [-afsdb] [-files_per_subdir ] [-dynroot] [-fakestat] [-fakestat-all] [-nomount] [-backuptree] [-rxbind] [-settime] [-rxpck ] [-vicepaccess] [-check-partitions] [-help] Where: -memcache run diskless -nosettime don't set the time -verbose display lots of information -rmtsysstart NFS rmtsysd program -debug display debug info -waitclose make close calls synchronous -shutdown Shutdown all afs state -afsdb Enable AFSDB support -dynroot Enable dynroot support -fakestat Enable fakestat support for cross-cell mounts -fakestat-all Enable fakestat support for all mounts -nomount Do not mount AFS -backuptreePrefer backup volumes for mointpoints in backup volumes -rxbindBind the Rx socket (one interface only) -settime set the time -vicepaccess Enable direct I/O to visible vicep-partitions -check-partitions Check fileserver partitions and exit -dynroot is for /afs from CellServDB. -afsdb is a good thing if you want to access cells that have their info in DNS instead of CellServDB Harald. ___ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] (no subject)
> the only server that i found is cern.ch I guess the only _cell_ you found. Depending on if you use the dynamic /afs root feature or not, the content of /afs is generated from CellServDB or the content that the sysadmin did put into the volume root.afs. Harald. ___ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] (no subject)
Sorry, nobody here but us lights ... and we're out. Robert Kim Wireless Internet Advisor <[EMAIL PROTECTED]> writes: > anybody here? > > bob -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available ___ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] (no subject)
There are no compiled locale specific message files for the logging data generated by OpenAFS for Windows. Therefore the log entries appear as they do. Jeffrey Altman Gurganus, Brant L wrote: That is a detail that is part of the event meant to replace a %1 in the actual message such as File not found: %1 Where %1 would change for each time the message occurs. In this case, the message sounds like it is supposed to be "AFS running," but instead of giving that as the message it is given as a parameter to a message that has no text. If I am wrong on my understanding of how event logging is used, could you point me to the documentation that tells that this is the correct usage of the logging APIs. For my understanding of event logging, I am looking at http://msdn.microsoft.com/library/default.asp?url=""> and related information. -Original Message- From: Jeffrey Altman [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 15, 2005 5:31 PM To: Gurganus, Brant L Cc: [email protected] Subject: Re: [OpenAFS] (no subject) Gurganus, Brant L wrote: There are AFS Client entries that appear in the Application event log that do not contain their message. What are the messages supposed to be and why are they not appearing? They do include the message: "AFS running." smime.p7s Description: S/MIME Cryptographic Signature
RE: [OpenAFS] (no subject)
That is a detail that is part of the event meant to replace a %1 in the actual message such as File not found: %1 Where %1 would change for each time the message occurs. In this case, the message sounds like it is supposed to be "AFS running," but instead of giving that as the message it is given as a parameter to a message that has no text. If I am wrong on my understanding of how event logging is used, could you point me to the documentation that tells that this is the correct usage of the logging APIs. For my understanding of event logging, I am looking at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/event_identifiers.asp and related information. -Original Message- From: Jeffrey Altman [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 15, 2005 5:31 PM To: Gurganus, Brant L Cc: [email protected] Subject: Re: [OpenAFS] (no subject) Gurganus, Brant L wrote: > There are AFS Client entries that appear in the Application event log > that do not contain their message. What are the messages supposed to be > and why are they not appearing? They do include the message: "AFS running." smime.p7s Description: S/MIME cryptographic signature
Re: [OpenAFS] (no subject)
Gurganus, Brant L wrote: > There are AFS Client entries that appear in the Application event log > that do not contain their message. What are the messages supposed to be > and why are they not appearing? They do include the message: "AFS running." smime.p7s Description: S/MIME Cryptographic Signature
Re: [OpenAFS] (no subject)
Roman I wrote afs-integration.txt as support for JPSoftware. Rex Conn is going to be adding openAFS support to 4NT 7.0. Any additional information will have to be obtained by reading the source code. The functionality of obtaining tokens and listing tokens is performed by several tools for which the source code is available: * aklog * afscreds * integrated login * mit kfw's leash If you have specific questions you want to ask or have code written for, Secure Endpoints is also available for hire. Jeffrey Altman Roman Rozinov wrote: > The release page for Windows 2000/XP/2003 contains > afs-integration.txt. In it, it specifies some functions to interact > with AFS Service. What would be the place to obtain more detailed > information than shown in afs-integration.txt? I am looking for an > ability to klog and verify that tokens exist, and possibly check AFS > path for validity before calling WNetAddConnection() > > Thanks in advance for your time and input, > > ** > > *Roman Rozinov* > Technology Support Analyst > Network Technology, OCM, IT > Arizona State University > > /"The significant problems we face cannot be solved at the same level of > thinking we were at when we created them./"—Albert Einstein > > smime.p7s Description: S/MIME Cryptographic Signature
Re: [OpenAFS] (no subject)
In message <[EMAIL PROTECTED]>,Jim Rees writes: >Per-file permissions based on the mode bits might make sense, and it's >obviously possible if mrafs does it. I think I would do it on a per-volume the simplest form of this (which would seem to fix problems for most people i imagine) would be to interpret perm modes without world bits as meaning that system:anyuser and system:authuser should be ignored for this particular file. perhaps group perm bits would allow/disallow system:authuser. ___ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] (no subject)
Depending on obscure file names for access control seems like a bad idea to me, especially when there are other mechanisms available. Implementing unreadable directories would require a major protocol change, because lookups would have to be done on the server instead of on the client. This is how nfs works. Instead of caching whole directories, the client would have to cache directory entries. The protocol would become much chattier. Per-file permissions based on the mode bits might make sense, and it's obviously possible if mrafs does it. I think I would do it on a per-volume basis, which would be much easier than per-user. ___ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] (no subject)
Did you restart all your AFS processes after updating the KeyFile? -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available ___ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
