Index: openafs/doc/html/QuickStartUnix/auqbg005.htm diff -c openafs/doc/html/QuickStartUnix/auqbg005.htm:1.2 openafs/doc/html/QuickStartUnix/auqbg005.htm:1.2.44.1 *** openafs/doc/html/QuickStartUnix/auqbg005.htm:1.2 Wed Aug 29 13:12:35 2001 --- openafs/doc/html/QuickStartUnix/auqbg005.htm Sun Jun 22 23:41:32 2008 *************** *** 597,608 ****
If the machine's kernel supports NFS server functionality:
# cp bin/libafs.o /usr/sys/BINARY/afs.mod!
If the machine's kernel does not support NFS server ! functionality:
# cp bin/libafs.nonfs.o /usr/sys/BINARY/afs.mod --- 597,609 ----
If the machine's kernel supports NFS server functionality and is to be ! used as an NFS translator:
# cp bin/libafs.o /usr/sys/BINARY/afs.mod!
If the machine's kernel does not support NFS server functionality ! or is not to be used as an NFS translator:
# cp bin/libafs.nonfs.o /usr/sys/BINARY/afs.mod *************** *** 823,834 ****
If the machine's kernel supports NFS server functionality:
# cp bin/libafs.a /usr/conf/lib!
If the machine's kernel does not support NFS server functionality, ! change the file's name as you copy it:
# cp bin/libafs.nonfs.a /usr/conf/lib/libafs.a --- 824,837 ----
If the machine's kernel supports NFS server functionality and is to be ! used as an NFS translator:
# cp bin/libafs.a /usr/conf/lib!
If the machine's kernel does not support NFS server functionality ! or is not to be used as an NFS translator, change the file's name as ! you copy it:
# cp bin/libafs.nonfs.a /usr/conf/lib/libafs.a *************** *** 1205,1222 **** IPxx portion of the library file name must match the value previously returned by the uname -m command. Also choose the file appropriate to whether the machine's kernel supports NFS server ! functionality (NFS must be supported for the machine to act as an NFS/AFS Translator). Single- and multiprocessor machines use the same library file.(You can choose to copy all of the kernel library files into the /usr/vice/etc/sgiload directory, but they require a significant amount of space.) !
If the machine's kernel supports NFS server functionality:
# cp -p usr/vice/etc/sgiload/libafs.IPxx.o /usr/vice/etc/sgiload!If the machine's kernel does not support NFS server ! functionality:
# cp -p usr/vice/etc/sgiload/libafs.IPxx.nonfs.o \ /usr/vice/etc/sgiload --- 1208,1227 ---- IPxx portion of the library file name must match the value previously returned by the uname -m command. Also choose the file appropriate to whether the machine's kernel supports NFS server ! functionality and is to be used as an NFS translator (NFS must be ! supported for the machine to act as an NFS/AFS Translator). Single- and multiprocessor machines use the same library file.(You can choose to copy all of the kernel library files into the /usr/vice/etc/sgiload directory, but they require a significant amount of space.) !
If the machine's kernel supports NFS server functionality and is to be ! used as an NFS translator:
# cp -p usr/vice/etc/sgiload/libafs.IPxx.o /usr/vice/etc/sgiload!If the machine's kernel does not support NFS server functionality ! or is not to be used as an NFS translator:
# cp -p usr/vice/etc/sgiload/libafs.IPxx.nonfs.o \ /usr/vice/etc/sgiload *************** *** 1266,1280 **** /var/sysgen/boot/afs.a; the IPxx portion of the library file name must match the value previously returned by the uname -m command. Also choose the file appropriate to ! whether the machine's kernel supports NFS server functionality (NFS must ! be supported for the machine to act as an NFS/AFS Translator). Single- and multiprocessor machines use the same library file. !If the machine's kernel supports NFS server functionality:
# cp -p bin/libafs.IPxx.a /var/sysgen/boot/afs.a!If the machine's kernel does not support NFS server ! functionality:
# cp -p bin/libafs.IPxx.nonfs.a /var/sysgen/boot/afs.a --- 1271,1287 ---- /var/sysgen/boot/afs.a; the IPxx portion of the library file name must match the value previously returned by the uname -m command. Also choose the file appropriate to ! whether the machine's kernel supports NFS server functionality and is ! to be used as an NFS translator (NFS must be supported for the machine ! to act as an NFS/AFS Translator). Single- and multiprocessor machines use the same library file. !If the machine's kernel supports NFS server functionality and is to be ! used as an NFS translator:
# cp -p bin/libafs.IPxx.a /var/sysgen/boot/afs.a!If the machine's kernel does not support NFS server functionality ! or is not to be used as an NFS translator:
# cp -p bin/libafs.IPxx.nonfs.a /var/sysgen/boot/afs.a *************** *** 1686,1711 ****
If the machine is running Solaris 2.6 or the 32-bit version of ! Solaris 7, its kernel supports NFS server functionality, and the ! nfsd process is running:
# cp -p modload/libafs.o /kernel/fs/afs
If the machine is running Solaris 2.6 or the 32-bit version of ! Solaris 7, and its kernel does not support NFS server functionality or the ! nfsd process is not running:
# cp -p modload/libafs.nonfs.o /kernel/fs/afs
If the machine is running the 64-bit version of Solaris 7, its kernel ! supports NFS server functionality, and the nfsd process is running:
# cp -p modload/libafs64.o /kernel/fs/sparcv9/afs
If the machine is running the 64-bit version of Solaris 7, and its ! kernel does not support NFS server functionality or the nfsd ! process is not running:
# cp -p modload/libafs64.nonfs.o /kernel/fs/sparcv9/afs --- 1693,1717 ----
If the machine is running Solaris 2.6 or the 32-bit version of ! Solaris 7, its kernel supports NFS server functionality and is to be ! used as an NFS translator, and the nfsd process is running:
# cp -p modload/libafs.o /kernel/fs/afs
If the machine is running Solaris 2.6 or the 32-bit version of ! Solaris 7, and its kernel does not support NFS server functionality, is ! not to be used as an NFS translator, or the nfsd process is not running:
# cp -p modload/libafs.nonfs.o /kernel/fs/afs
If the machine is running the 64-bit version of Solaris 7, its kernel ! supports NFS server functionality and is to be used as an NFS translator, and the nfsd process is running:
# cp -p modload/libafs64.o /kernel/fs/sparcv9/afs
If the machine is running the 64-bit version of Solaris 7, and its ! kernel does not support NFS server functionality, is not to be used as an NFS translator or the nfsd process is not running:
# cp -p modload/libafs64.nonfs.o /kernel/fs/sparcv9/afs Index: openafs/doc/man-pages/README diff -c openafs/doc/man-pages/README:1.8.2.18 openafs/doc/man-pages/README:1.8.2.18.2.1 *** openafs/doc/man-pages/README:1.8.2.18 Tue Apr 1 02:57:18 2008 --- openafs/doc/man-pages/README Sun Jun 8 23:45:49 2008 *************** *** 201,206 **** --- 201,207 ---- * The following installed commands have no man pages: + compile_et.afs copyauth fs cscpolicy fs memdump *************** *** 208,220 **** --- 209,227 ---- fs rxstatpeer fs rxstatproc fs setcbaddr + klog.krb + krb.conf + pagsh.krb restorevol rmtsysd + tokens.krb vldb_convert vos clone vos setfields vsys + * Add -noresolve to the documentation of all the vos commands. + * klog.krb, pagsh.krb, and tokens.krb need to be listed as alternative names in the NAME line of the non-.krb man pages, links should be installed on man page installation, and the behavior of pagsh.krb Index: openafs/doc/man-pages/pod1/aklog.pod diff -c openafs/doc/man-pages/pod1/aklog.pod:1.1.4.4 openafs/doc/man-pages/pod1/aklog.pod:1.1.4.4.4.1 *** openafs/doc/man-pages/pod1/aklog.pod:1.1.4.4 Thu Nov 9 19:01:26 2006 --- openafs/doc/man-pages/pod1/aklog.pod Sun Jun 8 23:45:50 2008 *************** *** 20,38 **** =head1 DESCRIPTION The Bprogram authenticates to a cell in AFS by obtaining AFS ! tokens. If B is invoked with no command-line arguments, it will ! obtain tokens for the workstation's local cell. It may be invoked with an ! arbitrary number of cells and pathnames to obtain tokens for multiple ! cells. B knows how to expand cell name abbreviations, so cells can ! be referred to by enough letters to make the cell name unique among the ! cells the workstation knows about. B obtains tokens by obtaining a Kerberos service ticket for the AFS service and then storing it as a token. By default, it obtains that ! ticket from the realm corresponding to that cell (the upcase version of the cell name), but a different realm for a particular cell can be specified with B<-k>. B<-k> cannot be used in B<-path> mode (see below). When using B , be aware that AFS uses the Kerberos v4 principal naming format, not the Kerberos v5 format, when referring to principals in PTS ACLs, F , and similar locations. AFS will internally map --- 20,48 ---- =head1 DESCRIPTION The B program authenticates to a cell in AFS by obtaining AFS ! tokens using a Kerberos 5 ticket. If B is invoked with no ! command-line arguments, it will obtain tokens for the workstation's local ! cell. It may be invoked with an arbitrary number of cells and pathnames ! to obtain tokens for multiple cells. B knows how to expand cell ! name abbreviations, so cells can be referred to by enough letters to make ! the cell name unique among the cells the workstation knows about. B obtains tokens by obtaining a Kerberos service ticket for the AFS service and then storing it as a token. By default, it obtains that ! ticket from the realm corresponding to that cell (the uppercase version of the cell name), but a different realm for a particular cell can be specified with B<-k>. B<-k> cannot be used in B<-path> mode (see below). + When a Kerberos 5 cross-realm trust is used, B looks up the AFS ID + corresponding to the name (Kerberos principal) of the person invoking the + command, and if the user doesn't exist and the + system:authuser@FOREIGN.REALM PTS group exists, then it attempts automatic + registration of the user with the foreign cell. The user is then added to + the system:authuser@FOREIGN.REALM PTS group if registration is successful. + Automatic registration in the foreign cell will fail if the group quota + for the system:authuser@FOREIGN.REALM group is less than one. Each + automatic registration decrements the group quota by one. + When using B , be aware that AFS uses the Kerberos v4 principal naming format, not the Kerberos v5 format, when referring to principals in PTS ACLs, F , and similar locations. AFS will internally map *************** *** 75,85 **** =item B<-hosts> ! Prints all the server addresses which may act as a single point of ! failure in accessing the specified directory path. Each element of the ! path is examined, and as new volumes are traversed, if they are not ! replicated, the server's IP address containing the volume will be ! displayed. The output is of the form: host: --- 85,95 ---- =item B<-hosts> ! Prints all the server addresses which may act as a single point of failure ! in accessing the specified directory path. Each element of the path is ! examined, and as new volumes are traversed, if they are not replicated, ! the server's IP address containing the volume will be displayed. The ! output is of the form: host: *************** *** 106,116 **** =item B<-noprdb> Ordinarily, B looks up the AFS ID corresponding to the name of the ! person invoking the command, and if the user doesn't exist and the cell is ! a foreign one, attempts automatic registration of the user with the remote ! cell. Specifying this flag turns off this functionality. This may be ! desirable if the protection database is unavailable for some reason and ! tokens are desired anyway, or if one wants to disable user registration. =item B<-path> >, B<-p> > --- 116,128 ---- =item B<-noprdb> Ordinarily, B looks up the AFS ID corresponding to the name of the ! person invoking the command, and if the user doesn't exist, the cell is a ! foreign one, the system:authuser@FOREIGN.REALM PTS group exists, and has a ! positive group quota, then it attempts automatic registration of the user ! with the foreign cell. Specifying this flag turns off this functionality. ! This may be desirable if the protection database is unavailable for some ! reason and tokens are desired anyway, or if one wants to disable user ! registration. =item B<-path> >, B<-p> > Index: openafs/doc/man-pages/pod1/pts_examine.pod diff -c openafs/doc/man-pages/pod1/pts_examine.pod:1.4.2.2 openafs/doc/man-pages/pod1/pts_examine.pod:1.4.2.2.2.1 *** openafs/doc/man-pages/pod1/pts_examine.pod:1.4.2.2 Mon Feb 4 12:53:44 2008 --- openafs/doc/man-pages/pod1/pts_examine.pod Sun Jun 8 23:45:51 2008 *************** *** 9,24 **** B S<<< B<-nameorid> >+ >>> S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] ! [B<-force>] [B<-help>] B S<<< B<-na> >+ >>> S<<< [B<-c> >] >>> ! [B<-no>] [B<-l>] [B<-f>] [B<-h>] B S<<< B<-na> >+ >>> S<<< [B<-c> >] >>> ! [B<-no>] [B<-l>] [B<-f>] [B<-h>] B S<<< B<-na> >+ >>> S<<< [B<-c> >] >>> ! [B<-no>] [B<-l>] [B<-f>] [B<-h>] =for html --- 9,24 ---- B S<<< B<-nameorid> >+ >>> S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] ! [B<-force>] [B<-auth>] [B<-help>] B S<<< B<-na> >+ >>> S<<< [B<-c> >] >>> ! [B<-no>] [B<-l>] [B<-f>] [B<-a>] [B<-h>] B S<<< B<-na> >+ >>> S<<< [B<-c> >] >>> ! [B<-no>] [B<-l>] [B<-f>] [B<-a>] [B<-h>] B S<<< B<-na> >+ >>> S<<< [B<-c> >] >>> ! [B<-no>] [B<-l>] [B<-f>] [B<-a>] [B<-h>] =for html *************** *** 63,68 **** --- 63,73 ---- Enables the command to continue executing as far as possible when errors or other problems occur, rather than halting execution at the first error. + =item B<-auth> + + Run using the user's current authentication. This is the default unless + the B<-noauth> or B<-localauth> options are used. + =item B<-help> Prints the online help for this command. All other valid options are *************** *** 203,209 **** The default privacy flags for group entries are C , meaning that all users can display the entry and the members of the group, but only the entry owner and members of the system:administrators group can perform ! other functions. =item group quota --- 208,216 ---- The default privacy flags for group entries are C , meaning that all users can display the entry and the members of the group, but only the entry owner and members of the system:administrators group can perform ! other functions. The defaults for the privacy flags may be changed by ! running B with the B<-default_access> option. See L ! for more discussion of the B<-default_access> option. =item group quota *************** *** 211,218 **** createuser> command sets it to 20 for both users and machines, but it has no meaningful interpretation for a machine, because it is not possible to authenticate as a machine. Similarly, it has no meaning in group entries ! and the B command sets it to 0 (zero); do not change this ! value. =back --- 218,232 ---- createuser> command sets it to 20 for both users and machines, but it has no meaningful interpretation for a machine, because it is not possible to authenticate as a machine. Similarly, it has no meaning in group entries ! that only deal with the local cell and the B command sets ! it to 0 (zero); do not change this value. ! ! When using cross-realm authentication, a special group of the form ! system:authuser@FOREIGN.REALM is created by an administrator and used. If ! the group quota for this special group is greater than zero, then aklog ! will automatically register foreign users in the local PTS database, add ! the foreign user to the system:authuser@FOREIGN.REALM, and decrement the ! group quota by one. =back Index: openafs/doc/man-pages/pod8/ptserver.pod diff -c openafs/doc/man-pages/pod8/ptserver.pod:1.3.2.2 openafs/doc/man-pages/pod8/ptserver.pod:1.3.2.2.2.1 *** openafs/doc/man-pages/pod8/ptserver.pod:1.3.2.2 Wed Apr 2 15:51:53 2008 --- openafs/doc/man-pages/pod8/ptserver.pod Sun Jun 8 23:45:54 2008 *************** *** 7,15 **** =for html ! B--- 7,20 ---- =for htmlS<<< [B<-database> >] >>> S<<< [B<-p> >] >>> ! [B<-rebuildDB>] [B<-enable_peer_stats>] [B<-enable_process_stats>] ! [B<-allow-dotted-principal>] [B<-rxbind>] [B<-help>] =for html ! B*************** *** 48,53 **** --- 53,66 ---- =back + When using Kerberos 5, cross-realm authentication is possible. If the + special pts group system:authuser@FOREIGN.REALM exists and its group quota + is greater than zero, BS<<< [B<-database> | B<-db> >] >>> S<<< [B<-p> >] >>> ! [B<-rebuildDB>] S<<< [B<-groupdepth> >] >>> ! S<<< [B<-default_access> > >] >>> ! [B<-restricted>] [B<-enable_peer_stats>] ! [B<-enable_process_stats>] [B<-allow-dotted-principal>] ! [B<-rxbind>] S<<< [B<-auditlog> >] >>> ! S<<< [B<-syslog>[=>]] >>> S<<< [B<-rxmaxmtu> >] >>> ! [B<-help>] =for html will automatically create an entry for the + foreign user in the local PTS database and add the foreign user to the + system:authuser@FOREIGN.REALM PTS group. Each time a foreign user is + created in the local PTS database, the group quota for the + system:authuser@FOREIGN.REALM PTS group is decremented by one. + This command does not use the syntax conventions of the AFS command suites. Provide the command name and all option names in full. *************** *** 55,61 **** =over 4 ! =item B<-database> > Specifies the pathname of an alternate directory in which the Protection Database files reside. Provide the complete pathname, ending in the base --- 68,74 ---- =over 4 ! =item B<-database> >, B<-db> > Specifies the pathname of an alternate directory in which the Protection Database files reside. Provide the complete pathname, ending in the base *************** *** 75,80 **** --- 88,111 ---- initialization. Use this argument only in consultation with AFS Development or Product Support. + =item B<-groupdepth> >, B<-depth> > + + Specifies the group depth for nested groups when B is compiled + with the SUPERGROUPS option enabled. The default depth for nested groups + is 5. This option may be shortened to B<-depth>. + + =item B<-default_access> > > + + Specifies the default user and group privacy flags to apply to each + entry. Provide a string of five characters, one for each of the + permissions. See L or L for more + information on the flags. + + =item B<-restricted> + + Run the PT Server in restricted mode. While in restricted mode, only + members of the system:administrators PTS group may make any PTS changes. + =item B<-enable_peer_stats> Activates the collection of Rx statistics and allocates memory for their *************** *** 94,110 **** =item B<-allow-dotted-principal> By default, the RXKAD security layer will disallow access by Kerberos ! principals with a dot in the first component of their name. This is to avoid ! the confusion where principals user/admin and user.admin are both mapped to the ! user.admin PTS entry. Sites whose Kerberos realms don't have these collisions ! between principal names may disable this check by starting the server ! with this option. =item B<-rxbind> Bind the Rx socket to the primary interface only. (If not specified, the Rx socket will listen on all interfaces.) =item B<-help> Prints the online help for this command. All other valid options are --- 125,156 ---- =item B<-allow-dotted-principal> By default, the RXKAD security layer will disallow access by Kerberos ! principals with a dot in the first component of their name. This is to ! avoid the confusion where principals user/admin and user.admin are both ! mapped to the user.admin PTS entry. Sites whose Kerberos realms don't have ! these collisions between principal names may disable this check by ! starting the server with this option. =item B<-rxbind> Bind the Rx socket to the primary interface only. (If not specified, the Rx socket will listen on all interfaces.) + =item B<-syslog>[=>] + + Specifies that logging output should go to syslog instead of the normal + log file. B<-syslog>=I can be used to specify to which facility + the log message should be sent. Logging message sent to syslog are tagged + with the string "ptserver". + + =item B<-auditlog> > + + Specifies the full pathname for the B file. + + =item B<-rxmaxmtu> > + + Sets the maximum transmission unit for the RX protocol. + =item B<-help> Prints the online help for this command. All other valid options are Index: openafs/doc/txt/winnotes/afs-changes-since-1.2.txt diff -c openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.72.2.51 openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.72.2.51.2.2 *** openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.72.2.51 Mon Apr 21 11:51:28 2008 --- openafs/doc/txt/winnotes/afs-changes-since-1.2.txt Mon Jun 23 00:02:23 2008 *************** *** 1,3 **** --- 1,64 ---- + Since 1.5.36 [1.5.39 released 23 June 2008] + * There were no 1.5.37 or 1.5.38 releases for Windows + + * Use Visual Studio version of vsprintf() instead of + home grown version that resulted in linking conflicts + + * Prevent buserver, ptserver and fileserver from crashing + due to non-portable strftime() format strings. + + * Prevent server crashes caused by rx_InitMorePackets() + being called prior to allocation of all of the required + synchronization objects. + + * Fixed a memory leak in the internal B+ tree directory. + For objects with non-8.3 names, the 'longname' memory + allocation would be leaked during object deletion or + tree destruction. + + * Fixed a memory leak in the background daemon cm_CheckServer() + routine. The memory allocated to store the server list + was not freed. + + * Obtain a missing lock around a call to cm_RemoveSCacheFromHashTable(). + + * Correct an abstraction layer violation. cm_scache_t objects + should be marked deleted in cm_Unlink() and cm_RemoveDir() and not + in smb_CloseFID(). Cleanup of deleted cm_scache_t objects should be + performed in cm_ReleaseSCache() when the reference count hits zero. + + * Prototype cm_AdjustScacheLRU() and re-implement it using osi_QAddH(). + + * Do not reference 'smb_logp' in cm_vnodeops.c. Use 'afsd_logp' + instead. + + * Ensure that scache object 'nextp' pointers are set to NULL + when the objects are removed from the hash table linked list. + + * If a dirty buffer cannot be written to the file server because + of an access denied error, mark the error in the cm_buf_t + structure so that it can be dealt with instead of retrying + forever. + + Since 1.5.35 + * Update CellServDB file to GCO Public 23 Apr 2008 + + * Fix a cm_buf_t reference count leak when attempts to write + dirty buffers to the file server from within cm_IncrSyncer() + fail. + + * Prevent udebug from crashing. + + * Activate RX Idle Timeouts. If the file server is busy for more + then 30 seconds, attempt to failover to another server without + marking the busy server down. + + * Another VNOVNODE issue fixed. When writing a dirty buffer + to the file server, if VNOVNODE is received, mark all buffers + as invalid without further attempts to contact the file server. + + * Improved performance on high latency links. + Since 1.5.34 * Fix a bug preventing the re-initialization of the Freelance root.cell contents when a change is made.