Index: openafs/doc/man-pages/pod1/cmdebug.pod
diff -c openafs/doc/man-pages/pod1/cmdebug.pod:1.2 openafs/doc/man-pages/pod1/cmdebug.pod:1.2.2.1
*** openafs/doc/man-pages/pod1/cmdebug.pod:1.2 Wed Mar 1 00:02:29 2006
--- openafs/doc/man-pages/pod1/cmdebug.pod Mon Jan 14 00:05:28 2008
***************
*** 8,27 ****
B S<<< B<-servers> > >>> S<<< [B<-port> >] >>>
! [B<-long>] [B<-refcounts>] [B<-callbacks>] [B<-addrs>] [B<-cache>]
! B S<<< B<-s> > >>> S<<< [B<-p> >] >>> [B<-l>] [B<-r>] [B<-c>]
! [B<-a>] [B<-h>]
=for html
=head1 DESCRIPTION
! The B command displays information about the Cache Manager and
! client cache status on an AFS client machine. By default, it displays all
! locked cache entries, but other information can be requested via various
! options.
=head1 OPTIONS
--- 8,40 ----
B S<<< B<-servers> > >>> S<<< [B<-port> >] >>>
! [B<-long>] [B<-refcounts>] [B<-callbacks>] [B<-ctime>] [B<-addrs>]
! [B<-cache>] [B<-cellservdb>] [B<-help>]
! B S<<< B<-s> > >>> S<<< [B<-p> >] >>> [B<-l>] [B<-r>] [B<-cal>]
! [B<-ct>] [B<-a>] [B<-cac>] B<-ce>] [B<-h>]
=for html
=head1 DESCRIPTION
! The B command displays information about the Cache Manager
! and client cache status on a local or remote AFS client machine. By
! default, it displays all locked cache entries, but other information
! can be requested via various options.
!
! =head1 CAUTIONS
!
! The B<-ctime> option is only available with OpenAFS version 1.4.7 and
! later or version 1.5.28 or later. This option can be used to gather
! information from any version of the Unix OpenAFS client, but can only
! query Windows clients running OpenAFS version 1.5.28 or later.
!
! The B<-cellservdb> option is only available with OpenAFS version 1.4.7
! and later or version 1.5.31 or later. This option can be used to gather
! information from any version of the Unix OpenAFS client, but can only
! query Windows clients running OpenAFS version 1.5.31 or later.
=head1 OPTIONS
***************
*** 31,41 ****
Names the client machine for which to display Cache Manager status.
Provide the machine's IP address in dotted decimal format, its fully
! qualified host name (for example, B), or the shortest
abbreviated form of its host name that distinguishes it from other
machines. Successful use of an abbreviated form depends on the
! availability of a name resolution service (such as the Domain Name Service
! or a local host table) at the time the command is issued.
=item B<-port> >
--- 44,54 ----
Names the client machine for which to display Cache Manager status.
Provide the machine's IP address in dotted decimal format, its fully
! qualified host name (for example, B), or the shortest
abbreviated form of its host name that distinguishes it from other
machines. Successful use of an abbreviated form depends on the
! availability of a name resolution service (such as the Domain Name
! Service or a local host table) at the time the command is issued.
=item B<-port> >
***************
*** 46,52 ****
Reports on all lock statuses and all cache entries, rather than only
locked cache entries. Do not use this option with B<-refcounts>,
! B<-callbacks>, B<-addrs>, or B<-cache>.
=item B<-refcounts>
--- 59,65 ----
Reports on all lock statuses and all cache entries, rather than only
locked cache entries. Do not use this option with B<-refcounts>,
! B<-callbacks>, B<-addrs>, B<-cache>, or B<-cellservdb>.
=item B<-refcounts>
***************
*** 58,63 ****
--- 71,81 ----
Reports only those cache entries with callbacks. Do not use this option
with B<-long>, B<-refcounts>, B<-addrs>, or B<-cache>.
+ =item B<-ctime>
+
+ Causes entry expiration times to be shown in human-readable format. Do
+ not use this option with B<-addrs> or B<-cache>.
+
=item B<-addrs>
Rather than showing any cache entries, displays the interfaces the Cache
***************
*** 73,78 ****
--- 91,105 ----
information that can be configured via parameters to B. Do not use
this option with B<-long>, B<-refcounts>, B<-callbacks>, or B<-addrs>.
+ =item B<-cellservdb>
+
+ Lists all known volume location database records in a
+ CellServDB-compatible format. This includes all records in memory,
+ including those from the CellServDB file, AFSDB DNS records, and the
+ B command. This option could be used to see if a client
+ has the latest copy of the CellServDB file. Do not use this option
+ with B<-long>, B<-refcounts>, B<-callbacks>, or B<-cache>.
+
=item B<-help>
Prints the online help for this command. All other valid options are
***************
*** 86,98 ****
% cmdebug client1
! Displays the cache configuration for C:
! % cmdebug client1.abc.com -cache
! Displays all cache entries for C:
! % cmdebug client2.abc.com -long
=head1 PRIVILEGE REQUIRED
--- 113,125 ----
% cmdebug client1
! Displays the cache configuration for C:
! % cmdebug client1.example.com -cache
! Displays all cache entries for C:
! % cmdebug client2.example.com -long
=head1 PRIVILEGE REQUIRED
***************
*** 100,106 ****
=head1 SEE ALSO
! L
=head1 COPYRIGHT
--- 127,135 ----
=head1 SEE ALSO
! L,
! L,
! L
=head1 COPYRIGHT
Index: openafs/doc/man-pages/pod1/pts.pod
diff -c openafs/doc/man-pages/pod1/pts.pod:1.2.6.1 openafs/doc/man-pages/pod1/pts.pod:1.2.6.2
*** openafs/doc/man-pages/pod1/pts.pod:1.2.6.1 Fri Aug 17 21:46:25 2007
--- openafs/doc/man-pages/pod1/pts.pod Mon Feb 4 12:53:44 2008
***************
*** 91,96 ****
--- 91,102 ----
The local F file.
+ Do not combine the B<-cell> and B<-localauth> options. A command on which
+ the B<-localauth> flag is included always runs in the local cell (as
+ defined in the server machine's local F file),
+ whereas a command on which the B<-cell> argument is included runs in the
+ specified foreign cell.
+
=back
=item B<-force>
***************
*** 123,128 ****
--- 129,157 ----
and refuses to perform such an action even if the B<-noauth> flag is
provided.
+ =item B<-localauth>
+
+ Constructs a server ticket using the server encryption key with the
+ highest key version number in the local F file. The
+ B command interpreter presents the ticket, which never expires, to
+ the BOS Server during mutual authentication.
+
+ Use this flag only when issuing a command on a server machine; client
+ machines do not usually have a F file. The issuer
+ of a command that includes this flag must be logged on to the server
+ machine as the local superuser C. The flag is useful for commands
+ invoked by an unattended application program, such as a process controlled
+ by the UNIX B utility. It is also useful if an administrator is
+ unable to authenticate to AFS but is logged in as the local superuser
+ C.
+
+ Do not combine the B<-cell> and B<-localauth> options. A command on which
+ the B<-localauth> flag is included always runs in the local cell (as
+ defined in the server machine's local F file),
+ whereas a command on which the B<-cell> argument is included runs in the
+ specified foreign cell. Also, do not combine the B<-localauth> and
+ B<-noauth> flags.
+
=back
=head1 PRIVILEGE REQUIRED
Index: openafs/doc/man-pages/pod1/pts_adduser.pod
diff -c openafs/doc/man-pages/pod1/pts_adduser.pod:1.4.2.1 openafs/doc/man-pages/pod1/pts_adduser.pod:1.4.2.2
*** openafs/doc/man-pages/pod1/pts_adduser.pod:1.4.2.1 Sun Nov 11 18:51:05 2007
--- openafs/doc/man-pages/pod1/pts_adduser.pod Mon Feb 4 12:53:44 2008
***************
*** 8,17 ****
B
S<<< B<-user> >+ >>> S<<< B<-group> >+ >>>
! S<<< [B<-cell> >] >>> [B<-noauth>] [B<-force>] [B<-help>]
B S<<< B<-u> >+ >>> S<<< B<-g> >+ >>>
! S<<< [B<-c> >] >>> [B<-n>] [B<-f>] [B<-h>]
=for html
--- 8,17 ----
B
S<<< B<-user> >+ >>> S<<< B<-group> >+ >>>
! S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>]
B S<<< B<-u> >+ >>> S<<< B<-g> >+ >>>
! S<<< [B<-c> >] >>> [B<-n>] [B<-l>] [B<-f>] [B<-h>]
=for html
***************
*** 60,65 ****
--- 60,73 ----
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L.
+ =item B<-localauth>
+
+ Constructs a server ticket using a key from the local
+ F file. The B command interpreter presents the
+ ticket to the Protection Server during mutual authentication. Do not combine
+ this flag with the B<-cell> or B<-noauth> options. For more details, see
+ L.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
Index: openafs/doc/man-pages/pod1/pts_chown.pod
diff -c openafs/doc/man-pages/pod1/pts_chown.pod:1.4.2.1 openafs/doc/man-pages/pod1/pts_chown.pod:1.4.2.2
*** openafs/doc/man-pages/pod1/pts_chown.pod:1.4.2.1 Sun Nov 11 18:51:05 2007
--- openafs/doc/man-pages/pod1/pts_chown.pod Mon Feb 4 12:53:44 2008
***************
*** 8,17 ****
B
S<<< B<-name> > >>> S<<< B<-owner> > >>>
! S<<< [B<-cell> >] >>> [B<-noauth>] [B<-force>] [B<-help>]
B S<<< B<-na> > >>> S<<< B<-o> > >>>
! S<<< [B<-c> >] >>> [B<-no>] [B<-f>] [B<-h>]
=for html
--- 8,17 ----
B
S<<< B<-name> > >>> S<<< B<-owner> > >>>
! S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>]
B S<<< B<-na> > >>> S<<< B<-o> > >>>
! S<<< [B<-c> >] >>> [B<-no>] [B<-l>] [B<-f>] [B<-h>]
=for html
***************
*** 62,67 ****
--- 62,73 ----
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L.
+ =item B<-localauth>
+
+ Constructs a server ticket using a key from the local
+ F file. Do not combine this flag with the B<-cell>
+ or B<-noauth> options. For more details, see L.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
Index: openafs/doc/man-pages/pod1/pts_creategroup.pod
diff -c openafs/doc/man-pages/pod1/pts_creategroup.pod:1.4.2.1 openafs/doc/man-pages/pod1/pts_creategroup.pod:1.4.2.2
*** openafs/doc/man-pages/pod1/pts_creategroup.pod:1.4.2.1 Sun Nov 11 18:51:05 2007
--- openafs/doc/man-pages/pod1/pts_creategroup.pod Mon Feb 4 12:53:44 2008
***************
*** 10,24 ****
B S<<< B<-name> >+ >>>
S<<< [B<-owner> >] >>>
S<<< [B<-id> >+] >>> S<<< [B<-cell> >] >>>
! [B<-noauth>] [B<-force>] [B<-help>]
B S<<< B<-na> >+ >>> S<<< [B<-o> >] >>>
S<<< [B<-i> >+] >>> S<<< [B<-c> >] >>>
! [B<-no>] [B<-f>] [B<-h>]
B S<<< B<-na> >+ >>> S<<< [B<-o> >] >>>
S<<< [B<-i> >+] >>> S<<< [B<-c> >] >>>
! [B<-no>] [B<-f>] [B<-h>]
=for html
--- 10,24 ----
B S<<< B<-name> >+ >>>
S<<< [B<-owner> >] >>>
S<<< [B<-id> >+] >>> S<<< [B<-cell> >] >>>
! [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>]
B S<<< B<-na> >+ >>> S<<< [B<-o> >] >>>
S<<< [B<-i> >+] >>> S<<< [B<-c> >] >>>
! [B<-no>] [B<-l>] [B<-f>] [B<-h>]
B S<<< B<-na> >+ >>> S<<< [B<-o> >] >>>
S<<< [B<-i> >+] >>> S<<< [B<-c> >] >>>
! [B<-no>] [B<-l>] [B<-f>] [B<-h>]
=for html
***************
*** 154,159 ****
--- 154,165 ----
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L.
+ =item B<-localauth>
+
+ Constructs a server ticket using a key from the local
+ F file. Do not combine this flag with the
+ B<-cell> or B<-noauth> options. For more details, see L.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
Index: openafs/doc/man-pages/pod1/pts_createuser.pod
diff -c openafs/doc/man-pages/pod1/pts_createuser.pod:1.4.2.1 openafs/doc/man-pages/pod1/pts_createuser.pod:1.4.2.3
*** openafs/doc/man-pages/pod1/pts_createuser.pod:1.4.2.1 Sun Nov 11 18:51:05 2007
--- openafs/doc/man-pages/pod1/pts_createuser.pod Mon Feb 4 14:42:02 2008
***************
*** 8,20 ****
B
S<<< B<-name> >+ >>> S<<< [B<-id> >+] >>>
! S<<< [B<-cell> >] >>> [B<-noauth>] [B<-force>] [B<-help>]
B S<<< B<-na> >+ >>> S<<< [B<-i> >+] >>>
! S<<< [B<-c> >] >>> [B<-no>] [B<-f>] [B<-h>]
B S<<< B<-na> >+ >>> S<<< [B<-i> >+] >>>
! S<<< [B<-c> >] >>> [B<-no>] [B<-f>] [B<-h>]
=for html
--- 8,21 ----
B
S<<< B<-name> >+ >>> S<<< [B<-id> >+] >>>
! S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] [B<-force>]
! [B<-help>]
B S<<< B<-na> >+ >>> S<<< [B<-i> >+] >>>
! S<<< [B<-c> >] >>> [B<-no>] [B<-l>] [B<-f>] [B<-h>]
B S<<< B<-na> >+ >>> S<<< [B<-i> >+] >>>
! S<<< [B<-c> >] >>> [B<-no>] [B<-l>] [B<-f>] [B<-h>]
=for html
***************
*** 137,142 ****
--- 138,149 ----
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L.
+ =item B<-localauth>
+
+ Constructs a server ticket using a key from the local
+ F file. Do not combine this flag with the
+ B<-cell> or B<-noauth> options. For more details, see L.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
Index: openafs/doc/man-pages/pod1/pts_delete.pod
diff -c openafs/doc/man-pages/pod1/pts_delete.pod:1.3.2.1 openafs/doc/man-pages/pod1/pts_delete.pod:1.3.2.2
*** openafs/doc/man-pages/pod1/pts_delete.pod:1.3.2.1 Sun Nov 11 18:51:05 2007
--- openafs/doc/man-pages/pod1/pts_delete.pod Mon Feb 4 12:53:44 2008
***************
*** 8,17 ****
B
S<<< B<-nameorid> >+ >>>
! S<<< [B<-cell> >] >>> [B<-noauth>] [B<-force>] [B<-help>]
B S<<< B<-na> >+ >>>
! S<<< [B<-c> >] >>> [B<-no>] [B<-f>] [-h]
=for html
--- 8,18 ----
B
S<<< B<-nameorid> >+ >>>
! S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>]
! [B<-force>] [B<-help>]
B S<<< B<-na> >+ >>>
! S<<< [B<-c> >] >>> [B<-no>] [B<-l>] [B<-f>] [-h]
=for html
***************
*** 71,76 ****
--- 72,83 ----
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L.
+ =item B<-localauth>
+
+ Constructs a server ticket using a key from the local
+ F file. Do not combine this flag with the
+ B<-cell> or B<-noauth> options. For more details, see L.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
Index: openafs/doc/man-pages/pod1/pts_examine.pod
diff -c openafs/doc/man-pages/pod1/pts_examine.pod:1.4.2.1 openafs/doc/man-pages/pod1/pts_examine.pod:1.4.2.2
*** openafs/doc/man-pages/pod1/pts_examine.pod:1.4.2.1 Sun Nov 11 18:51:05 2007
--- openafs/doc/man-pages/pod1/pts_examine.pod Mon Feb 4 12:53:44 2008
***************
*** 8,23 ****
B
S<<< B<-nameorid> >+ >>>
! S<<< [B<-cell> >] >>> [B<-noauth>] [B<-force>] [B<-help>]
B S<<< B<-na> >+ >>> S<<< [B<-c> >] >>>
! [B<-no>] [B<-f>] [B<-h>]
B S<<< B<-na> >+ >>> S<<< [B<-c> >] >>>
! [B<-no>] [B<-f>] [B<-h>]
B S<<< B<-na> >+ >>> S<<< [B<-c> >] >>>
! [B<-no>] [B<-f>] [B<-h>]
=for html
--- 8,24 ----
B
S<<< B<-nameorid> >+ >>>
! S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>]
! [B<-force>] [B<-help>]
B S<<< B<-na> >+ >>> S<<< [B<-c> >] >>>
! [B<-no>] [B<-l>] [B<-f>] [B<-h>]
B S<<< B<-na> >+ >>> S<<< [B<-c> >] >>>
! [B<-no>] [B<-l>] [B<-f>] [B<-h>]
B S<<< B<-na> >+ >>> S<<< [B<-c> >] >>>
! [B<-no>] [B<-l>] [B<-f>] [B<-h>]
=for html
***************
*** 51,56 ****
--- 52,63 ----
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L.
+ =item B<-localauth>
+
+ Constructs a server ticket using a key from the local
+ F file. Do not combine this flag with the
+ B<-cell> or B<-noauth> options. For more details, see L.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
Index: openafs/doc/man-pages/pod1/pts_interactive.pod
diff -c openafs/doc/man-pages/pod1/pts_interactive.pod:1.2.4.4 openafs/doc/man-pages/pod1/pts_interactive.pod:1.2.4.5
*** openafs/doc/man-pages/pod1/pts_interactive.pod:1.2.4.4 Tue Dec 25 17:30:02 2007
--- openafs/doc/man-pages/pod1/pts_interactive.pod Mon Feb 4 12:53:44 2008
***************
*** 8,14 ****
B
S<<< [B<-cell>] > >>> [B<-noauth>]
! [B<-force>]
B S<<< [B<-c>] > >>> [B<-n>] [B<-f>]
--- 8,14 ----
B
S<<< [B<-cell>] > >>> [B<-noauth>]
! [B<-auth>] [B<-localauth>] [B<-force>]
B S<<< [B<-c>] > >>> [B<-n>] [B<-f>]
***************
*** 20,25 ****
--- 20,31 ----
The B command allows the user to enter an interactive
mode, useful for running bulk commands like creating new users or groups.
+ B uses the authentication state supplied on its command
+ line to run all bulk commands. However, if a bulk command is supplied
+ with authentication options such as B<-cell>, B<-localauth>, B<-auth>
+ or B<-noauth> then it, and all subsequent bulk commands, will be run with
+ those options.
+
=head1 CAUTIONS
Prior to OpenAFS 1.4.5 and OpenAFS 1.5.23, the B command
***************
*** 56,61 ****
--- 62,73 ----
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L.
+ =item B<-localauth>
+
+ Constructs a server ticket using a key from the local
+ F file. Do not combine this flag with the
+ B<-cell> or B<-noauth> options. For more details, see L.
+
=back
=head1 OUTPUT
Index: openafs/doc/man-pages/pod1/pts_listentries.pod
diff -c openafs/doc/man-pages/pod1/pts_listentries.pod:1.4.2.1 openafs/doc/man-pages/pod1/pts_listentries.pod:1.4.2.3
*** openafs/doc/man-pages/pod1/pts_listentries.pod:1.4.2.1 Sun Nov 11 18:51:05 2007
--- openafs/doc/man-pages/pod1/pts_listentries.pod Mon Feb 4 14:42:02 2008
***************
*** 8,16 ****
B
[B<-users>] [B<-groups>] S<<< [B<-cell> >] >>>
! [B<-noauth>] [B<-force>] [B<-help>]
! B [B<-u>] [B<-g>] S<<< [B<-c> >] >>> [B<-n>] [B<-f>] [B<-h>]
=for html
--- 8,17 ----
B
[B<-users>] [B<-groups>] S<<< [B<-cell> >] >>>
! [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>]
! B [B<-u>] [B<-g>] S<<< [B<-c> >] >>> [B<-n>] [B<-l>]
! [B<-f>] [B<-h>]
=for html
***************
*** 47,52 ****
--- 48,59 ----
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L.
+ =item B<-localauth>
+
+ Constructs a server ticket using a key from the local
+ F file. Do not combine this flag with the
+ B<-cell> or B<-noauth> options. For more details, see L.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
Index: openafs/doc/man-pages/pod1/pts_listmax.pod
diff -c openafs/doc/man-pages/pod1/pts_listmax.pod:1.3.2.1 openafs/doc/man-pages/pod1/pts_listmax.pod:1.3.2.2
*** openafs/doc/man-pages/pod1/pts_listmax.pod:1.3.2.1 Sun Nov 11 18:51:05 2007
--- openafs/doc/man-pages/pod1/pts_listmax.pod Mon Feb 4 12:53:44 2008
***************
*** 7,15 ****
=for html
! B
S<<< [B<-cell> >] >>> [B<-noauth>] [B<-force>] [B<-help>]
! B S<<< [B<-c> >] >>> [B<-n>] [B<-f>] [B<-h>]
=for html
--- 7,16 ----
=for html
! B
S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>]
! [B<-force>] [B<-help>]
! B S<<< [B<-c> >] >>> [B<-n>] [B<-l>] [B<-f>] [B<-h>]
=for html
***************
*** 44,49 ****
--- 45,56 ----
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L.
+ =item B<-localauth>
+
+ Constructs a server ticket using a key from the local
+ F file. Do not combine this flag with the
+ B<-cell> or B<-noauth> options. For more details, see L.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
Index: openafs/doc/man-pages/pod1/pts_listowned.pod
diff -c openafs/doc/man-pages/pod1/pts_listowned.pod:1.3.2.1 openafs/doc/man-pages/pod1/pts_listowned.pod:1.3.2.2
*** openafs/doc/man-pages/pod1/pts_listowned.pod:1.3.2.1 Sun Nov 11 18:51:05 2007
--- openafs/doc/man-pages/pod1/pts_listowned.pod Mon Feb 4 12:53:44 2008
***************
*** 8,17 ****
B
S<<< B<-nameorid> >+ >>>
! [-cell >] [B<-noauth>] [B<-force>] [B<-help>]
B S<<< B<-na> >+ >>>
! [-c >] [B<-no>] [B<-f>] [B<-h>]
=for html
--- 8,17 ----
B
S<<< B<-nameorid> >+ >>>
! [-cell >] [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>]
B S<<< B<-na> >+ >>>
! [-c >] [B<-no>] [B<-l>] [B<-f>] [B<-h>]
=for html
***************
*** 51,56 ****
--- 51,62 ----
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L.
+ =item B<-localauth>
+
+ Constructs a server ticket using a key from the local
+ F file. Do not combine this flag with the
+ B<-cell> or B<-noauth> options. For more details, see L.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
Index: openafs/doc/man-pages/pod1/pts_membership.pod
diff -c openafs/doc/man-pages/pod1/pts_membership.pod:1.4.2.1 openafs/doc/man-pages/pod1/pts_membership.pod:1.4.2.2
*** openafs/doc/man-pages/pod1/pts_membership.pod:1.4.2.1 Sun Nov 11 18:51:05 2007
--- openafs/doc/man-pages/pod1/pts_membership.pod Mon Feb 4 12:53:44 2008
***************
*** 8,23 ****
B
S<<< B<-nameorid> >+ >>>
! S<<< [B<-cell> >] >>> [B<-noauth>] [B<-force>] [B<-help>]
B S<<< B<-na> >+ >>> S<<< [B<-c> >] >>>
! [B<-no>] [B<-f>] [B<-h>]
B S<<< B<-na> >+ >>> [-c >]
! [B<-no>] [B<-f>] [B<-h>]
B S<<< B<-na> >+ >>> S<<< [B<-c> >] >>>
! [B<-no>] [B<-f>] [B<-h>]
=for html
--- 8,24 ----
B
S<<< B<-nameorid> >+ >>>
! S<<< [B<-cell> >] >>> [B<-localauth>] [B<-noauth>]
! [B<-force>] [B<-help>]
B S<<< B<-na> >+ >>> S<<< [B<-c> >] >>>
! [B<-no>] [B<-l>] [B<-f>] [B<-h>]
B S<<< B<-na> >+ >>> [-c >]
! [B<-no>] [B<-l>] [B<-f>] [B<-h>]
B S<<< B<-na> >+ >>> S<<< [B<-c> >] >>>
! [B<-no>] [B<-l>] [B<-f>] [B<-h>]
=for html
***************
*** 59,64 ****
--- 60,71 ----
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L.
+ =item B<-localauth>
+
+ Constructs a server ticket using a key from the local
+ F file. Do not combine this flag with the
+ B<-cell> or B<-noauth> options. For more details, see L.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
Index: openafs/doc/man-pages/pod1/pts_quit.pod
diff -c openafs/doc/man-pages/pod1/pts_quit.pod:1.1.2.4 openafs/doc/man-pages/pod1/pts_quit.pod:1.1.2.5
*** openafs/doc/man-pages/pod1/pts_quit.pod:1.1.2.4 Tue Dec 25 17:30:02 2007
--- openafs/doc/man-pages/pod1/pts_quit.pod Mon Feb 4 12:53:44 2008
***************
*** 7,15 ****
=for html
! B
S<<< [B<-cell>] > >>> [B<-noauth>] [B<-force>]
! B S<<< [B<-c>] > >>> [B<-n>] [B<-f>]
=for html
--- 7,16 ----
=for html
! B
S<<< [B<-cell>] > >>> [B<-noauth>] [B<-localauth>]
! [B<-force>]
! B S<<< [B<-c>] > >>> [B<-n>] [B<-l>] [B<-f>]
=for html
***************
*** 44,49 ****
--- 45,56 ----
Enables the command to continue executing as far as possible when errors
or other problems occur, rather than halting execution at the first error.
+ =item B<-localauth>
+
+ Constructs a server ticket using a key from the local
+ F file. Do not combine this flag with the
+ B<-cell> or B<-noauth> options. For more details, see L.
+
=item B<-noauth>
Assigns the unprivileged identity anonymous to the issuer. For more
Index: openafs/doc/man-pages/pod1/pts_removeuser.pod
diff -c openafs/doc/man-pages/pod1/pts_removeuser.pod:1.3.2.1 openafs/doc/man-pages/pod1/pts_removeuser.pod:1.3.2.2
*** openafs/doc/man-pages/pod1/pts_removeuser.pod:1.3.2.1 Sun Nov 11 18:51:05 2007
--- openafs/doc/man-pages/pod1/pts_removeuser.pod Mon Feb 4 12:53:44 2008
***************
*** 8,17 ****
B
S<<< B<-user> >+ >>> S<<< B<-group> >+ >>>
! S<<< [B<-cell> >] >>> [B<-noauth>] [B<-force>] [B<-help>]
B S<<< B<-u> >+ >>> S<<< B<-g> >+ >>>
! S<<< [B<-c> >] >>> [B<-n>] [B<-f>] [B<-h>]
=for html
--- 8,18 ----
B
S<<< B<-user> >+ >>> S<<< B<-group> >+ >>>
! S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] [B<-force>]
! [B<-help>]
B S<<< B<-u> >+ >>> S<<< B<-g> >+ >>>
! S<<< [B<-c> >] >>> [B<-n>] [B<-l>] [B<-f>] [B<-h>]
=for html
***************
*** 56,61 ****
--- 57,68 ----
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L.
+ =item B<-localauth>
+
+ Constructs a server ticket using a key from the local
+ F file. Do not combine this flag with the
+ B<-cell> or B<-noauth> options. For more details, see L.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
Index: openafs/doc/man-pages/pod1/pts_rename.pod
diff -c openafs/doc/man-pages/pod1/pts_rename.pod:1.3.2.1 openafs/doc/man-pages/pod1/pts_rename.pod:1.3.2.2
*** openafs/doc/man-pages/pod1/pts_rename.pod:1.3.2.1 Sun Nov 11 18:51:05 2007
--- openafs/doc/man-pages/pod1/pts_rename.pod Mon Feb 4 12:53:44 2008
***************
*** 8,17 ****
B
S<<< B<-oldname> > >>> S<<< B<-newname> > >>>
! S<<< [B<-cell> >] >>> [B<-noauth>] [B<-force>] [B<-help>]
B S<<< B<-o> > >>> S<<< B<-ne> > >>> S<<< [B<-c> >] >>>
! [B<-no>] [B<-f>] [B<-h>]
=for html
--- 8,18 ----
B
S<<< B<-oldname> > >>> S<<< B<-newname> > >>>
! S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>]
! [B<-force>] [B<-help>]
B S<<< B<-o> > >>> S<<< B<-ne> > >>> S<<< [B<-c> >] >>>
! [B<-no>] [B<-l>] [B<-f>] [B<-h>]
=for html
***************
*** 69,74 ****
--- 70,81 ----
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L.
+ =item B<-localauth>
+
+ Constructs a server ticket using a key from the local
+ F file. Do not combine this flag with the
+ B<-cell> or B<-noauth> options. For more details, see L.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
Index: openafs/doc/man-pages/pod1/pts_setfields.pod
diff -c openafs/doc/man-pages/pod1/pts_setfields.pod:1.4.2.1 openafs/doc/man-pages/pod1/pts_setfields.pod:1.4.2.2
*** openafs/doc/man-pages/pod1/pts_setfields.pod:1.4.2.1 Sun Nov 11 18:51:05 2007
--- openafs/doc/man-pages/pod1/pts_setfields.pod Mon Feb 4 12:53:44 2008
***************
*** 10,21 ****
B S<<< B<-nameorid> >+ >>>
S<<< [B<-access> >] >>>
S<<< [B<-groupquota> >] >>>
! S<<< [B<-cell> >] >>> [B<-noauth>] [B<-force>] [B<-help>]
B S<<< B<-na> >+ >>>
S<<< [B<-a> >] >>>
S<<< [B<-g> >] >>> S<<< [B<-c> >] >>>
! [B<-no>] [B<-f>] [B<-h>]
=for html
--- 10,22 ----
B S<<< B<-nameorid> >+ >>>
S<<< [B<-access> >] >>>
S<<< [B<-groupquota> >] >>>
! S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>]
! [B<-force>] [B<-help>]
B S<<< B<-na> >+ >>>
S<<< [B<-a> >] >>>
S<<< [B<-g> >] >>> S<<< [B<-c> >] >>>
! [B<-no>] [B<-l>] [B<-f>] [B<-h>]
=for html
***************
*** 203,208 ****
--- 204,215 ----
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L.
+ =item B<-localauth>
+
+ Constructs a server ticket using a key from the local
+ F file. Do not combine this flag with the
+ B<-cell> or B<-noauth> options. For more details, see L.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
Index: openafs/doc/man-pages/pod1/pts_setmax.pod
diff -c openafs/doc/man-pages/pod1/pts_setmax.pod:1.4.2.1 openafs/doc/man-pages/pod1/pts_setmax.pod:1.4.2.2
*** openafs/doc/man-pages/pod1/pts_setmax.pod:1.4.2.1 Sun Nov 11 18:51:05 2007
--- openafs/doc/man-pages/pod1/pts_setmax.pod Mon Feb 4 12:53:44 2008
***************
*** 8,17 ****
B
S<<< [B<-group> >] >>> S<<< [B<-user> >] >>>
! S<<< [B<-cell> >] >>> [B<-noauth>] [B<-force>] [B<-help>]
B [B<-g> I>] S<<< [B<-u> >] >>>
! S<<< [B<-c> >] >>> [B<-n>] [B<-f>] [B<-h>]
=for html
--- 8,17 ----
B
S<<< [B<-group> >] >>> S<<< [B<-user> >] >>>
! S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>]
B [B<-g> I>] S<<< [B<-u> >] >>>
! S<<< [B<-c> >] >>> [B<-n>] [B<-l>] [B<-f>] [B<-h>]
=for html
***************
*** 56,61 ****
--- 56,67 ----
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L.
+ =item B<-localauth>
+
+ Constructs a server ticket using a key from the local
+ F file. Do not combine this flag with the
+ B<-cell> or B<-noauth> options. For more details, see L.
+
=item B<-force>
Enables the command to continue executing as far as possible when errors
Index: openafs/doc/man-pages/pod1/pts_sleep.pod
diff -c openafs/doc/man-pages/pod1/pts_sleep.pod:1.2.4.4 openafs/doc/man-pages/pod1/pts_sleep.pod:1.2.4.5
*** openafs/doc/man-pages/pod1/pts_sleep.pod:1.2.4.4 Tue Dec 25 17:30:02 2007
--- openafs/doc/man-pages/pod1/pts_sleep.pod Mon Feb 4 12:53:44 2008
***************
*** 8,17 ****
B
S<<< [B<-delay>] > >>>
! S<<< [B<-cell>] > >>> [B<-noauth>] [B<-force>]
B S<<< [B<-d>] > >>> S<<< [B<-c>] > >>>
! [B<-n>] [B<-f>]
=for html
--- 8,17 ----
B
S<<< [B<-delay>] > >>>
! S<<< [B<-cell>] > >>> [B<-noauth>] [B<-localauth>] [B<-force>]
B S<<< [B<-d>] > >>> S<<< [B<-c>] > >>>
! [B<-n>] [B<-l>] [B<-f>]
=for html
***************
*** 33,39 ****
=head1 OPTIONS
! Although they have no effect, B takes the following standard
B options:
=over 4
--- 33,39 ----
=head1 OPTIONS
! Although they have no effect, B takes the following standard
B options:
=over 4
***************
*** 53,58 ****
--- 53,64 ----
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L.
+ =item B<-localauth>
+
+ Constructs a server ticket using a key from the local
+ F file. Do not combine this flag with the
+ B<-cell> or B<-noauth> options. For more details, see L.
+
=back
=head1 OUTPUT
Index: openafs/doc/man-pages/pod1/pts_source.pod
diff -c openafs/doc/man-pages/pod1/pts_source.pod:1.3.4.4 openafs/doc/man-pages/pod1/pts_source.pod:1.3.4.5
*** openafs/doc/man-pages/pod1/pts_source.pod:1.3.4.4 Tue Dec 25 17:30:02 2007
--- openafs/doc/man-pages/pod1/pts_source.pod Mon Feb 4 12:53:44 2008
***************
*** 8,17 ****
B
S<<< [B<-file>] > >>> S<<< [B<-cell>] > >>>
! [B<-noauth>] [B<-force>]
B S<<< [B<-f>] > >>> S<<< [B<-c>] > >>>
! [B<-n>] [B<-f>]
=for html
--- 8,17 ----
B
S<<< [B<-file>] > >>> S<<< [B<-cell>] > >>>
! [B<-noauth>] [B<-localauth>] [B<-force>]
B S<<< [B<-f>] > >>> S<<< [B<-c>] > >>>
! [B<-n>] [B<-l>] [B<-f>]
=for html
***************
*** 56,61 ****
--- 56,67 ----
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L.
+ =item B<-localauth>
+
+ Constructs a server ticket using a key from the local
+ F file. Do not combine this flag with the
+ B<-cell> or B<-noauth> options. For more details, see L.
+
=back
=head1 OUTPUT
Index: openafs/doc/man-pages/pod1/vos.pod
diff -c openafs/doc/man-pages/pod1/vos.pod:1.3.6.3 openafs/doc/man-pages/pod1/vos.pod:1.3.6.4
*** openafs/doc/man-pages/pod1/vos.pod:1.3.6.3 Thu Nov 29 00:35:33 2007
--- openafs/doc/man-pages/pod1/vos.pod Sat Jan 19 19:17:45 2008
***************
*** 94,99 ****
--- 94,110 ----
=back
+ =head1 CAUTIONS
+
+ Currently, the maximum size of a volume is 2 terabytes (2^31 bytes)
+ and the maximum size of a /vicepX partition on a fileserver is also 2
+ terabytes. The fileserver will not report an error when it has access
+ to a partition larger than 2 terabytes, but it will probably fail if
+ the administrator attempts to use more than 2 terabytes of space. In
+ addition, there are reports of erroneous disk usage numbers when
+ B or other OpenAFS disk reporting tools are used with
+ partitions larger than 2 terabytes.
+
=head1 OPTIONS
The following arguments and flags are available on many commands in the
Index: openafs/doc/man-pages/pod1/vos_copy.pod
diff -c openafs/doc/man-pages/pod1/vos_copy.pod:1.1.2.3 openafs/doc/man-pages/pod1/vos_copy.pod:1.1.2.4
*** openafs/doc/man-pages/pod1/vos_copy.pod:1.1.2.3 Tue Dec 25 17:30:02 2007
--- openafs/doc/man-pages/pod1/vos_copy.pod Sat Jan 19 19:17:46 2008
***************
*** 25,30 ****
--- 25,41 ----
equivalent to B followed by B, but doesn't require
the volume be stored locally by the client.
+ =head1 CAUTIONS
+
+ Currently, the maximum size of a volume is 2 terabytes (2^31 bytes)
+ and the maximum size of a /vicepX partition on a fileserver is also 2
+ terabytes. The fileserver will not report an error when it has access
+ to a partition larger than 2 terabytes, but it will probably fail if
+ the administrator attempts to use more than 2 terabytes of space. In
+ addition, there are reports of erroneous disk usage numbers when
+ B or other OpenAFS disk reporting tools are used with
+ partitions larger than 2 terabytes.
+
=head1 OPTIONS
=over 4
Index: openafs/doc/man-pages/pod1/vos_create.pod
diff -c openafs/doc/man-pages/pod1/vos_create.pod:1.4.2.1 openafs/doc/man-pages/pod1/vos_create.pod:1.4.2.2
*** openafs/doc/man-pages/pod1/vos_create.pod:1.4.2.1 Sun Nov 11 18:51:05 2007
--- openafs/doc/man-pages/pod1/vos_create.pod Sat Jan 19 19:17:46 2008
***************
*** 60,65 ****
--- 60,76 ----
The volume is empty when created. To access it via the Cache Manager,
mount it in the file space by using the B command.
+ =head1 CAUTIONS
+
+ Currently, the maximum size of a volume is 2 terabytes (2^31 bytes)
+ and the maximum size of a /vicepX partition on a fileserver is also 2
+ terabytes. The fileserver will not report an error when it has access
+ to a partition larger than 2 terabytes, but it will probably fail if
+ the administrator attempts to use more than 2 terabytes of space. In
+ addition, there are reports of erroneous disk usage numbers when
+ B or other OpenAFS disk reporting tools are used with
+ partitions larger than 2 terabytes.
+
=head1 OPTIONS
=over 4
Index: openafs/doc/man-pages/pod1/vos_move.pod
diff -c openafs/doc/man-pages/pod1/vos_move.pod:1.4.2.2 openafs/doc/man-pages/pod1/vos_move.pod:1.4.2.3
*** openafs/doc/man-pages/pod1/vos_move.pod:1.4.2.2 Tue Dec 25 17:26:45 2007
--- openafs/doc/man-pages/pod1/vos_move.pod Sat Jan 19 19:17:46 2008
***************
*** 86,91 ****
--- 86,100 ----
To confirm termination of the operation, press Ctrl-C a second time; press
any other key to continue the operation.
+ Currently, the maximum size of a volume is 2 terabytes (2^31 bytes)
+ and the maximum size of a /vicepX partition on a fileserver is also 2
+ terabytes. The fileserver will not report an error when it has access
+ to a partition larger than 2 terabytes, but it will probably fail if
+ the administrator attempts to use more than 2 terabytes of space. In
+ addition, there are reports of erroneous disk usage numbers when
+ B or other OpenAFS disk reporting tools are used with
+ partitions larger than 2 terabytes.
+
=head1 OPTIONS
=over 4
Index: openafs/doc/man-pages/pod8/bosserver.pod
diff -c openafs/doc/man-pages/pod8/bosserver.pod:1.3 openafs/doc/man-pages/pod8/bosserver.pod:1.3.2.1
*** openafs/doc/man-pages/pod8/bosserver.pod:1.3 Wed Mar 1 00:02:31 2006
--- openafs/doc/man-pages/pod8/bosserver.pod Tue Jan 22 23:18:10 2008
***************
*** 8,14 ****
B [B<-noauth>] [B<-log>] [B<-enable_peer_stats>]
! [B<-enable_process_stats>] [B<-help>]
=for html
--- 8,14 ----
B [B<-noauth>] [B<-log>] [B<-enable_peer_stats>]
! [B<-enable_process_stats>] [B<-allow-dotted-principal>] [B<-help>]
=for html
***************
*** 108,113 ****
--- 108,122 ----
other machines. To display or otherwise access the records, use the Rx
Monitoring API.
+ =item B<-allow-dotted-principal>
+
+ By default, the RXKAD security layer will disallow access by Kerberos
+ principals with a dot in the first component of their name. This is to avoid
+ the confusion where principals user/admin and user.admin are both mapped to the
+ user.admin PTS entry. Sites whose Kerberos realms don't have these collisions
+ between principal names may disable this check by starting the server
+ with this option.
+
=item B<-help>
Prints the online help for this command. All other valid options are
Index: openafs/doc/man-pages/pod8/fileserver.pod
diff -c openafs/doc/man-pages/pod8/fileserver.pod:1.5.2.4 openafs/doc/man-pages/pod8/fileserver.pod:1.5.2.6
*** openafs/doc/man-pages/pod8/fileserver.pod:1.5.2.4 Tue Dec 25 17:23:43 2007
--- openafs/doc/man-pages/pod8/fileserver.pod Tue Jan 22 23:18:10 2008
***************
*** 7,17 ****
=for html
! B
S<<< [B<-d> >] >>>
S<<< [B<-p> >] >>>
S<<< [B<-spare> >] >>>
S<<< [B<-pctspare> >] >>> S<<< [B<-b> >] >>>
! S<<< [B<-l> >] >>> S<<< [B<-s> >] >>>
S<<< [B<-vc> >] >>> S<<< [B<-w> >] >>>
S<<< [B<-cb> >] >>> [B<-banner>] [B<-novbc>]
S<<< [B<-implicit> >] >>> [B<-readonly>]
--- 7,18 ----
=for html
! B
S<<< [B<-auditlog> >] >>>
! S<<< [B<-d> >] >>>
S<<< [B<-p> >] >>>
S<<< [B<-spare> >] >>>
S<<< [B<-pctspare> >] >>> S<<< [B<-b> >] >>>
! S<<< [B<-l> >] >>> S<<< [B<-s> >] >>>
S<<< [B<-vc> >] >>> S<<< [B<-w> >] >>>
S<<< [B<-cb> >] >>> [B<-banner>] [B<-novbc>]
S<<< [B<-implicit> >] >>> [B<-readonly>]
***************
*** 19,24 ****
--- 20,26 ----
S<<< [B<-busyat> n >>>] >>>
[B<-nobusy>] S<<< [B<-rxpck> >] >>>
[B<-rxdbg>] [B<-rxdbge>] S<<< [B<-rxmaxmtu> >] >>>
+ [B<-allow-dotted-principal>]
S<<< [B<-rxbind> >] >>>
S<<< [B<-vattachpar> >] >>>
S<<< [B<-m> >] >>>
***************
*** 27,33 ****
S<<< [B<-udpsize> >] >>>
S<<< [B<-sendsize> >] >>>
S<<< [B<-abortthreshold> >] >>>
- S<<< [B<-auditlog> >] >>>
[B<-enable_peer_stats>] [B<-enable_process_stats>] [B<-help>]
=for html
--- 29,34 ----
***************
*** 188,194 ****
=head1 CAUTIONS
Do not use the B<-k> and B<-w> arguments, which are intended for use
! by the AFS Development group only. Changing them from their default
values can result in unpredictable File Server behavior. In any case,
on many operating systems the File Server uses native threads rather
than the LWP threads, so using the B<-k> argument to set the number of
--- 189,195 ----
=head1 CAUTIONS
Do not use the B<-k> and B<-w> arguments, which are intended for use
! by the OpenAFS developers only. Changing them from their default
values can result in unpredictable File Server behavior. In any case,
on many operating systems the File Server uses native threads rather
than the LWP threads, so using the B<-k> argument to set the number of
***************
*** 202,207 ****
--- 203,229 ----
and B<-lock> options, appear in the output generated by the B<-help>
option only on the relevant system type.
+ Currently, the maximum size of a volume is 2 terabytes (2^31 bytes)
+ and the maximum size of a /vicepX partition on a fileserver is also 2
+ terabytes. The fileserver will not report an error when it has access
+ to a partition larger than 2 terabytes, but it will probably fail if
+ the administrator attempts to use more than 2 terabytes of space. In
+ addition, there are reports of erroneous disk usage numbers when
+ B or other OpenAFS disk reporting tools are used with
+ partitions larger than 2 terabytes.
+
+ The maximum number of directory entries is 64,000 if all of the
+ entries have names that are 15 characters or less in length. A name
+ that is 15 characters long requires the use of only one block in the
+ directory. Additional sequential blocks are required to store entries
+ with names that are longer than 15 characters. Each additional block
+ provides an additional length of 32 characters for the name of the
+ entry.
+
+ In real world use, the maximum number of objects in an AFS directory
+ is usually between 16,000 and 25,000, depending on the average name
+ length.
+
=head1 OPTIONS
=over 4
***************
*** 330,335 ****
--- 352,366 ----
Writes a trace of the File Server's operations on Rx events (such as
retransmissions) to the file F.
+ =item B<-allow-dotted-principal>
+
+ By default, the RXKAD security layer will disallow access by Kerberos
+ principals with a dot in the first component of their name. This is to avoid
+ the confusion where principals user/admin and user.admin are both mapped to the
+ user.admin PTS entry. Sites whose Kerberos realms don't have these collisions
+ between principal names may disable this check by starting the server
+ with this option.
+
=item F<-m> >
Specifies the percentage of each AFS server partition that the AIX version
***************
*** 389,394 ****
--- 420,443 ----
other machines. To display or otherwise access the records, use the Rx
Monitoring API.
+ =item B<-abortthreshold> >
+
+ Sets the abort threshold, which is triggered when an AFS client sends
+ a number of FetchStatus requests in a row and all of them fail due to
+ access control or some other error. When the abort threshold is
+ reached, the file server starts to slow down the responses to the
+ problem client in order to reduce the load on the file server.
+
+ The throttling behaviour can cause issues especially for some versions
+ of the Windows OpenAFS client. When using Windows Explorer to navigate
+ the AFS directory tree, directories with only "look" access for the
+ current user may load more slowly because of the throttling. This is
+ because the Windows OpenAFS client sends FetchStatus calls one at a
+ time instead of in bulk like the Unix Open AFS client.
+
+ Setting the threshold to 0 disables the throttling behavior. This
+ option is available in OpenAFS versions 1.4.1 and later.
+
=item B<-help>
Prints the online help for this command. All other valid options are
Index: openafs/doc/man-pages/pod8/ptserver.pod
diff -c openafs/doc/man-pages/pod8/ptserver.pod:1.3 openafs/doc/man-pages/pod8/ptserver.pod:1.3.2.1
*** openafs/doc/man-pages/pod8/ptserver.pod:1.3 Wed Mar 1 00:02:32 2006
--- openafs/doc/man-pages/pod8/ptserver.pod Tue Jan 22 23:18:10 2008
***************
*** 9,15 ****
B S<<< [B<-database> >] >>> S<<< [B<-p> >] >>>
[B<-rebuildDB>] [B<-enable_peer_stats>] [B<-enable_process_stats>]
! [B<-help>]
=for html
--- 9,15 ----
B S<<< [B<-database> >] >>> S<<< [B<-p> >] >>>
[B<-rebuildDB>] [B<-enable_peer_stats>] [B<-enable_process_stats>]
! [B<-allow-dotted-principal>] [B<-help>]
=for html
***************
*** 90,95 ****
--- 90,104 ----
other machines. To display or otherwise access the records, use the Rx
Monitoring API.
+ =item B<-allow-dotted-principal>
+
+ By default, the RXKAD security layer will disallow access by Kerberos
+ principals with a dot in the first component of their name. This is to avoid
+ the confusion where principals user/admin and user.admin are both mapped to the
+ user.admin PTS entry. Sites whose Kerberos realms don't have these collisions
+ between principal names may disable this check by starting the server
+ with this option.
+
=item B<-help>
Prints the online help for this command. All other valid options are
Index: openafs/doc/man-pages/pod8/vlserver.pod
diff -c openafs/doc/man-pages/pod8/vlserver.pod:1.3 openafs/doc/man-pages/pod8/vlserver.pod:1.3.2.1
*** openafs/doc/man-pages/pod8/vlserver.pod:1.3 Wed Mar 1 00:02:32 2006
--- openafs/doc/man-pages/pod8/vlserver.pod Tue Jan 22 23:18:10 2008
***************
*** 8,14 ****
B S<<< [B<-p> >] >>> [B<-nojumbo>]
! [B<-enable_peer_stats>] [B<-enable_process_stats>] [B<-help>]
=for html
--- 8,15 ----
B S<<< [B<-p> >] >>> [B<-nojumbo>]
! [B<-allow-dotted-principal>] [B<-enable_peer_stats>] [B<-enable_process_stats>]
! [B<-help>]
=for html
***************
*** 83,88 ****
--- 84,98 ----
other machines. To display or otherwise access the records, use the Rx
Monitoring API.
+ =item B<-allow-dotted-principal>
+
+ By default, the RXKAD security layer will disallow access by Kerberos
+ principals with a dot in the first component of their name. This is to avoid
+ the confusion where principals user/admin and user.admin are both mapped to the
+ user.admin PTS entry. Sites whose Kerberos realms don't have these collisions
+ between principal names may disable this check by starting the server
+ with this option.
+
=item B<-help>
Prints the online help for this command. All other valid options are
Index: openafs/doc/man-pages/pod8/volserver.pod
diff -c openafs/doc/man-pages/pod8/volserver.pod:1.4 openafs/doc/man-pages/pod8/volserver.pod:1.4.2.1
*** openafs/doc/man-pages/pod8/volserver.pod:1.4 Wed Mar 1 00:02:32 2006
--- openafs/doc/man-pages/pod8/volserver.pod Tue Jan 22 23:18:10 2008
***************
*** 9,15 ****
B [B<-log>] S<<< [B<-p> >] >>>
S<<< [B<-udpsize> >] >>>
! [B<-enable_peer_stats>] [B<-enable_process_stats>] [B<-help>]
=for html
--- 9,16 ----
B [B<-log>] S<<< [B<-p> >] >>>
S<<< [B<-udpsize> >] >>>
! [B<-enable_peer_stats>] [B<-enable_process_stats>]
! [B<-allow-dotted-principal>] [B<-help>]
=for html
***************
*** 77,82 ****
--- 78,92 ----
other machines. To display or otherwise access the records, use the Rx
Monitoring API.
+ =item B<-allow-dotted-principal>
+
+ By default, the RXKAD security layer will disallow access by Kerberos
+ principals with a dot in the first component of their name. This is to avoid
+ the confusion where principals user/admin and user.admin are both mapped to the
+ user.admin PTS entry. Sites whose Kerberos realms don't have these collisions
+ between principal names may disable this check by starting the server
+ with this option.
+
=item B<-help>
Prints the online help for this command. All other valid options are
Index: openafs/doc/txt/winnotes/afs-changes-since-1.2.txt
diff -c openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.72.2.40 openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.72.2.44
*** openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.72.2.40 Fri Dec 28 15:25:41 2007
--- openafs/doc/txt/winnotes/afs-changes-since-1.2.txt Sat Feb 9 07:39:21 2008
***************
*** 1,3 ****
--- 1,186 ----
+ Since 1.5.30
+ * Add "cmdebug -cellservdb" option and client service
+ implementation permits querying the vldb server for each
+ cell known to the cache manager. The output is in a form
+ that permits it to be used as a CellServDB file.
+
+ * Add Symlinks->Show option to the AFS Explorer Shell Context
+ Menu
+
+ * Prevent buffer overrun in the cmd parser used by command
+ line tools such as fs, vos, pts, etc.
+
+ * The path ioctl operations have several issues:
+
+ (1) the specified path for "fs examine, whereis, whichcell,
+ flush" and so always has the follow symlinks and mount
+ points semantics. This makes it impossible to determine
+ what the FID of a symlink or mount point is.
+
+ (2) "fs examine" out is not the result of a single pioctl
+ operation but is actually the combined output of half
+ a dozen operations. Path evaluation is an expensive
+ operation. It would be faster if the caller could
+ evaluate the FID first and then perform all of the
+ rest of the operations by specifying the FID instead
+ of the path.
+
+ (3) fs output reports all objects as files. By adding a
+ GetFileType pioctl more informative output can be provided
+ that indicates what type of object the path evaluates to.
+
+ (4) the Windows fs command includes a number of commands that
+ do nothing but exist only because the Unix cache manager
+ supports them.
+
+ A new extendible data structure cm_ioctl_query_opts_t has been
+ added which can be optionally specified with pioctls that do not
+ already require input data. The first two fields of this structure
+ are 'literal' and 'fid'. The literal field is used to indicate
+ whether the last component of the path should be evaluated following
+ symlinks and mount points.
+
+ The fid field permits a fid to be specified.
+
+ * A new GetFileType pioctl has been added. The type of objects are
+ now output.
+
+ * A new "-literal" option is available for "fs examine, flush, whereis,
+ and whichcell.
+
+ * Unimplemented fs commands have been removed.
+
+ * There are circumstances where a volume object is being accessed and
+ the volume is marked indicating that the volume location information
+ is out of date but where it is also pointless and perhaps dangerous
+ to block waiting for the rpc to complete. One example is when
+ processing the cmdebug requests. If we know that we are not going
+ to use the volume object to contact a server, then we can now set
+ the CM_GETVOL_FLAG_NO_RESET flag.
+
+ * when moving up in the directory tree we search the recorded fid list
+ to find a matching fid that we have already crossed. we must also
+ reset the fid count based upon what we discover.
+
+ * Cell names are published as share names. As a result they are searched
+ for as part of the Dfs Referral evaluation. If share "foo" can not be
+ reached, the CIFS client will fallback to searching for "fo" as well.
+
+ Since the freelance client automatically adds a symlink for prefixes
+ of the cell name, this results in both "foo" and "fo" being added to
+ the freelance root.afs volume. This patch prevents that negative side
+ effect.
+
+ * when tracking Kerberos credential cache names be sure to include
+ the cache type prefix.
+
+ * Microsoft has assigned OpenAFS a network type value
+
+ * The algorithms that were used to produce a Netbios name were broken.
+ The name that was produced when the hostname was too long was in fact
+ longer than the maximum permitted netbios name.
+
+ Also, the "NetbiosName" value was not used as a suffix when the loopback
+ adapter was not installed. The hardcoded string "AFS" was used instead.
+
+ * avoid another deadlock during server probes initiated by the ipaddr
+ change daemon thread.
+
+ * prevent the afs client service from crashing when fs newcell is
+ executed
+
+ * In the NSIS installer, move afslogon.dll, afscpcc.exe and afs_cpa.cpl
+ to \Program Files\OpenAFS\Client\Program in order to get them out
+ of the %windir% tree
+
+ * EDQUOT == WSAEDQUOT. Define it in the right places so that in the
+ end STATUS_OUT_OF_QUOTA can be returned to the application.
+
+ * Modify the search order for determining the location of CellServDB
+ and other client configuration files.
+
+ 1. AFSCONF environment variable
+ 2. registry setting
+ 3. NEW - use All Users\AppData\OpenAFS\Client only if CellServDB exists
+ 4. use Program Files\OpenAFS\Client
+
+ * More Vista Power Management tweaks
+
+ * Close a socket handle leak in the kauth routines
+
+ * Don't hold a cm_volume_t mutex across RPCs
+
+ * Convert downTimes to use clock time instead of relative times.
+ This permits correct comparisons with expiration times.
+
+ * Update the Wix installer to properly install the prerequisites
+ for translate_et.exe
+
+ * Do not translate pioctl paths as they are not converted by the
+ file system stack.
+
+ * Implement multi_rx probes for checking whether servers are up
+ or down. Turns probes into a constant time activity instead
+ of one dependent upon the number of known servers.
+
+ * Treat VNOVOL errors the same as VOFFLINE. Do not force an
+ update of the volume location data and retry. VNOVOL means
+ that the volume could not be attached. It doesn't mean that
+ the volume is not on this server.
+
+ * Modify the Explorer Shell AFS Context menu Symlink->Add to
+ not attempt to validate the target path. There is no reliable
+ method of doing so.
+
+ * Improve performance of \\afs\\
+ access by eliminating extraneous attempts to search the
+ CellServDB file and DNS AFSDB records. Share names
+ containing '%' or '#' are not valid cell names.
+
+ * Return STATUS_RANGE_NOT_LOCKED if the application attempts
+ to unlock a range that is not currently locked.
+
+ * Enable the 32-bit tools to read the 64-bit registry keys
+ when executing in the WOW64 environment.
+
+
+ Since 1.5.29
+ * Fix buffer refcount leak introduced in 1.5.29
+
+ * Prevent the NIM AFS Provider from crashing when configured to use
+ Kerberos v4 for token acquisition in situations where no Kerberos v4
+ support is available. For example, 64-bit KFW or sites that delete
+ the Kerberos v4 DLL.
+
+ * In afsd_init.log, support logging cache sizes greater than 2GB.
+
+ * The volume status output of "fs examine" was being determined based
+ upon the wrong error value. Instead of using the pioctl() return
+ code, the errno value must be used.
+
+ * Prevent invalid pts auto-registration attempts by aklog and the
+ NIM afs provider when Kerberos referrals are in use. (krb5 1.6+)
+
+ * Add synchronization protection to all of the SMB Listener State
+ variables. This prevents race conditions when the addition or
+ loss of a network adapter takes place.
+
+ * On Vista, there is a race condition between the restart of the
+ afs client service and the network adapters. Ensure that the
+ afs client service can handle switching between loopback and
+ non-loopback modes of operation.
+
+ * Fix FollowBackupPath to work with mount points that are not
+ explicitly read/write.
+
+ * Fix a deadlock that has been observed on Vista while resuming
+ after at least four hours of sleep.
+
+ * Add new HKLM registry configuration options that can be used
+ to provide configuration hints to the NIM AFS Provider when
+ creating new identities. See release notes for details on
+ HKLM\SOFTWARE\OpenAFS\Client\Realms\.
+
Since 1.5.28
* Speed up write buffer operations by holding a global read-lock
instead of a write-lock when updating the buffer data version
|