ftp.pasteur.org/FAQ/

home *** CD-ROM | disk | FTP | other *** search

/ ftp.pasteur.org/FAQ/ / ftp-pasteur-org-FAQ.zip / FAQ / afs-faq < prev next >

Wrap

Internet Message Format | 2011-07-10 | 123.8 KB

Path: senator-bedfellow.mit.edu!senator-bedfellow.mit.edu!dreaderd!not-for-mail Message-ID: <afs-faq_1310185600@rtfm.mit.edu> Supersedes: <afs-faq_1307593460@rtfm.mit.edu> Expires: 22 Aug 2011 04:26:40 GMT X-Last-Updated: 1998/07/10 Newsgroups: alt.filesystems.afs,alt.answers,news.answers From: mpb@mailserver.aixssc.uk.ibm.com (Paul Blackburn) Organization: AIX Systems Support Centre, IBM UK Approved: news-answers-request@MIT.Edu Subject: AFS distributed filesystem FAQ Followup-To: alt.filesystems.afs Reply-To: mpb@acm.org (AFS FAQ comments address) Summary: Introduction to AFS with pointers to further information Originator: faqserv@penguin-lust.mit.edu Date: 09 Jul 2011 04:26:46 GMT Lines: 2908 NNTP-Posting-Host: PENGUIN-LUST.MIT.EDU X-Trace: 1310185606 senator-bedfellow.mit.edu 15315 18.181.0.29:36454 Xref: senator-bedfellow.mit.edu alt.filesystems.afs:2714 alt.answers:85170 news.answers:329305 Archive-name: afs-faq Version: 1.113 Last-modified: 1950 Thursday 9th July 1998 AFS frequently asked questions ______________________________________________________________________________ This posting contains answers to frequently asked questions about AFS. Your comments and contributions are welcome (email: mpb@acm.org) Most newsreaders can skip from topic to topic with control-G. U URLs: file:///afs/transarc.com/public/afs-contrib/doc/faq/afs-faq.html N ftp://ftp.transarc.com/pub/afs-contrib/doc/faq/afs-faq.html N http://www.angelfire.com/hi/plutonic/afs-faq.html ______________________________________________________________________________ Subject: Table of Contents: 0 Preamble 0.01 Purpose and Audience 0.02 Acknowledgements 0.03 Disclaimer 0.04 Release Notes 0.05 Quote 1 General 1.01 What is AFS? 1.02 Who supplies AFS? 1.03 What is /afs? 1.04 What is an AFS cell? 1.05 What are the benefits of using AFS? 1.05.a Cache Manager 1.05.b Location independence 1.05.c Scalability 1.05.d Improved security 1.05.e Single systems image (SSI) 1.05.f Replicated AFS volumes 1.05.g Improved robustness to server crash 1.05.h "Easy to use" networking 1.05.i Communications protocol 1.05.j Improved system management capability U 1.06 Which systems is AFS available for? U 1.07 What does "ls /afs" display in the Internet AFS filetree? 1.08 Why does AFS use Kerberos authentication? 1.09 Does AFS work over protocols other than TCP/IP? 1.10 How can I access AFS from my PC? 1.11 How does AFS compare with NFS? 2 Using AFS 2.01 What are the differences between AFS and a unix filesystem? 2.02 What is an AFS protection group? 2.03 What are the AFS defined protection groups? 2.04 What is an AFS access control list (ACL)? 2.05 What are the AFS access rights? 2.06 What is pagsh? 2.07 Why use a PAG? 2.08 How can I tell if I have a PAG? 2.09 Can I still run cron jobs with AFS? 2.10 How much disk space does a 1 byte file occupy in AFS? 2.11 Is it possible to specify a user who is external to the current AFS cell on an ACL? 2.12 Are there any problems printing files in /afs? 2.13 Can I create a fifo (aka named pipe) in /afs? 2.14 If an AFS server crashes, do I have to reboot my AFS client? 2.15 Can I use AFS on my diskless workstation? 2.16 Can I test for AFS tokens from within my program? 2.17 What's the difference between /afs/cellname and /afs/.cellname? 2.18 Can I klog as two users on one machine in the same cell? 2.19 What are the ~/.__afsXXXX files? 3 AFS administration 3.01 Is there a version of xdm available with AFS authentication? 3.02 Is there a version of xlock available with AFS authentication? 3.03 What is /afs/@cell? 3.04 Given that AFS data is location independent, how does an AFS client determine which server houses the data its user is attempting to access? 3.05 Which protocols does AFS use? 3.06 Are setuid programs executable across AFS cell boundaries? 3.07 How does AFS maintain consistency on read-write files? 3.08 How can I run daemons with tokens that do not expire? 3.09 Can I check my user's passwords for security purposes? 3.10 Is there a way to automatically balance disk usage across fileservers? 3.11 Can I shutdown an AFS fileserver without affecting users? 3.12 How can I set up mail delivery to users with $HOMEs in AFS? 3.13 Should I replicate a ReadOnly volume on the same partition and server as the ReadWrite volume? 3.14 Should I start AFS before NFS in /etc/inittab? 3.15 Will AFS run on a multi-homed fileserver? 3.16 Can I replicate my user's home directory AFS volumes? 3.17 Which TCP/IP ports and protocols do I need to enable in order to operate AFS through my Internet firewall? 3.18 What is the Andrew Benchmark? U 3.19 Is there a version of HP VUE login with AFS authentication? 3.20 How can I list which clients have cached files from a server? 3.21 Do Backup volumes require as much space as ReadWrite volumes? 3.22 Should I run timed on my AFS client? 3.23 Why should I keep /usr/vice/etc/CellServDB current? 3.24 How can I keep /usr/vice/etc/CellServDB current? 3.25 How can I compute a list of AFS fileservers? 3.26 How can I set up anonymous FTP login to access /afs? 3.27 Where can I find the Andrew Benchmark? 4 Getting more information 4.01 Is there an anonymous FTP site with AFS information? 4.02 Which USENET newsgroups discuss AFS? 4.03 Where can I get training in AFS? U 4.04 Where can I find AFS resources in World Wide Web (WWW)? 4.05 Is there a mailing list for AFS topics? U 4.06 Where can I find an archive of info-afs@transarc.com? 4.07 Where can I find an archive of alt.filesystems.afs? U 4.08 Where can I find AFS related GIFs? 4.09 Gibt es eine deutsche AFS Benutzer Gruppe? 4.10 Donde puedo encontrar informacion en Espanol sobre AFS? 5 About the AFS faq U 5.01 How can I get a copy of the AFS faq? 5.02 How can I get my question (and answer) into the AFS faq? U 5.03 How can I access the AFS faq via the World Wide Web? 6 Bibliography 7 Change History ______________________________________________________________________________ Subject: 0 Preamble Subject: 0.01 Purpose and audience The aim of this compilation is to provide information about AFS including: + A brief introduction + Answers to some often asked questions + Pointers to further information Definitive and detailed information on AFS is provided in Transarc's AFS manuals ([23], [24], [25]). The intended audience ranges from people who know little of the subject and want to know more to those who have experience with AFS and wish to share useful information by contributing to the faq. Subject: 0.02 Acknowledgements The information presented here has been gleaned from many sources. Some material has been directly contributed by people listed below. I would like to thank the following for contributing: Pierette Maniago VanRyzin (Transarc) Lyle Seaman (Transarc) Joseph Jackson (Transarc) Dan Lovinger (Microsoft) Lucien Van Elsen (IBM) Jim Rees (University of Michigan) Derrick J. Brashear (Carnegie Mellon University) Hans-Werner Paulsen (MPI fuer Astrophysik, Garching) Margo Hikida (Hewlett Packard) Michael Fagan (IBM) Robert Malick (National Institute of Health, USA) Rainer Toebbicke (European Laboratory for Particle Physics, CERN) Mic Bowman (Transarc) Mike Prince (IBM) Bob Oesterlin (IBM) Pat Wilson (Dartmouth College) Cristian Espinoza (Pontificia Universidad Catolica de Chile) Mary Ann DelBusso (Transarc) Michael Niksch (IBM) N Kelly Chambers (Transarc) Thanks also to indirect contributors: Ken Paquette (IBM) Lance Pickup (IBM) Lisa Chavez (IBM) Dawn E. Johnson (Transarc) David Snearline (University of Michigan Engineering) Rens Troost (New Century Systems) Anton Knaus (Carnegie Mellon University) Mike Shaddock (SAS Institute Inc.) If this compilation has any merit then much credit belongs to Pierette for giving inspiration, support, answers, and proof-reading. Subject: 0.03 Disclaimer I make no representation about the suitability of this information for any purpose. While every effort is made to keep the information in this document accurate and current, it is provided "as is" with no warranty expressed or implied. Subject: 0.04 Release Notes This compilation contains material used with permission of Transarc Corporation. Permission to copy is given provided any copyright notices and acknowledgements are retained. Column 1 is used to indicate changes from the last issue: N = new item U = updated item Changes from the last version are to be found at the end of this file. ______________________________________________________________________________ Subject: 0.05 Quote "'Tis true; there's magic in the web of it;" Othello, Act 3 Scene 4 --William Shakespeare (1564-1616) ______________________________________________________________________________ Subject: 1 General Subject: 1.01 What is AFS? AFS is a distributed filesystem that enables co-operating hosts (clients and servers) to efficiently share filesystem resources across both local area and wide area networks. AFS is marketed, maintained, and extended by Transarc Corporation. AFS is based on a distributed file system originally developed at the Information Technology Center at Carnegie-Mellon University that was called the "Andrew File System". "Andrew" was the name of the research project at CMU - honouring the founders of the University. Once Transarc was formed and AFS became a product, the "Andrew" was dropped to indicate that AFS had gone beyond the Andrew research project and had become a supported, product quality filesystem. However, there were a number of existing cells that rooted their filesystem as /afs. At the time, changing the root of the filesystem was a non-trivial undertaking. So, to save the early AFS sites from having to rename their filesystem, AFS remained as the name and filesystem root. Subject: 1.02 Who supplies AFS? Transarc Corporation phone: +1 (412) 338-4400 The Gulf Tower 707 Grant Street fax: +1 (412) 338-4404 Pittsburgh PA 15219 email: information@transarc.com United States of America afs-sales@transarc.com WWW: http://www.transarc.com Subject: 1.03 What is /afs? The root of the AFS filetree is /afs. If you execute "ls /afs" you will see directories that correspond to AFS cells (see below). These cells may be local (on same LAN) or remote (eg halfway around the world). With AFS you can access all the filesystem space under /afs with commands you already use (eg: cd, cp, rm, and so on) provided you have been granted permission (see AFS ACL below). Subject: 1.04 What is an AFS cell? An AFS cell is a collection of servers grouped together administratively and presenting a single, cohesive filesystem. Typically, an AFS cell is a set of hosts that use the same Internet domain name. Normally, a variation of the domain name is used as the AFS cell name. Users log into AFS client workstations which request information and files from the cell's servers on behalf of the users. Subject: 1.05 What are the benefits of using AFS? The main strengths of AFS are its: + caching facility + security features + simplicity of addressing + scalability + communications protocol Here are some of the advantages of using AFS in more detail: Subject: 1.05.a Cache Manager AFS client machines run a Cache Manager process. The Cache Manager maintains information about the identities of the users logged into the machine, finds and requests data on their behalf, and keeps chunks of retrieved files on local disk. The effect of this is that as soon as a remote file is accessed a chunk of that file gets copied to local disk and so subsequent accesses (warm reads) are almost as fast as to local disk and considerably faster than a cold read (across the network). Local caching also significantly reduces the amount of network traffic, improving performance when a cold read is necessary. Subject: 1.05.b Location independence Unlike NFS, which makes use of /etc/filesystems (on a client) to map (mount) between a local directory name and a remote filesystem, AFS does its mapping (filename to location) at the server. This has the tremendous advantage of making the served filespace location independent. Location independence means that a user does not need to know which fileserver holds the file, the user only needs to know the pathname of a file. Of course, the user does need to know the name of the AFS cell to which the file belongs. Use of the AFS cellname as the second part of the pathname (eg: /afs/$AFSCELL/somefile) is helpful to distinguish between file namespaces of the local and non-local AFS cells. To understand why such location independence is useful, consider having 20 clients and two servers. Let's say you had to move a filesystem "/home" from server a to server b. Using NFS, you would have to change the /etc/filesystems file on 20 clients and take "/home" off-line while you moved it between servers. With AFS, you simply move the AFS volume(s) which constitute "/home" between the servers. You do this "on-line" while users are actively using files in "/home" with no disruption to their work. (Actually, the AFS equivalent of "/home" would be /afs/$AFSCELL/home where $AFSCELL is the AFS cellname.) Subject: 1.05.c Scalability With location independence comes scalability. An architectural goal of the AFS designers was client/server ratios of 200:1 which has been successfully exceeded at some sites. Transarc do not recommend customers use the 200:1 ratio. A more cautious value of 50:1 is expected to be practical in most cases. It is certainly possible to work with a ratio somewhere between these two values. Exactly what value depends on many factors including: number of AFS files, size of AFS files, rate at which changes are made, rate at which file are being accessed, speed of servers processor, I/O rates, and network bandwidth. AFS cells can range from the small (1 server/client) to the massive (with tens of servers and thousands of clients). Cells can be dynamic: it is simple to add new fileservers or clients and grow the computing resources to meet new user requirements. Subject: 1.05.d Improved security Firstly, AFS makes use of Kerberos to authenticate users. This improves security for several reasons: + passwords do not pass across the network in plaintext + encrypted passwords no longer need to be visible You don't have to use NIS, aka yellow pages, to distribute /etc/passwd - thus "ypcat passwd" can be eliminated. If you do choose to use NIS, you can replace the password field with "X" so the encrypted password is not visible. (These issues are discussed in detail in [25]). + AFS uses mutual authentication - both the service provider and service requester prove their identities Secondly, AFS uses access control lists (ACLs) to enable users to restrict access to their own directories. Subject: 1.05.e Single systems image (SSI) Establishing the same view of filestore from each client and server in a network of systems (that comprise an AFS cell) is an order of magnitude simpler with AFS than it is with, say, NFS. This is useful to do because it enables users to move from workstation to workstation and still have the same view of filestore. It also simplifies part of the systems management workload. In addition, because AFS works well over wide area networks the SSI is also accessible remotely. As an example, consider a company with two widespread divisions (and two AFS cells): ny.acme.com and sf.acme.com. Mr Fudd, based in the New York office, is visiting the San Francisco office. Mr. Fudd can then use any AFS client workstation in the San Francisco office that he can log into (a unprivileged guest account would suffice). He could authenticate himself to the ny.acme.com cell and securely access his New York filespace. For example: The following shows a guest in the sf.acme.com AFS cell: {0} add AFS executables directory to PATH {1} obtaining a PAG with pagsh command (see 2.06) {2} use the klog command to authenticate into the ny.acme.com AFS cell {3} making a HOME away from home {4} invoking a homely .profile guest@toontown.sf.acme.com $ PATH=/usr/afsws/bin:$PATH # {0} guest@toontown.sf.acme.com $ pagsh # {1} $ klog -cell ny.acme.com -principal elmer # {2} Password: $ HOME=/afs/ny.acme.com/user/elmer; export HOME # {3} $ cd $ . .profile # {4} you have new mail guest@toontown $ It is not necessary for the San Francisco sys admin to give Mr. Fudd an AFS account in the sf.acme.com cell. Mr. Fudd only needs to be able to log into an AFS client that is: 1) on the same network as his cell and 2) his ny.acme.com cell is mounted in the sf.acme.com cell (as would certainly be the case in a company with two cells). Subject: 1.05.f Replicated AFS volumes AFS files are stored in structures called Volumes. These volumes reside on the disks of the AFS file server machines. Volumes containing frequently accessed data can be read-only replicated on several servers. Cache managers (on users client workstations) will make use of replicate volumes to load balance. If accessing data from one replicate copy, and that copy becomes unavailable due to server or network problems, AFS will automatically start accessing the same data from a different replicate copy. An AFS client workstation will access the closest volume copy. By placing replicate volumes on servers closer to clients (eg on same physical LAN) access to those resources is improved and network traffic reduced. Subject: 1.05.g Improved robustness to server crash The Cache Manager maintains local copies of remotely accessed files. This is accomplished in the cache by breaking files into chunks of up to 64k (default chunk size). So, for a large file, there may be several chunks in the cache but a small file will occupy a single chunk (which will be only as big as is needed). A "working set" of files that have been accessed on the client is established locally in the client's cache (copied from fileserver(s)). If a fileserver crashes, the client's locally cached file copies remain readable but updates to cached files fail while the server is down. Also, if the AFS configuration has included replicated read-only volumes then alternate fileservers can satisfy requests for files from those volumes. Subject: 1.05.h "Easy to use" networking Accessing remote file resources via the network becomes much simpler when using AFS. Users have much less to worry about: want to move a file from a remote site? Just copy it to a different part of /afs. Once you have wide-area AFS in place, you don't have to keep local copies of files. Let AFS fetch and cache those files when you need them. Subject: 1.05.i Communications protocol AFS communications protocol is optimized for Wide Area Networks. Retransmitting only the single bad packet in a batch of packets and allowing the number of unacknowledged packets to be higher (than in other protocols, see [4]). Subject: 1.05.j Improved system management capability Systems administrators are able to make configuration changes from any client in the AFS cell (it is not necessary to login to a fileserver). With AFS it is simple to effect changes without having to take systems off-line. Example: A department (with its own AFS cell) was relocated to another office. The cell had several fileservers and many clients. How could they move their systems without causing disruption? First, the network infrastructure was established to the new location. The AFS volumes on one fileserver were migrated to the other fileservers. The "freed up" fileserver was moved to the new office and connected to the network. A second fileserver was "freed up" by moving its AFS volumes across the network to the first fileserver at the new office. The second fileserver was then moved. This process was repeated until all the fileservers were moved. All this happened with users on client workstations continuing to use the cell's filespace. Unless a user saw a fileserver being physically moved (s)he would have no way to tell the change had taken place. Finally, the AFS clients were moved - this was noticed! Subject: 1.06 Which systems is AFS available for? AFS runs on systems from: HP, Next, DEC, IBM, SUN, and SGI. Transarc customers have done ports to Crays, and the 3090, but all are based on some flavour of unix. Some customers have done work to make AFS data available to PCs and Macs, although they are using something similar to the AFS/NFS translator (a system that enables "NFS only" clients to NFS mount the AFS filetree /afs). There is a client only implementation "AFS Client for Windows/NT". N A page describing the current systems for which AFS is supported N may be found at: N N http://www.transarc.com/Support/afs/relversions/platforms.html N There are also ports of AFS done by customers available from Transarc on an "as is" unsupported basis. More information on this can be found at: /afs/transarc.com/public/afs-contrib/bin/README ftp://ftp.transarc.com/pub/afs-contrib/bin/README These ports of AFS client code include: HP (Apollo) Domain OS - by Jim Rees at the University of Michigan. sun386i - by Derek Atkins and Chris Provenzano at MIT. Linux - by Derek Atkins, mailing list: <linux-afs-request@mit.edu> http://www.mit.edu:8008/menelaus/linux-afs/ NetBSD - by John Kohl, mailing list: <netbsd-afs@mit.edu> There is some information about AFS on OS/2 at: http://www.club.cc.cmu.edu/~jgrande/afsos2.html N The AFS on Linux FAQ may be found at: N http://www.umlug.umd.edu/linuxafs/ Subject: 1.07 What does "ls /afs" display in the Internet AFS filetree? Essentially this displays the AFS cells that co-operate in the Internet AFS filetree. Note that the output of this will depend on the cell you do it from; a given cell may not have all the publicly advertised cells available, and it may have some cells that aren't advertised outside of the given site. The definitive source for this information is: file:///afs/transarc.com/service/etc/CellServDB.export I've included the list of cell names included in it below: asu.edu #ASU uni-freiburg.de #Albert-Ludwigs-Universitat Freiburg anl.gov #Argonne National Laboratory fl.mcs.anl.gov # Argonne National Laboratory MCS Division FL dapnia.saclay.cea.fr #Axlan-CEA bcc.ac.uk #Bloomsbury Computing Consortium bu.edu #Boston University cs.brown.edu #Brown University Department of Computer Science caspur.it #CASPUR Inter-University Computing Consortium,Rome ciesin.org #CIESIN mathematik-cip.uni-stuttgart.de #CIP-Pool of Math. Dept, Univ. Stuttgart gg.caltech.edu #Caltech Computer Graphics Group cards.com #Cards - Electronic Warfare Associates cheme.cmu.edu #Carnegie Mellon Univ. Chemical Engineering Dept. cmu.edu #Carnegie Mellon University andrew.cmu.edu #Carnegie Mellon University - Campus ce.cmu.edu #Carnegie Mellon University - Civil Eng. Dept. ece.cmu.edu #Carnegie Mellon University - Elec. Comp. Eng. Dept. me.cmu.edu #Carnegie Mellon University - Mechanical Engineering cs.cmu.edu #Carnegie Mellon University - School of Comp. Sci. club.cc.cmu.edu #Carnegie Mellon University Computer Club cert.org #CERT/Coordination Center others.chalmers.se #Chalmers University of Technology - General users cipool.uni-stuttgart.de #CIP Pool, Rechenzentrum University of Stuttgart clarkson.edu #Clarkson University, Potsdam, USA msc.cornell.edu #Cornell University Materials Science Center graphics.cornell.edu #Cornell University Program of Computer Graphics theory.cornell.edu #Cornell University Theory Center ifh.de #DESY-IfH Zeuthen northstar.dartmouth.edu #Dartmouth College, Project Northstar desy.de #Deutsches Elektronen-Synchrotron dkrz.de #Deutsches Klimarechenzentrum Hamburg dis.uniroma1.it #DIS, Univ. "La Sapienza", Rome, area Buonarotti msrc.pnl.gov #EMSL's AFS Cell zdvpool.uni-tuebingen.de#Eberhard-Karls-Universitaet Tuebingen, WS-Pools enea.it #enea.it es.net #Energy Sciences Net research.ec.org #Esprit Research Network of Excellence dce.emsl.pnl.gov #EMSL's DCE Cell cern.ch #European Laboratory for Particle Physics, Geneva fnal.gov #Fermi National Acclerator Laboratory fh-heilbronn.de #Fachhochschule Heilbronn hephy.at #hephy-vienna sleeper.nsa.hp.com #HP Cupertino palo_alto.hpl.hp.com #HP Palo Alto afs.hursley.ibm.com #IBM Hursley Laboratories (UK), external cell ibm.uk #IBM UK, AIX Systems Support Centre zurich.ibm.ch #IBM Zurich Internet Cell ctp.se.ibm.com #IBM/4C, Chalmers, Sweden ipp-hgw.mpg.de #IPP site at Greifswald in2p3.fr #IN2P3 production cell lngs.infn.it #INFN Laboratori Nazionali di Gran Sasso, Italia le.infn.it #INFN Sezione di Lecce, Italia pi.infn.it #INFN Sezione di Pisa ike.uni-stuttgart.de #Institut fuer Kernenergetik, Universitaet Stuttgart ipp-garching.mpg.de #Institut fuer Plasmaphysik csv.ica.uni-stuttgart.de #Institut fuer Computeranwendungen, Uni. Stuttgart iastate.edu #Iowa State University infn.it #Istituto Nazionale di Fisica Nucleare, Italia jpl.nasa.gov #Jet Propulsion Laboratory zdv.uni-mainz.de #Johannes-Gutenberg-Universitaet Mainz isk.kth.se #KTH College of Engineering cc.keio.ac.jp #Keio University, Fac. of Sci. & Tech. Computing Ctr sfc.keio.ac.jp #Keio University, Japan afs-math.zib-berlin.de #Konrad-Zuse-Zentrum fuer Informationstechnik Berlin thermo-a.mw.tu-muenchen.de #Lehrstuhl A fuer Thermodynamik,TUM lrz-muenchen.de #Leibniz-Rechenzentrum Muenchen Germany athena.mit.edu #MIT/Athena cell net.mit.edu #MIT/Network Group cell sipb.mit.edu #MIT/SIPB cell msu.edu #Michigan State University home cell mpa-garching.mpg.de #Max-Planck-Institut fuer Astrophysik federation.atd.net #Multi Resident AFS at Naval Research Lab - CCS isl.ntt.jp #NTT Information and Communication nersc.gov #National Energy Research Supercomputer Center alw.nih.gov #National Institutes of Health nrel.gov #National Renewable Energy Laboratory cmf.nrl.navy.mil #Naval Research Lab lcp.nrl.navy.mil #Naval Research Lab - Lab for Computational Physics nrlfs1.nrl.navy.mil #Naval Research Laboratory eos.ncsu.edu #NCSU - College of Engineering unity.ncsu.edu #NCSU Campus ncat.edu #North Carolina Agricultural and Technical State U. bp.ncsu.edu #North Carolina State University - Backbone Prototype ri.osf.org #OSF Research Institute gr.osf.org #OSF Research Institute, Grenoble urz.uni-magdeburg.de #Otto-von-Guericke-Universitaet, Magdeburg N ovpit.indiana.edu #OVPIT at Indiana University psc.edu #PSC (Pittsburgh Supercomputing Center) psu.edu #Penn State phy.bnl.gov #Physics Deptpartment, Brookhaven National Lab postech.ac.kr #Pohang University of Science pppl.gov #Princeton Plasma Physics Laboratory rwcp.or.jp #Real World Computer Partnership(rwcp) rz.uni-jena.de #Rechenzentrum University of Jena, Germany rhrk.uni-kl.de #Rechenzentrum University of Kaiserslautern rus.uni-stuttgart.de #Rechenzentrum University of Stuttgart rhic #Relativistic Heavy Ion Collider rpi.edu #Rensselaer Polytechnic Institute uni-bonn.de #Rheinische Friedrich Wilhelm Univesitaet Bonn rose-hulman.edu #Rose-Hulman Institute of Technology cs.rose-hulman.edu # Rose-Hulman Inst. of Tech., CS Department nada.kth.se #Royal Institute of Technology, NADA rl.ac.uk #Rutherford Appleton Lab, England slac.stanford.edu #Stanford Linear Accelerator Center dsg.stanford.edu #Stanford Univ. - Comp. Sci. - Distributed Systems ir.stanford.edu #Stanford University afs1.scri.fsu.edu #Supercomputer Computations Research Instit ethz.ch #Swiss Federal Inst. of Tech. - Zurich, Switzerland hrzone.th-darmstadt.de #TH-Darmstadt tu-bs.de #Technical University of Braunschweig, Germany tu-chemnitz.de #Technische Universitaet Chemnitz-Zwickau, Germany telos.com #Telos Systems Group - Chantilly, Va. transarc.com #Transarc Corporation cats.ucsc.edu #UC Santa Cruz, Comp and Tech Services, California umr.edu #UMR - Missouri's Technological University hep.net #US High Energy Physics Information cell uni-mannheim.de #Uni Mannheim (Rechenzentrum) ece.ucdavis.edu #Univ California - Davis campus geo.uni-koeln.de #Univ. of Cologne Inst. for Geophysics & Meteorology meteo.uni-koeln.de #Univ. of Cologne Inst. for Geophysics & Meteorology N dsi.uniroma1.it #Univ. Rome-1, Dept. of Computer Science U spv.uniroma1.it #Univ. Rome-1, Area San Pietro in Vincoli N vn.uniroma3.it #Univ. Rome-3, Area Vasca Navale urz.uni-heidelberg.de #Universitaet Heidelberg spc.uchicago.edu #University of Chicago - Social Sciences rrz.uni-koeln.de #University of Cologne - Reg Comp Center wu-wien.ac.at #University of Economics, Vienna, Austria uni-hohenheim.de #University of Hohenheim ncsa.uiuc.edu #University of Illinois wam.umd.edu #University of Maryland Network WAM Project glue.umd.edu #University of Maryland - Project Glue engin.umich.edu #University of Michigan - CAEN umich.edu #University of Michigan - Campus dmsv.med.umich.edu #University of Michigan - DMSV citi.umich.edu #University of Michigan - IFS Development lsa.umich.edu #University of Michigan - LSA College math.lsa.umich.edu #University of Michigan - Math Cell sph.umich.edu #University of Michigan -- School of Public cs.unc.edu #University of North Carolina at Chapel Hill nd.edu #University of Notre Dame pitt.edu #University of Pittsburgh vn.uniroma3.it #University of Rome 3, Area Vasca Navale, Italy isi.edu #University of Southern California/ISI dce.uni-stuttgart.de #University of Stuttgart - DCE/DFS Cell ihf.uni-stuttgart.de #University of Stuttgart, Ins. fuer Hochfrequenz-Tec mathematik.uni-stuttgart.de #University of Stuttgart, Math Dept. cs.utah.edu #University of Utah Computer Science Dept utah.edu #University of Utah Information Tech. Service cs.washington.edu #University of Washington Comp Sci Department wisc.edu #University of Wisconsin-Madison, Campus cs.wisc.edu #University of Wisconsin-Madison, Comp Sci Dept belwue.uni-tuebingen.de #ZDV Universitaet Tuebingen This shows different and widespread organizations making use of the Internet AFS filetree. Note that it is also possible to use AFS "behind the firewall" within the confines of your organization's network - you don't have to participate in the Internet AFS filetree. Indeed, there are lots of benefits of using AFS on a local area network without using the WAN capabilities. Subject: 1.08 Why does AFS use Kerberos authentication? It improves security. Kerberos uses the idea of a trusted third party to prove identification. This is a bit like using a letter of introduction or quoting a referee who will vouch for you. When a user authenticates using the klog command (s)he is prompted for a password. If the password is accepted the Kerberos Authentication Server (KAS) provides the user with an encrypted token (containing a "ticket granting ticket"). From that point on, it is the encrypted token that is used to prove the user's identity. These tokens have a limited lifetime (typically a day) and are useless when expired. In AFS, it is possible to authenticate into multiple AFS cells. A summary of the current set of tokens held can be displayed by using the "tokens" command. For example: elmer@toontown $ tokens Tokens held by the Cache Manager: User's (AFS ID 9997) tokens for afs@ny.acme.com [Expires Sep 15 06:50] User's (AFS ID 5391) tokens for afs@sf.acme.com [Expires Sep 15 06:48] --End of list-- Kerberos improves security because a users's password need only be entered once (at klog time). AFS uses Kerberos to do complex mutual authentication which means that both the service requester and the service provider have to prove their identities before a service is granted. Transarc's implementation of Kerberos is slightly different from MIT Kerberos V4 but AFS can work with either version. Joe Jackson wrote about this in: http://www.cs.cmu.edu/afs/andrew.cmu.edu/usr/shadow/www/afs/afs-with-kerberos.html For more detail on this and other Kerberos issues see the faq for Kerberos (posted to news.answers and comp.protocols.kerberos) [28]. (Also, see [15], [16], [26], [27]) Subject: 1.09 Does AFS work over protocols other than TCP/IP? No. AFS was designed to work over TCP/IP. Subject: 1.10 How can I access AFS from my PC? You can use PC-Interface which is available from Transarc and Locus Computing Corporations. For more information on PC-Interface see the PC-Interface Frequently Asked Questions file in: file:///afs/transarc.com/public/afs-contrib/doc/faq/pci.faq ftp://ftp.transarc.com/pub/afs-contrib/doc/faq/pci.faq There is also SAMBA (an SMB/netbios server for UNIX). The current version will authenticate the connecting process with AFS as well. U http://samba.anu.edu.au/samba/ The SAMBA FAQ is in: U http://samba.anu.edu.au/samba/docs/faq/sambafaq-1.html#ss1.1 The SAMBA mailing list can be joined via: samba-request@anu.edu.au Subject: 1.11 How does AFS compare with NFS? AFS NFS File Access Common name space from Different file names from all workstations different workstations File Location Automatic tracking by Mountpoints to files set by Tracking file system processes administrators and users and databases Performance Client caching to reduce No local disk caching; network load; callbacks limited cache consistency to maintain cache consis- tency Andrew Benchmark Average time of 210 Average time of 280 (5 phases, 8 clients) seconds/client seconds/client Scaling capabilities Maintains performance in Best in small to mid-size small and very large installations installations Excellent performance on Best in local-area wide-area configuration configurations Security Kerberos mutual authen- Security based on tication unencrypted user ID's Access control lists on No access control lists directories for user and group access Availability Replicates read-mostly No replication data and AFS system information Backup Operation No system downtime with Standard UNIX backup system specially developed AFS Backup System Reconfiguration By volumes (groups of Per-file movement files) No user impact; files Users lose access to files remain accessible during and filenames change moves, and file names do (mountpoints need to be not change reset) System Management Most tasks performed from Frequently involves telnet any workstation to other workstations Autonomous Autonomous administrative File servers and clients Architecture units called cells, in addition to file servers and clients No trust required between No security distinctions cells between sites [ source: ftp://ftp.transarc.com/pub/afsps/doc/afs-nfs.comparison ] Other points: + Some vendors offer more secure versions of NFS but implementations vary. Many NFS ports have no extra security features (such as Kerberos). + The AFS Cache Manager can be configured to work with a RAM (memory) based cache. This offers signifigant performance benefits over a disk based cache. NFS has no such feature. Imagine how much faster it is to access files cached into RAM! + The Andrew benchmark demonstrates that AFS has better performance than NFS as the number of clients increases. A graph of this (taken from Andrew benchmark report) is available in: U http://www.angelfire.com/hi/plutonic/images/andrew1.jpg Subject: 2 Using AFS Subject: 2.01 What are the differences between AFS and a unix filesystem? Essentially, from a user's point of view, there is little difference between AFS and local unix filestore. Nearly all the commands normally used to access local files can be used to access files in /afs. In the following set of sections, I have attempted to "target" each section to an appropriate type of user by including to the right of each section heading one of: User, Programmer, SysAdmin. Here is a summary of the differences: Authentication: [ User ] Before a user can access protected AFS files (s)he needs to become authenticated to AFS using the klog command (Kerberos login) to get a Kerberos "ticket granting ticket" (called a token from here on). Without a token, an unauthenticated user is given the AFS identity "system:anyuser" and as such is only able to access files in directories that have ACLs granting system:anyuser access. Many systems have the klog function built into the system login program. So a user would not even have to know they gain a token on logging in. If you use a system where you have to issue the klog command after login then you should run the pagsh command first (see below). AFS provides access control lists to give more precise control to users wishing to protect their files (see AFS ACL below). File permissions: [ User ] Unix mode bits for group and other are ignored. The mode bits for the file owner don't work the way they used to. Users should protect their AFS files with (directory) ACLs only. Just use mode bits to make a file executable. Data protection with AFS ACLs: [ User ] Some versions of unix (eg IBM's AIX version 3) allow ACLs on local files. In AFS, ACLs protect directories and used with AFS protection groups (see below) provide a finer granularity of protection than can be achieved with basic unix file permissions. (AFS ACLs are described in more detail below.) Protection groups: [ User ] Users can create and maintain their own protection groups in AFS - as opposed to unix where only sys admins can manage protection groups. Hard links: [ User ] In AFS, hard links (eg: ln old new) are only valid within a directory. This is because AFS ACLs protect directories (not individual files) and allowing hard links that span directories would subvert ACL protection. Symbolic links work in AFS because they reference a pathname and not an i-node directly. (Hard links reference an i-node directly.) Changing file protection by moving a file: [ User ] Moving a file to a different directory will change the protection of a file if the ACL on the new directory if different to the ACL on the original directory. chown and chgrp: [ User ] Only members of the AFS group "system:administrators" can use these commands on files in /afs. Save on close: [ Programmer ] AFS Cache Manager does not send file modifications to a file server until the close() or fsync() system call. write() system calls only update the local cache copy on the client. Note the difference in semantic of writing a file: local unix file: writes update the file "immediately" AFS file: local cached copy updated "immediately" but the server copy is only updated when the file is closed or fsync'ed. It is important to understand that most applications (eg: vi, emacs, frame, interleaf, wingz, dogz, etc) issue the close() system call when the user chooses/issues the "save" command in the application. Users are not required to exit the application to "save" their changes back to the server. byte-range file locking: [ Programmer ] AFS does not support byte-range locking within a file, although lockf() and fcntl() calls will return 0 (success). The first time a byte-range lock is attempted, AFS will display: "afs: byte-range lock/unlock ignored; make sure no one else else is running this program." whole file locking: [ Programmer ] AFS does support advisory locking an entire file with flock(). Processes on the same client workstation that attempt to lock a file obey the proper locking semantics. Processes on different AFS clients requesting a lock on the same file would get EWOULDBLOCK returned. character and block special files: [ SysAdmin ] AFS does not support character and block special files. The mknod command does not create either character or block special files in /afs. AFS version of fsck: [ SysAdmin ] On an AFS server, the partitions containing served files are NOT unix filesystems and standard fsck *must* not be used - use the AFS version instead. Subject: 2.02 What is an AFS protection group? A named list of users. Group names are used in AFS ACLs to identify lists of users with particular access permissions. In AFS, users can create and maintain their own protection groups. This is different to unix where only the system administrator can manage /etc/group. AFS groups are stored in the protection database on fileserver(s) and managed by using the "pts" command. An AFS group typically has the format: owner-id:group-name By default, only the owner of a group can change its members. It is possible to have both users and IP addresses as members of an AFS group. By using an IP address like this you can specify all the users from the host with that IP address. Subject: 2.03 What are the AFS defined protection groups? system:anyuser Everyone who has access to an AFS client in any cell that is on the same network as your cell. system:authuser Everyone who has access to an AFS client in any cell that is on the same network as your cell *and* has valid tokens for your cell (ie has been authenticated in your cell). system:administrators Users who have privileges to execute some but not all system administrator commands. Subject: 2.04 What is an AFS access control list (ACL)? There is an ACL for every directory in AFS. The ACL specifies protection at the directory level (not file level) by listing permissions of users and/or groups to a directory. There is a maximum of 20 entries on an ACL. For example: An AFS ACL is displayed by using the "fs" command as shown below: tweety@toontown $ fs listacl . Access list for . is Normal rights: fac:coords rlidwka system:anyuser rl This ACL shows that members of the AFS protection group "fac:coords" have full access rights to the current directory and "system:anyuser" has only read and lookup rights. The members of "fac:coords" can be determined by accessing the protection group database using the "pts" command as shown below: tweety@toontown $ pts membership fac:coords Members of fac:coords (id: -1577) are: sylvester roadrunner yosemite.sam Subject: 2.05 What are the AFS access rights? In AFS, there are seven access rights that may be set or not set: lookup l Permission to examine the ACL and traverse the directory (needed with most other access rights). Permission to look up filenames in a directory. read r View the contents of files in the directory insert i Add new files or sub-directories write w Modify file contents, use "chmod" delete d Remove file(s) in directory lock k Permission for programs to "flock" files in the directory administer a Ability to change the ACL There are short-hand forms: read rl read and lookup write rlidwk all rights except administer all rlidwka none removes all rights Subject: 2.06 What is pagsh? A command to get a new shell with a process authentication group (PAG). This is normally used if your system does not use the AFS version of login. It is used to get a PAG prior to running klog. The PAG uniquely identifies the user to the Cache Manager. Without a PAG the Cache Manager uses the unix UID to identify a user. Subject: 2.07 Why use a PAG? There are two reasons: a) Child processes inherit the PAG and the Kerberos token so they are AFS authenticated. b) For security: if you don't have a PAG then the Cache Manager identifies you by unix UID. Another user with root access to the client could su to you and therefore use your token. Subject: 2.08 How can I tell if I have a PAG? You can tell if you have a PAG by typing "groups". A PAG is indicated by the appearance of two integers in the list of groups. For example: sylvester@toontown $ groups 33536 32533 staff catz Subject: 2.09 Can I still run cron jobs with AFS? Yes, but remember that in order to fully access files in AFS you have to be AFS authenticated. If your cron job doesn't klog then it only gets system:anyuser access. The klog command has a "-pipe" option which will read a password from stdin. IF (yes, that's a big if :-) you are prepared to store your password in a local (non-AFS) file then you might use the following: a) create a "wrapper" script to get a PAG, get your AFS token and execute a command: #!/usr/afsws/bin/pagsh # # NAME afs_wrap_cron # AUTHOR Paul Blackburn <mpb@acm.org> # PURPOSE Run an AFS authenticated cron job. # Get a PAG, get the user's token, # then exec user's command CMD=`basename ${0}` usage() { echo "Usage: ${CMD} [ -principal AFSID ] passwordfile command" >&2 } if [ ${1} = "-principal" ]; then PRINCIPAL="${1} ${2}" shift 2 fi if [ -z "${1}" ]; then echo "${CMD} error: need name of password file" >&2 usage exit 1 else passwordfile=${1} shift fi /usr/afsws/bin/klog ${PRINCIPAL} -pipe < ${passwordfile} if [ -z "${1}" ]; then echo "${CMD} error: need name of command to run" >&2 usage exit 1 else command_line="$*" command=`echo ${command_line} | awk '{print $1}'` # Check if we can run the command. # If we got this far, it is likely that the command name is correct # but there may be a problem in accessing the command file. # If there is an error, log it via syslog (logger) rather than ">&2" if [ ! -x "${command}" ]; then M="error: unable to execute command ${command}" logger -i -t "${CMD}" "${M}" exit 1 fi fi exec ${command_line} b) Store your password in a local (non-AFS) file that only you have access to (perhaps: /home/$USER/.p). Make sure that this file is mode 600 and also be sure that you trust whoever has root access on this system and whoever has access to backup tapes! Also, don't forget to change this file if you change your AFS password. c) In your crontab file, run afs_wrap_cron followed by unlog: 0 6 * * * /usr/local/bin/afs_wrap_cron /home/$USER/.p \ $HOME/bin/6AMdaily; /usr/afsws/bin/unlog Note that you can still run a cron job without getting a token if the task does not need to be AFS authenticated. In this case, you may get stderr from the cron job if your .profile is not accessible because of the ACL protecting your $HOME. Simply redirect to /dev/null: 0 7 * * * $sys_anyuser_readable_dir/7AMdaily 2>/dev/null Subject: 2.10 How much disk space does a 1 byte file occupy in AFS? One kilobyte. Other filesystems allocate different file block sizes. For example, IBM's AIX version 3 journaled file system (JFS) uses 4K blocks (exception: 2K for the 160MB disk drive). Such blocksize differences lead to variations on the amount of disk space required to store files. Copying a directory from AFS to AIX JFS would require more space in JFS because of the block fragmentation. Example: a) Create a one byte file in AFS and use "ls -s" to show how many kilobytes it occupies: ariel@atlantica $ echo z >/afs/dsea/tmp/one_byte_file ariel@atlantica $ ls -s /afs/dsea/tmp/one_byte_file 1 /afs/dsea/tmp/one_byte_file b) Create same file in local filesystem (AIX JFS): ariel@atlantica $ echo z >/tmp/one_byte_file ariel@atlantica $ ls -s /tmp/one_byte_file 4 /tmp/one_byte_file Subject: 2.11 Is it possible to specify a user who is external to the current AFS cell on an ACL? No. You cannot reference a particular user from another AFS cell. You can specify an IP address on the ACL; this means any and all users from the host with that IP address. Another solution to this problem is to give the external user an "authentication-only" account in your AFS cell. This means that (s)he can klog (but has no home directory) in your cell. # Example: AFS administrator creates an authentication-only user $ uss add daffy "Daffy Duck" -t /dev/null $ kas setpassword daffy -admin admin Cross-realm authentication (where co-operating cells are able to specify remore users as "user@remote.cell" on an ACL) is an *unsupported* feature of AFS 3.3a. That means that Transarc doesn't promise to make it work for you, nor keep it running in future releases. Subject: 2.12 Are there any problems printing files in /afs? The issue of printing in AFS is almost always the same: what do you send to the printing daemon? Do you send it the bytes you want to print or do you just send the file name containing those bytes? If you send it a file name, you have to be sure that the printing daemon can read it. Most daemons run with no AFS tokens, so can't access directories unless they are open for system:anyuser read access. Often, printing commands (lpr, lp, enq) have an option that allows for both modes of operation, though the default behavior varies from system to system. If you're interested in making your daemons authenticate to AFS, check out the example scripts in AFS-Contrib: file:///afs/transarc.com/public/afs-contrib/tools/reauth-example ftp://ftp.transarc.com/pub/afs-contrib/tools/reauth-example/ Another common problem is setuid printing commands. For instance, the "enq" command runs as root, daemon, or some such user. If you aren't using the AFS login and simply issue "klog" to get tokens, those tokens are associated with your uid. When setuid programs run, they lose access to your token and often can't read the file name given as an argument. The solution in this case is to use "pagsh" before "klog" so that your tokens are transferred to subprocesses automatically by group membership. This works even if the uid changes, as for setuid programs. Subject: 2.13 Can I create a fifo (aka named pipe) in /afs? No. AFS does not support "mknod fifofile p". Subject: 2.14 If an AFS server crashes, do I have to reboot my AFS client? No. Typically, if an AFS server becomes unavailable, the AFS Cache Manager on your AFS client will see you through the outage until the server returns. This robustness is dependent on the way your AFS cell has been configured including the following factors: + On the client side: + How big is the cache? + Are the files you need already in the cache? + On the server side: + How many servers? It's best to have a minimum of three. + Is the data you are accessing replicated? In AFS, replicas are ReadOnly copies. With replicated volumes, the AFS Cache Manager knows about all of the servers on which the replicas are located. Therefore, when the Cache Manager accesses a replicated volume, if the RPC times out, the Cache Manager automatically retrys the RPC, using a different file server. If necessary, the Cache Manager will attempt to contact all file servers on which a replica of the volume resides. If you are accessing ReadWrite volumes on a crashed server then you will not be able to save changes back to the server until it returns. You don't need to reboot, and the Cache Manager activity is "invisible" to the user. Subject: 2.15 Can I use AFS on my diskless workstation? Yes. The AFS Cache Manager can be configured to work with either a disk based cache or a memory (RAM) based cache. With the latter, you can expect file access from the cache with a whizz! U http://www.uni-hohenheim.de/~schaefer/afs/info-afs/1306.html Subject: 2.16 Can I test for AFS tokens from within my program? Yes. Some sample code showing how to do this can be found in: file:///afs/transarc.com/public/afs-contrib/tools/auth-samples/listtokens.c ftp://ftp.transarc.com/pub/afs-contrib/tools/auth-samples/listtokens.c Subject: 2.17 What's the difference between /afs/cellname and /afs/.cellname? AFS has ReadOnly (RO) and ReadWrite (RW) volumes. The convention in AFS is to mount the RW volume "root.cell" as /afs/.cellname and the RO volume "root.cell.readonly" as /afs/cellname. This is so that when you travel down the /afs/.cellname link, AFS will always use the RW site of any volumes that have RO clones. This allows your administrator to update the RW copy of a volume and "vos release $volname" so that it will appear in /afs/cellname. Subject: 2.18 Can I klog as two users on a machine in the same cell? Yes, if you use two different PAGs. It's: "One token per PAG per client system." From one shell you can only authenticate as a single user of a cell. If you open another shell (with another PAG) you can klog as a different user of the same cell from the same client. You can authenticate into many cells from one client shell. Subject: 2.19 What are the ~/.__afsXXXX files? They are temporary reference files used by the AFS Cache Manager. In UNIX filesystems, when you a remove a file that is kept open by a process, the file stays around physically while it is no longer referenced in any directory (which you will see as a mismatch between disk space usage according to df and du). Some applications rely on that feature, e.g. they create a temporary file and remove it immediatley while keeping the file descriptor open. The file then disappears from the filesystem automagically when the process terminates or the file descriptor gets closed otherwise. Such applications could get into trouble with older versions of AFS, where the file could really disappear while it was held open. Newer versions of AFS rename such files to .__afsXXXX, thus making sure that the data stays around as expected by the application. As soon as the file gets closed, the associated .__afsXXXX should disappear. Subject: 3 AFS administration Subject: 3.01 Is there a version of xdm available with AFS authentication? Yes, xdm can be found in: file:///afs/transarc.com/public/afs-contrib/tools/xdm ftp://ftp.transarc.com/pub/afs-contrib/tools/xdm/ Subject: 3.02 Is there a version of xlock available with AFS authentication? Yes, xlock can be found in: file:///afs/transarc.com/public/afs-contrib/tools/xlock ftp://ftp.transarc.com/pub/afs-contrib/tools/xlock/ Subject: 3.03 What is /afs/@cell? It is a symbolic link pointing at /afs/$your_cell_name. NB, @cell is not something that is provided by AFS. You may decide it is useful in your cell and wish to create it yourself. /afs/@cell is useful because: + If you look after more than one AFS cell, you could create the link in each cell then set your PATH as: PATH=$PATH:/afs/@cell/@sys/local/bin + For most cells, it shortens the path names to be typed in thus reducing typos and saving time. A disadvantage of using this convention is that when you cd into /afs/@cell then type "pwd" you see "/afs/@cell" instead of the full name of your cell. This may appear confusing if a user wants to tell a user in another cell the pathname to a file. You could create your own /afs/@cell with the following: #/bin/ksh - # author: mpb [ -L /afs/@cell ] && echo We already have @cell! && exit cell=$(cat /usr/vice/etc/ThisCell) cd /afs/.${cell} && fs mkm temp root.afs cd temp ln -s /afs/${cell} @cell ln -s /afs/.${cell} .@cell # .@cell for RW path cd /afs/.${cell} && fs rmm temp vos release root.afs; fs checkv U http://www-archive.stanford.edu/lists/info-afs/hyper95/0298.html Subject: 3.04 Given that AFS data is location independent, how does an AFS client determine which server houses the data its user is attempting to access? The Volume Location Database (VLDB) is stored on AFS Database Servers and is ideally replicated across 3 or more Database Server machines. Replication of the Database ensures high availability and load balances the requests for the data. The VLDB maintains information regarding the current physical location of all volume data (files and directories) in the cell, including the IP address of the FileServer, and the name of the disk partition the data is stored on. A list of a cell's Database Servers is stored on the local disk of each AFS Client machine as: /usr/vice/etc/CellServDB The Database Servers also house the Kerberos Authentication Database (encrypted user and server passwords), the Protection Database (user UID and protection group information) and the Backup Database (used by System Administrators to backup AFS file data to tape). Subject: 3.05 Which protocols does AFS use? AFS may be thought of as a collection of protocols and software processes, nested one on top of the other. The constant interaction between and within these levels makes AFS a very sophisticated software system. At the lowest level is the UDP protocol, which is part of TCP/IP. UDP is the connection to the actual network wire. The next protocol level is the remote procedure call (RPC). In general, RPCs allow the developer to build applications using the client/server model, hiding the underlying networking mechanisms. AFS uses Rx, an RPC protocol developed specifically for AFS during its development phase at Carnegie Mellon University. Above the RPC is a series of server processes and interfaces that all use Rx for communication between machines. Fileserver, volserver, upserver, upclient, and bosserver are server processes that export RPC interfaces to allow their user interface commands to request actions and get information. For example, a bos status <machine name> command will examine the bos server process on the indicated file server machine. Database servers use ubik, a replicated database mechanism which is implemented using RPC. Ubik guarantees that the copies of AFS databases of multiple server machines remain consistent. It provides an application programming interface (API) for database reads and writes, and uses RPCs to keep the database synchronized. The database server processes, vlserver, kaserver, and ptserver, reside above ubik. These processes export an RPC interface which allows user commands to control their operation. For instance, the pts command is used to communicate with the ptserver, while the command klog uses the kaserver's RPC interface. Some application programs are quite complex, and draw on RPC interfaces for communication with an assortment of processes. Scout utilizes the RPC interface to file server processes to display and monitor the status of file servers. The uss command interfaces with kaserver, ptserver, volserver and vlserver to create new user accounts. The Cache Manager also exports an RPC interface. This interface is used principally by file server machines to break callbacks. It can also be used to obtain Cache Manager status information. The program cmdebug shows the status of a Cache Manager using this interface. For additional information, Section 1.5 of the AFS System Administrator's Guide and the April 1990 Cache Update contain more information on ubik. Udebug information and short descriptions of all debugging tools were included in the January 1991 Cache Update. Future issues will discuss other debugging tools in more detail. [ source: ftp://ftp.transarc.com/pub/afsug/newsletter/apr91 ] [ Copyright 1991 Transarc Corporation ] Subject: 3.06 Are setuid programs executable across AFS cell boundaries? By default, the setuid bit is ignored but the program may be run (without setuid privilege). It is possible to configure an AFS client to honour the setuid bit. This is achieved by root running: root@toontown # fs setcell -cell $cellname -suid (where $cellname is the name of the foreign cell. Use with care!). NB: making a program setuid (or setgid) in AFS does *not* mean that the program will get AFS permissions of a user or group. To become AFS authenticated, you have to klog. If you are not authenticated, AFS treats you as "system:anyuser". Subject: 3.07 How does AFS maintain consistency on read-write files? AFS uses a mechanism called "callback". Callback is a promise from the fileserver that the cache version of a file/directory is up-to-date. It is established by the fileserver with the caching of a file. When a file is modified the fileserver breaks the callback. When the user accesses the file again the Cache Manager fetches a new copy if the callback has been broken. The following paragraphs describe AFS callback mechanism in more detail: If I open() fileA and start reading, and you then open() fileA, write() a change ***and close() or fsync()*** the file to get your changes back to the server - at the time the server accepts and writes your changes to the appropriate location on the server disk, the server also breaks callbacks to all clients to which it issued a copy of fileA. So my client receives a message to break the callback on fileA, which it dutifully does. But my application (editor, spreadsheet, whatever I'm using to read fileA) is still running, and doesn't really care that the callback has been broken. When something causes the application to read() more of the file the read() system call executes AFS cache manager code via the VFS switch, which does check the callback and therefore gets new copies of the data. Of course, the application may not re-read data that it has already read, but that would also be the case if you were both using the same host. So, for both AFS and local files, I may not see your changes. Now if I exit the application and start it again, or if the application does another open() on the file, then I will see the changes you've made. This information tends to cause tremendous heartache and discontent - but unnecessarily so. People imagine rampant synchronization problems. In practice this rarely happens and in those rare instances, the data in question is typically not critical enough to cause real problems or crashing and burning of applications. Since 1985, we've found that the synchronization algorithm has been more than adequate in practice - but people still like to worry! The source of worry is that, if I make changes to a file from my workstation, your workstation is not guaranteed to be notified until I close or fsync the file, at which point AFS guarantees that your workstation will be notified. This is a significant departure from NFS, in which no guarantees are provided. Partially because of the worry factor and largely because of Posix, this will change in DFS. DFS synchronization semantics are identical to local file system synchronization. [ DFS is the Distributed File System which is part of the Distributed ] [ Computing Environment (DCE). ] Subject: 3.08 How can I run daemons with tokens that do not expire? It is not a good idea to run with tokens that do not expire because this would weaken one of the security features of Kerberos. A better approach is to re-authenticate just before the token expires. There are two examples of this that have been contributed to afs-contrib. The first is "reauth": file:///afs/transarc.com/public/afs-contrib/tools/reauth/ ftp://ftp.transarc.com/pub/afs-contrib/tools/reauth/ The second is "lat": /afs/transarc.com/public/afs-contrib/pointers\ /UMich-lat-authenticated-batch-jobs ftp://ftp.transarc.com/pub/afs-contrib/pointers /UMich-lat-authenticated-batch-jobs Subject: 3.09 Can I check my user's passwords for security purposes? Yes. Alec Muffett's Crack tool (at version 4.1f) has been converted to work on the Transarc kaserver database. This modified Crack (AFS Crack) is available via anonymous ftp from: ftp://export.acs.cmu.edu/pub/crack.tar.Z and is known to work on: pmax_* sun4*_* hp700_* rs_aix* next_* It uses the file /usr/afs/db/kaserver.DB0, which is the database on the kaserver machine that contains the encrypted passwords. As a bonus, AFS Crack is usually two to three orders of magnitude faster than the standard Crack since there is no concept of salting in a Kerberos database. On a normal UNIX /etc/passwd file, each password can have been encrypted around 4096 (2^12) different saltings of the crypt(3) algorithm, so for a large number of users it is easy to see that a potentially large (up to 4095) number of seperate encryptions of each word checked has been avoided. Author: Dan Lovinger Contact: Derrick J. Brashear <shadow+@andrew.cmu.edu> Note: AFS Crack does not work for MIT Kerberos Databases. The author is willing to give general guidance to someone interested in doing the (probably minimal) amount of work to port it to do MIT Kerberos. The author does not have access to a MIT Kerberos server to do this. Subject: 3.10 Is there a way to automatically balance disk usage across fileservers? Yes. There is a tool, balance, which does exactly this. It can be retrieved via anonymous ftp from: ftp://ftp.andrew.cmu.edu/pub/balance-1.1a.tar.Z Actually, it is possible to write arbitrary balancing algorithms for this tool. The default set of "agents" provided for the current version of balance balance by usage, # of volumes, and activity per week, the latter currently requiring a source patch to the AFS volserver. Balance is highly configurable. Author: Dan Lovinger Contact: Derrick Brashear <shadow+@andrew.cmu.edu> Subject: 3.11 Can I shutdown an AFS fileserver without affecting users? Yes, this is an example of the flexibility you have in managing AFS. Before attempting to shutdown an AFS fileserver you have to make some arrangements that any services that were being provided are moved to another AFS fileserver: 1) Move all AFS volumes to another fileserver. (Check you have the space!) This can be done "live" while users are actively using files in those volumes with no detrimental effects. 2) Make sure that critical services have been replicated on one (or more) other fileserver(s). Such services include: kaserver - Kerberos Authentication server vlserver - Volume Location server ptserver - Protection server buserver - Backup server It is simple to test this before the real shutdown by issuing: bos shutdown $server $service where: $server is the name of the server to be shutdown and $service is one (or all) of: kaserver vlserver ptserver buserver Other points to bear in mind: + "vos remove" any RO volumes on the server to be shutdown. Create corresponding RO volumes on the 2nd fileserver after moving the RW. There are two reasons for this: 1) An RO on the same partition ("cheap replica") requires less space than a full-copy RO. 2) Because AFS always accesses RO volumes in preference to RW, traffic will be directed to the RO and therefore quiesce the load on the fileserver to be shutdown. + If the system to be shutdown has the lowest IP address there may be a brief delay in authenticating because of timeout experienced before contacting a second kaserver. Subject: 3.12 How can I set up mail delivery to users with $HOMEs in AFS? There are many ways to do this. Here, only two methods are considered: Method 1: deliver into local filestore This is the simplest to implement. Set up your mail delivery to append mail to /var/spool/mail/$USER on one mailserver host. The mailserver is an AFS client so users draw their mail out of local filestore into their AFS $HOME (eg: inc). Note that if you expect your (AFS unauthenticated) mail delivery program to be able to process .forward files in AFS $HOMEs then you need to add "system:anyuser rl" to each $HOMEs ACL. The advantages are: + Simple to implement and maintain. + No need to authenticate into AFS. The drawbacks are: - It doesn't scale very well. - Users have to login to the mailserver to access their new mail. - Probably less secure than having your mailbox in AFS. - System administrator has to manage space in /var/spool/mail. Method 2: deliver into AFS This takes a little more setting up than the first method. First, you must have your mail delivery daemon AFS authenticated (probably as "postman"). The reauth example in afs-contrib shows how a daemon can renew its token. You will also need to setup the daemon startup soon after boot time to klog (see the -pipe option). Second, you need to set up the ACLs so that "postman" has lookup rights down to the user's $HOME and "lik" on $HOME/Mail. Advantages: + Scales better than first method. + Delivers to user's $HOME in AFS giving location independence. + Probably more secure than first method. + User responsible for space used by mail. Disadvantages: - More complicated to set up. - Need to correctly set ACLs down to $HOME/Mail for every user. - Probably need to store postman's password in a file so that the mail delivery daemon can klog after boot time. This may be OK if the daemon runs on a relatively secure host. An example of how to do this for IBM RISC System/6000 is auth-sendmail. A beta test version of auth-sendmail can be found in: file:///afs/transarc.com/public/afs-contrib/doc/faq/auth-sendmail.tar.Z ftp://ftp.transarc.com/pub/afs-contrib/doc/faq/auth-sendmail.tar.Z Subject: 3.13 Should I replicate a ReadOnly volume on the same partition and server as the ReadWrite volume? Yes, Absolutely! It improves the robustness of your served volumes. If ReadOnly volumes exist (note use of term *exist* rather than *are available*), Cache Managers will *never* utilize the ReadWrite version of the volume. The only way to access the RW volume is via the "dot" path (or by special mounting). This means if *all* RO copies are on dead servers, are offline, are behind a network partition, etc, then clients will not be able to get the data, even if the RW version of the volume is healthy, on a healthy server and in a healthy network. However, you are *very* strongly encouraged to keep one RO copy of a volume on the *same server and partition* as the RW. There are two reasons for this: 1) The RO that is on the same server and partition as the RW is a clone (just a copy of the header - not a full copy of each file). It therefore is very small, but provides access to the same set of files that all other (full copy) ReadOnly volume do. Transarc trainers refer to this as the "cheap replica". 2) To prevent the frustration that occurs when all your ROs are unavailable but a perfectly healthy RW was accessible but not used. If you keep a "cheap replica", then by definition, if the RW is available, one of the RO's is also available, and clients will utilize that site. Subject: 3.14 Should I start AFS before NFS in /etc/inittab? Yes, it is possible to run both AFS and NFS on the same system but you should start AFS first. In IBM's AIX 3.2, your /etc/inittab would contain: rcafs:2:wait:/etc/rc.afs > /dev/console 2>&1 # Start AFS daemons rcnfs:2:wait:/etc/rc.nfs > /dev/console 2>&1 # Start NFS daemons With AIX, you need to load NFS kernel extensions before the AFS KEs in /etc/rc.afs like this: #!/bin/sh - # example /etc/rc.afs for an AFS fileserver running AIX 3.2 # echo "Installing NFS kernel extensions (for AFS+NFS)" /etc/gfsinstall -a /usr/lib/drivers/nfs.ext echo "Installing AFS kernel extensions..." D=/usr/afs/bin/dkload ${D}/cfgexport -a ${D}/export.ext ${D}/cfgafs -a ${D}/afs.ext /usr/afs/bin/bosserver & Subject: 3.15 Will AFS run on a multi-homed fileserver? (multi-homed = host has more than one network interface.) Yes, it will. However, AFS was designed for hosts with a single IP address. There can be problems if you have one host name being resolved to several IP addresses. Transarc suggest designating unique hostnames for each network interface. For example, a host called "spot" has two tokenring and one ethernet interfaces: spot-tr0, spot-tr1, spot-en0. Then, select which interface will be used for AFS and use that hostname in the CellServDB file (eg: spot-tr0). You also have to remember to use the AFS interface name with any AFS commands that require a server name (eg: vos listvol spot-tr0). There is a more detailed discussion of this in the August 1993 issue of "Cache Update" (see: ftp://ftp.transarc.com/pub/afsug/newsletter/aug93). The simplest way of dealing with this is to make your AFS fileservers single-homed (eg only use one network interface). At release 3.4 of AFS, it is possible to have multi-homed fileservers (but _not_ multi-homed database servers). Subject: 3.16 Can I replicate my user's home directory AFS volumes? No. Users with $HOMEs in /afs normally have an AFS ReadWrite volume mounted in their home directory. You can replicate a RW volume but only as a ReadOnly volume and there can only be one instance of a ReadWrite volume. In theory, you could have RO copies of a user's RW volume on a second server but in practice this won't work for the following reasons: a) AFS has built-in bias to always access the RO copy of a RW volume. So the user would have a ReadOnly $HOME which is not too useful! b) Even if a) was not true you would have to arrange frequent synchronisation of the RO copy with the RW volume (for example: "vos release user.fred; fs checkv") and this would have to be done for all such user volumes. c) Presumably, the idea of replicating is to recover the $HOME in the event of a server crash. Even if a) and b) were not problems consider what you might have to do to recover a $HOME: 1) Create a new RW volume for the user on the second server (perhaps named "user.fred.2"). 2) Now, where do you mount it? The existing mountpoint cannot be used because it already has the ReadOnly copy of the original volume mounted there. Let's choose: /afs/MyCell/user/fred.2 3) Copy data from the RO of the original into the new RW volume user.fred.2 4) Change the user's entry in the password file for the new $HOME: /afs/MyCell/user/fred.2 You would have to attempt steps 1 to 4 for every user who had their RW volume on the crashed server. By the time you had done all of this, the crashed server would probably have rebooted. The bottom line is: you cannot replicate $HOMEs across servers. Subject: 3.17 Which TCP/IP ports and protocols do I need to enable in order to operate AFS through my Internet firewall? Assuming you have already taken care of nameserving, you may wish to use an Internet timeserver for Network Time Protocol [35] [36]: ntp 123/tcp A list of NTP servers is available via anonymous FTP from: http://www.eecis.udel.edu/~mills/ntp/servers.html For further details on NTP see: http://www.eecis.udel.edu/~ntp/ For a "minimal" AFS service which does not allow inbound or outbound klog: fileserver 7000/udp cachemanager 7001/udp ptserver 7002/udp vlserver 7003/udp kaserver 7004/udp volserver 7005/udp reserved 7006/udp bosserver 7007/udp (Ports in the 7020-7029 range are used by the AFS backup system, and won't be needed by external clients performing simple file accesses.) Additionally, for "klog" to work through the firewall you need to allow inbound and outbound UDP on ports >1024 (probably 1024<port<2048 would suffice depending on the number of simultaneous klogs). See also: http://www-archive.stanford.edu/lists/info-afs/hyper95/0874.html Subject: 3.18 What is the Andrew Benchmark? "It is a script that operates on a collection of files constituting an application program. The operations are intended to represent typical actions of an average user. The input to the benchmark is a source tree of about 70 files. The files total about 200 KB in size. The benchmark consists of five distinct phases: I MakeDir - Construct a target subtree that is identical to the source subtree. II Copy - Copy every file from the source subtree to the target subtree. III ScanDir - Traverse the target subtree and examine the status of every file in it. IV ReadAll - Scan every byte of every file in the target subtree. V Make - Complete and link all files in the target subtree." Source: file:///afs/transarc.com/public/afs-contrib/doc/benchmark/Andrew.Benchmark.ps ftp://ftp.transarc.com/pub/afs-contrib/doc/benchmark/Andrew.Benchmark.ps Subject: 3.19 Is there a version of HP VUE login with AFS authentication? Yes, the availability of this is described in: file:///afs/transarc.com/public/afs-contrib/pointers/HP-VUElogin.txt ftp://ftp.transarc.com/pub/afs-contrib/pointers/HP-VUElogin.txt U If you don't have access to the above, please contact Rajeev Pandey U of Hewlett Packard whose email address is <rpandey@cv.hp.com>. Subject: 3.20 How can I list which clients have cached files from a server? By using the following script: #!/bin/ksh - # # NAME afsclients # AUTHOR Rainer Toebbicke <rtb@dxcern.cern.ch> # DATE June 1994 # PURPOSE Display AFS clients which have grabbed files from a server if [ $# = 0 ]; then echo "Usage: $0 <afs_server 1> ... <afsserver n>" exit 1 fi for n; do /usr/afsws/etc/rxdebug -servers $n -allconn done | grep '^Connection' | \ while read x y z ipaddr rest; do echo $ipaddr; done | sort -u | while read ipaddr; do ipaddr=${ipaddr%%,} n="`nslookup $ipaddr`" n="${n##*Name: }" n="${n%%Address:*}" n="${n##*([ ])}" n="${n%?}" echo "$n ($ipaddr)" done Subject: 3.21 Do Backup volumes require as much space as ReadWrite volumes? No. The technique used is to create a new volume, where every file in the RW copy is pointed to by the new backup volume. The files don't exist in the BK, only in the RW volume. The backup volume therefore takes up very little space. If the user now starts modifying data, the old copy must not be destroyed. There is a Copy-On-Write bit in the vnode - if the fileserver writes to a vnode with the bit on it allocates a new vnode for the data and turns off the COW bit. The BK volume hangs onto the old data, and the RW volume slowly splits itself away over time. The BK volume is re-synchronised with the RW next time a "vos backupsys" is run. The space needed for the BK volume is directly related to the size of all files changed in the RW between runs of "vos backupsys". Subject: 3.22 Should I run timed on my AFS client? No. The AFS Cache Manager makes use of NTP [35] [36] to synchronise time with your cell's NTP servers. Typically, one of your AFS cell's servers synchronises with an external NTP server and provides accurate time to your cell. Subject: 3.23 Why should I keep /usr/vice/etc/CellServDB current? On AFS clients, /usr/vice/etc/CellservDB, defines the cells and (their servers) that can be accessed via /afs. Over time, site details change: servers are added/removed or moved onto new network addresses. New sites appear. In order to keep up-to-date with such changes, the CellservDB file on each AFS client should be kept consistent with some master copy (at your site). As well as updating CellservDB, your AFS administrator should ensure that new cells are mounted in your cell's root.afs volume. Subject: 3.24 How can I keep /usr/vice/etc/CellServDB current? Do a daily copy from a master source and update the AFS kernel sitelist. The client CellServDB file must not reside under /afs and is best located in local filespace. Simply updating a client CellServDB file is not enough. You also need to update the AFS kernel sitelist by either: a) rebooting the client or b) running "fs newcell $cell_name $server_list" for each site in the CellServDB file. A script to update the AFS kernel sitelist on a running system is newCellServDB. file:///afs/ece.cmu.edu/usr/awk/Public/newCellServDB ftp://ftp.ece.cmu.edu/pub/afs-tools/newCellServDB One way to distribute CellServDB is to have a root cron job on each AFS client copy the file then run newCellServDB. Example: #!/bin/ksh - # # NAME syncCellServDB # PURPOSE Update local CellServDB file and update AFS kernel sitelist # USAGE run by daily root cron job eg: # 0 3 * * * /usr/local/sbin/syncCellServDB # # NOTE "@cell" is a symbolic link to /afs/$this_cell_name src=/afs/@cell/service/etc/CellServDB dst=/usr/vice/etc/CellServDB xec=/usr/local/sbin/newCellServDB log=/var/log/syncCellServDB if [ -s ${src} ]; then if [ ${src} -nt ${dst} ]; then cp $dst ${dst}- && cp $src $dst && $xec 2>&1 >$log else echo "master copy no newer: no processing to be done" >$log fi else echo "zero length file: ${src}" >&2 fi Subject: 3.25 How can I compute a list of AFS fileservers? Here is a Korn shell command to do it: stimpy@nick $ vos listvldb -cell $(cat /usr/vice/etc/ThisCell) \ | awk '(/server/) {print $2}' | sort -u Subject: 3.26 How can I set up anonymous FTP login to access /afs? The easiest way on a primarily "normal" machine (where you don't want to have everything in AFS) is to actually mount root.cell under ~ftp, and then symlink /afs to ~ftp/afs or whatever. It's as simple as changing the mountpoint in /usr/vice/etc/cacheinfo and restarting afsd. Note that when you do this, anon ftp users can go anywhere system:anyuser can (or worse, if you're using IP-based ACLs and the ftp host is PTS groups). The only "polite" solution I've arrived at is to have the ftp host machine run a minimal CellServDB and police my ACLs tightly. Alternatively, you can make ~ftp an AFS volume and just mount whatever you need under that - this works well if you can keep everything in AFS, and you don't have the same problems with anonymous "escapes" into /afs. Unless you need to do authenticating ftp, you are _strongly_ recommended using wu-ftpdv2.4 (or better). Subject: 3.27 Where can I find the Andrew Benchmark? file:///afs/transarc.com/public/afs-contrib/doc/faq/ab.tar.Z [156k] ftp://ftp.transarc.com/pub/afs-contrib/doc/faq/ab.tar.Z [156k] This is a tar archive of file:///afs/cs.cmu.edu/user/satya/ftp/ab/ Subject: 4 Getting more information Subject: 4.01 Is there an anonymous FTP site with AFS information? Yes, it is: ftp.transarc.com A brief summary of contents: Directory Contents pub/afsug/newsletter AFS user group newsletters pub/afs-contrib Contributed tools and documents pub/afsps/doc release notes, SUPPORTED_SYSTEMS.afs.* pub/afsug AFS user group (see README for detail) pub/afsps/progint AFS programming interface docs These directories are also accessible via AFS. For example: /afs/transarc.com/public/afs-contrib (NB "pub" => "public" when using AFS to access these.) Subject: 4.02 Which USENET newsgroups discuss AFS? alt.filesystems.afs and occasionally in comp.unix.admin. Subject: 4.03 Where can I get training in AFS? Transarc provide user and administrator courses. These can be provided at the customer site or at Transarc's offices. Transarc's education coordinator may be contacted by: telephone: +1 412 338 4363 email: education@transarc.com U http://www.transarc.com Subject: 4.04 Where can I find AFS resources in World Wide Web (WWW)? Here are some I have found (please let me know if you find more): a) A collection of AFS information maintained by Derrick Brashear at CMU: http://www.cs.cmu.edu/afs/andrew.cmu.edu/usr/shadow/www/afs.html (Also accessible in: /afs/andrew.cmu.edu/usr/shadow/www) b) AFS Beginners Guide (ALW/NIH): http://www.alw.nih.gov/Docs/AFS/AFS_toc.html c) NCSA AFS User Guide: http://www.ncsa.uiuc.edu/Pubs/UserGuides/AFSGuide/AFSv2.1Book.html d) Transarc AFS Product Information: U http://www.transarc.com/dfs/public/www/htdocs/.hosts/external/Product/EFS/AFS/afsoverview.html e) CERN AFS User's Guide: http://wsspinfo.cern.ch/file/doc/afsug.html f) MIT SIPB's Inessential AFS http://web.mit.edu/afs/sipb.mit.edu/project/doc/afs/html/afs-new.html g) Stanford University hypermail archive of info-afs@transarc.com http://www-archive.stanford.edu/lists/info-afs.html N h) Linux AFS FAQ: N http://www.umlug.umd.edu/linuxafs/ Subject: 4.05 Is there a mailing list for AFS topics? Yes, it is info-afs@transarc.com. An automated program called Majordomo is now handling the info-afs list. To join the mailing list, send a message to: majordomo@transarc.com In the body (not the Subject line) of the message, type: subscribe info-afs For example: $ mail -s "subscribe to info-afs" majordomo@transarc.com <<% subscribe info-afs % To unsubscribe: $ mail -s "unsubscribe from info-afs" majordomo@transarc.com <<% unsubscribe info-afs Subject: 4.06 Where can I find an archive of info-afs@transarc.com? There is a hypermail archive at: http://www-archive.stanford.edu/lists/info-afs.html Subject: 4.07 Where can I find an archive of alt.filesystems.afs? file:///afs/ibm.uk/common/archive/alt.filesystems.afs/ Both the info-afs@transarc.com and alt.filesystems.afs archives are incomplete. If you have material to contribute, please let me know. Subject: 4.08 Where can I find AFS related GIFs? U file:///afs/transarc.com/public/afs-contrib/doc/faq/images/index.html U ftp://ftp.transarc.com/pub/afs-contrib/doc/faq/images/index.html Subject: 4.09 Gibt es eine deutsche AFS Benutzer Gruppe? Ja, wenn Sie mitmachen wollen, schicken Sie bitte eine E-Mail an: afsdeu-request@hrz.th-darmstadt.de Ueber diese Adresse werden "subscribe" und "unsubscribe" Requests bearbeitet. Subject: 4.10 Donde puedo encontrar informacion en Espanol sobre AFS? Hay algunas notas en Espanol sobre AFS en: http://w3.ing.puc.cl/~cet/afs.html Subject: 5 About the AFS faq I started compiling the FAQ after attending an AFS administrators class and while waiting for the distribution tape to arrive from Transarc (back in July 93). The initial goal was to assist users at my site to understand AFS issues. The FAQ seemed to be a more widely useful resource so it was made generally available. I hope you have found the AFS FAQ useful. Your criticism or suggestions for improving it are welcome, so please don't hesitate to email your views (or just say "hello"). This compilation is dedicated to my AFS teacher and all those who inspire through good humour, enthusiasm, wit and wisdom. -- paul http://acm.org/~mpb/homepage.html Subject: 5.01 How can I get a copy of the AFS faq? If you do make a copy, please be aware that this compilation changes over time: you will need to do a periodic re-copy to keep your copy up-to-date. There are two reference sources: 1) The text only version, available via AFS from: /afs/transarc.com/public/afs-contrib/doc/faq/afs.faq 2) The World Wide Web (HTML) version, available via URL: U http://www.angelfire.com/hi/plutonic/afs-faq.html There are several other ways to get a copy. via AFS: /afs/transarc.com/public/afs-contrib/doc/faq/afs.faq U via FTP: ftp://rtfm.mit.edu/pub/usenet/news.answers/afs-faq U via WWW: http://www.angelfire.com/hi/plutonic/afs-faq.html via USENET news: From time to time this faq will be posted to the USENET newsgroups: alt.filesystems.afs alt.answers news.answers via CD-ROM: The AFS faq is now available on CD-ROM "Internet Info" (containing 17,420 documents including other FAQs, RFCs, IENs, etc) from: Walnut Creek CDROM phone: 1 800 786-9907 (US tollfree) 4041 Pike Lane, Ste D-www +1 510 674-0783 Concord, CA 94250 fax: +1 510 674-0821 United States of America email: orders@cdrom.com WWW: http://www.cdrom.com/ The file is in: $cd_mount_point/faqs/alt/filesystems.afs Subject: 5.02 How can I get my question (and answer) into the AFS faq? Comments and contributions are welcome, please send to: mpb@acm.org I am looking for reviewers to help me check the material here, please let me know if you would like to help. Subject: 5.03 How can I access the AFS faq via the World Wide Web? To access the World Wide Web you either need your own browser or have telnet access to WWW servers. WWW browsers exist for most machines. Here's a list of some browsers; Name System/requirements Available from (among others) ==== =================== ============== Mosaic X windows, MS-Windows, Mac ftp.ncsa.uiuc.edu /Web lynx vt100 ftp.wustl.edu /packages/www/lynx From your own browser, OPEN or GO to the following document: U http://www.angelfire.com/hi/plutonic/afs-faq.html It is much better to run your own browser but if this is not possible there are several WWW servers accessible via telnet: + telnet info.cern.ch U then type: go http://www.angelfire.com/hi/plutonic/afs-faq.html + telnet www.njit.edu (login: www) then type: g U http://www.angelfire.com/hi/plutonic/afs-faq.html + telnet ukanaix.cc.ukans.edu (login: www, needs vt100) U then type: ghttp://www.angelfire.com/hi/plutonic/afs-faq.html Subject: 6 Bibliography If documentation is available via anonymous FTP it is indicated by a World Wide Web URL like: ftp://athena-dist.mit.edu/pub/kerberos/doc/usenix.PS where: athena-dist.mit.edu is the anonymous FTP site and pub/kerberos/doc/usenix.PS is the filename Similarly, for those who have appropriate access, documents available via AFS are shown with the format: file:///afs/..... [1] John H Howard, Michael L Kazar, Sherri G Menees, David A Nichols, M Satyanarayanan, Robert N Sidebotham, Michael J West "Scale and Performance in a Distributed File System", ACM Transactions on Computer Systems, Vol. 6, No. 1, Feb 1988 pp 51-81. [2] Michael L Kazar, "Synchronisation and Caching Issues in the Andrew File System", USENIX Proceedings, Dallas, TX, Winter 1988 [3] Alfred Z Spector, Michael L Kazar, "Uniting File Systems", UNIX Review, March 1989 [4] Johna Till Johnson, "Distributed File System brings LAN Technology to WANs", Data Communications, November 1990, pp 66-67. [5] Michael Padovano, PADCOM Associates, "AFS widens your horizons in distributed computing", Systems Integration, March 1991 [6] Steve Lammert, "The AFS 3.0 Backup System", LISA IV Conference Proceedings, Colorado Springs, Colorado, October 1990. [7] Michael L Kazar, Bruce W Leverett, Owen T Anderson, Vasilis Apostolides, Beth A Bottos, Sailesh Chutani, Craig F Everhart, W Anthony Mason, Shu-Tsui Tu, Edward R Zayas, "DEcorum File System Architectural Overview", USENIX Conference Proceedings, Anaheim, Texas, Summer 1990. [8] "AFS Drives DCE Selection", Digital Desktop, Vol 1 No 6 Sept 1990. [9] James J Kistler, M Satyanarayanan, "Disconnected Operation in the Coda Filesystem", CMU School of Computer Science technical report, CMU-CS-91-166 26th July 1991. [10] Puneet Kumar. M Satyanarayanan, "Log-based Directory Resolution in the Coda File System", CMU School of Computer Science internal document, 2 July 1991. [11] Edward R Zayas, "Administrative Cells: Proposal for Cooperative Andrew File Systems", Information Technology Center internal document, Carnegie-Mellon University, 25th June 1987 [12] Ed Zayas, Craig Everhart, "Design and Specification of the Cellular Andrew Environment", Information Technology Center, Carnegie-Mellon University, CMU-ITC-070, 2 August 1988 [13] Kazar, Michael L, Information Technology Center, Carnegie-Mellon University, "Ubik - A library for Managing Ubiquitous Data", ITCID, Pittsburgh, PA, 1988 [14] Kazar, Michael L, Information Technology Center, Carnegie-Mellon University, "Quorum Completion", ITCID, Pittsburgh, PA, 1988 [15] SP Miller, BC Neuman, JI Schiller, JH Saltzer, "Kerberos Authentication and Authorization System", Project Athena technical Plan, Section E.2.1, MIT, December 1987 ftp://athena-dist.mit.edu/pub/kerberos/doc/techplan.PS ftp://athena-dist.mit.edu/pub/kerberos/doc/techplan.txt file:///afs/watson.ibm.com/projects/agora/papers/kerberos/techplan.PS [16] Bill Bryant, "Designing an Authentication System: a Dialogue in Four Scenes", Project Athena internal document, MIT, draft of 8th February 1988 ftp://athena-dist.mit.edu/pub/kerberos/doc/dialogue.PS ftp://athena-dist.mit.edu/pub/kerberos/doc/dialogue.mss file:///afs/watson.ibm.com/projects/agora/papers/kerberos/dialogue.PS [17] Edward R Zayas, "AFS-3 Programmer's Reference: Architectural Overview", Transarc Corporation, FS-00-D160, September 1991 ftp://ftp.transarc.com/pub/afsps/doc/progint/archov-doc.ps ftp://ftp.transarc.com/pub/afsps/doc/progint/archov-doc.dvi file:///afs/transarc.com/public/afsps/doc/progint/archov-doc.ps file:///afs/transarc.com/public/afsps/doc/progint/archov-doc.dvi file:///afs/watson.ibm.com/projects/agora/papers/afs/archov-doc.ps [18] "AFS Programmer's Reference: Authentication Server Interface", Transarc Corporation, 12th April 1993 ftp://ftp.transarc.com/pub/afsps/doc/progint/asrv-ispec.ps ftp://ftp.transarc.com/pub/afsps/doc/progint/asrv-ispec.dvi file:///afs/transarc.com/public/afsps/doc/progint/asrv-ispec.ps file:///afs/transarc.com/public/afsps/doc/progint/asrv-ispec.dvi file:///afs/watson.ibm.com/projects/agora/papers/afs/asrv-ispec.ps [19] Edward R Zayas, "AFS-3 Programmer's Reference: BOS Server Interface", Transarc Corporation, FS-00-D161, 28th August 1991 ftp://ftp.transarc.com/pub/afsps/doc/progint/bsrv-spec.ps ftp://ftp.transarc.com/pub/afsps/doc/progint/bsrv-spec.dvi file:///afs/transarc.com/public/afsps/doc/progint/bsrv-spec.ps file:///afs/transarc.com/public/afsps/doc/progint/bsrv-spec.dvi file:///afs/watson.ibm.com/projects/agora/papers/afs/bsrv-spec.ps [20] Edward R Zayas, "AFS-3 Programmer's Reference: File Server/Cache Manager Interface", Transarc Corporation, FS-00-D162, 20th August 1991 ftp://ftp.transarc.com/pub/afsps/doc/progint/fscm-ispec.ps ftp://ftp.transarc.com/pub/afsps/doc/progint/fscm-ispec.dvi file:///afs/transarc.com/public/afsps/doc/progint/fscm-ispec.ps file:///afs/transarc.com/public/afsps/doc/progint/fscm-ispec.dvi file:///afs/watson.ibm.com/projects/agora/papers/afs/fscm-ispec.ps [21] Edward R Zayas, "AFS-3 Programmer's Reference: Specification for the Rx Remote Procedure Call Facility", Transarc Corporation, FS-00-D164, 28th August 1991 ftp://ftp.transarc.com/pub/afsps/doc/progint/rx-spec.ps ftp://ftp.transarc.com/pub/afsps/doc/progint/rx-spec.dvi file:///afs/transarc.com/public/afsps/doc/progint/rx-spec.ps file:///afs/transarc.com/public/afsps/doc/progint/rx-spec.dvi file:///afs/watson.ibm.com/projects/agora/papers/afs/rx-spec.ps [22] Edward R Zayas, "AFS-3 Programmer's Reference: Volume Server/Volume Location Server Interface", Transarc Corporation, FS-00-D165, 29th August 1991 ftp://ftp.transarc.com/pub/afsps/doc/progint/vvl-spec.ps ftp://ftp.transarc.com/pub/afsps/doc/progint/vvl-spec.dvi file:///afs/transarc.com/public/afsps/doc/progint/vvl-spec.ps file:///afs/transarc.com/public/afsps/doc/progint/vvl-spec.dvi file:///afs/watson.ibm.com/projects/agora/papers/afs/vvl-spec.ps [23] "AFS User Guide", Transarc Corporation, FS-D200-00.08.3 [24] "AFS Commands Reference Manual", Transarc Corporation, FS-D200-00.11.3 [25] "AFS Systems Administrators Guide", Transarc Corporation, FS-D200-00.10.3 [26] Steven M. Bellovin, Michael Merritt "Limitations of the Kerberos Authentication System", Computer Communications Review, October 1990, Vol 20 #5, pp. 119-132 ftp://research.att.com/dist/internet_security/kerblimit.usenix.ps file:///afs/watson.ibm.com/projects/agora/papers/kerberos/limitations.PS [27] Jennifer G. Steiner, Clifford Neuman, Jeffrey I. Schiller "Kerberos: An Authentication Service for Open Network Systems" ftp://athena-dist.mit.edu/pub/kerberos/doc/usenix.PS ftp://athena-dist.mit.edu/pub/kerberos/doc/usenix.txt [28] Barry Jaspan "Kerberos Users' Frequently Asked Questions" ftp://rtfm.mit.edu/pub/usenet/news.answers/kerberos-faq/user http://www.ov.com/misc/krb-faq.html [29] P. Honeyman, L.B. Huston, M.T. Stolarchuk "Hijacking AFS" ftp://ftp.sage.usenix.org/pub/usenix/winter92/hijacking-afs.ps.Z file:///afs/watson.ibm.com/projects/agora/papers/afs/afs_hijacking.ps [30] R.N. Sidebotham "Rx: Extended Remote Procedure Call" Proceedings of the Nationwide File System Workshop Information Technology Center, Carnegie Mellon University, (August 1988) [31] R.N. Sidebotham "Volumes: The Andrew File System Data Structuring Primitive" Technical Report CMU-ITC-053, Information Technology Center, Carnegie Mellon University, (August 1986) [32] Cohen, David L. "AFS: NFS on steroids", LAN Technology March 1993 v9 n3 p51(9) ftp://ftp.transarc.com/pub/afs-contrib/doc/faq/NFS_on_steroids [33] Marybeth Schultz "AFS Troubleshooting Tools" Transarc Corporation, January 11 1993, draft document ftp://ftp.transarc.com/pub/afsps/doc/trguide/external.afsug.ps [34] William Stallings "Kerberos Keeps the Enterprise Secure" Data Communications, October 1994, Vol 23 No 14 Page 103 [35] DL Mills "Internet Time Synchronization: the Network Time Protocol" RFC 1129, October 1989 ftp://nic.ddn.mil/rfc/rfc1129.ps [36] DL Mills "Network Time Protocol (Version 3) Specification, Implementation and Analysis" RFC 1305, March 1992 ftp://nic.ddn.mil/rfc/rfc1305.tar.Z ftp://nic.ddn.mil/rfc/rfc1305.txt [37] Craig Everhart "Conventions for Names in the Service Directory in the AFS Distributed File System" March 1990 ftp://ftp.transarc.com/pub/afs-contrib/doc/faq/service-spec.ez.ps ftp://ftp.transarc.com/pub/afs-contrib/doc/faq/service-spec.ez file:///afs/transarc.com/public/afs-contrib/doc/faq/service-spec.ez file:///afs/transarc.com/public/afs-contrib/doc/faq/service-spec.ez.ps [38] AFS Programmer's Reference Manual ftp://ftp.transarc.com/pub/afsps/doc/progref/3.0/ file:///afs/transarc.com/public/afsps/doc/progref/3.0/ Subject: 7 Change History 1.82 => 1.83 (Mon Aug 15 15:30:00 1994) added: Subject: 0.06 Change History added: Subject: 4.06 Where can I find an archive of info-afs@transarc.com? added: Subject: 4.07 Where can I find an archive of alt.filesystems.afs? updated: throughout changed format of references use WWW URL where appropriate checked references point to existing files updated: Subject: 0.02 Acknowledgements added Michael Fagan and Robert Malick 1.83 => 1.84 (Mon Aug 15 15:47:22 1994) updated: Newsgroups header (fixed typo) 1.84 => 1.85 (Fri Aug 19 10:30:36 1994) updated: Subject: 1.05.e Single systems image (SSI) In example, /usr/afsws/etc/pagsh => /usr/afsws/bin/pagsh for AFS 3.3 updated: Subject: 1.07 ...Internet AFS filetree? added: pi.infn.it mpa-garching.mpg.de pppl.gov meteo.uni-koeln.de geo.uni-koeln.de utah.edu removed: jrc.flinders.edu.au 1.85 => 1.86 (Tue Aug 23 17:16:48 1994) added: Subject: 3.20 How can I list which clients... updated: Subject: 0.02 Acknowledgements added Rainer Toebbicke 1.86 => 1.87 (Mon Oct 10 09:30:00 1994) swapped: 0.05 and 0.06 updated: 1.07 ...Internet AFS filetree? added: research.ec.org psu.edu added: [32] and [33] to Bibliography added: 2.14 If an AFS server crashes,... 1.87 => 1.88 (Mon Oct 10 12:23:00 1994) added: [34] to Bibliography 1.88 => 1.89 (Thu Oct 13 14:49:21 1994) updated: 1.06 Which systems is AFS available for? added: Linux 1.98 => 1.90 (Thu Oct 13 15:07:54 1994) updated: 2.14 If an AFS server crashes,... 1.90 -> 1.91 (Mon Oct 17 08:31:36 1994) updated: Table of contents: moved: Change History out of Preamble to Subject 7 updated: 2.14 If an AFS server crashes,... updated: 1.06 Which systems is AFS available for? added: NetBSD added: 2.15 Can I use AFS on my diskless workstation? moved: Change History to the end of the file so that a search from Table of contents will go straight to the Subject and not match on items in the Change History. Also, latest change is described at the end of the file. updated: all URL refs a la minimal-digest-format FAQ updated: 4.04 Where can I find AFS resources in World Wide Web (WWW)? added: c) NCSA AFS User Guide updated: 5.01 How can I get a copy of the AFS faq? added: reference to latest copy via ftp added: Anon ftp source reference to first page. (EFAQTOOBIG? :-) 1.91 => 1.92 (Fri Oct 21 12:03:20 1994) added: 2.16 Can I test for AFS tokens from within my program? added: 4.08 Where can I find AFS related GIFs? 1.92 => 1.93 (Wed Dec 14 09:22:32 1994) updated: Subject: 0.02 Acknowledgements added: David Snearline updated: Subject: 0.04 Release Notes added ref to changes at end of file updated: Subject: 1.01 What is AFS? added: Transarc homepage URL updated: Subject: 1.05.g Improved robustness to server crash updated: Subject: 1.07 What does "ls /afs" display removed: test.alw.nih.gov added: afs-math.zib-berlin.de updated: Subject: 3.03 How does AFS compare with NFS? added: bit about some NFS implementations having extra security updated: Subject: 3.12 How can I set up mail delivery... added: ref to beta test version of auth-sendmail updated: Subject: 3.17 Which TCP/IP ports... added: NTP servers URL updated: Subject: 4.03 Where can I get training in AFS? added: Transarc Training URL updated: Subject: 5 About the AFS faq added: some history 1.93 => 1.94 (Thu Jan 05 14:01:04 1995) updated: Subject: 5 About the AFS faq added: RFF (Request For Feedback) 1.94 => 1.95 (Wed Jan 11 08:42:50 1995) updated: Subject: 0.02 Acknowledgements added: Mic Bowman added: Mike Prince updated: Subject: 1.07 added: cheme.cmu.edu dia.atd.net desy.de ifh.de mathematik-cip.uni-stuttgart.de umr.edu urz.uni-magdeburg.de removed: rel-eng.athena.mit.edu nce nce_psc nsf-centers.edu updated: Subject: 2.14 added: bit about ReadWrite volumes added: Subject: 3.21 Do Backup volumes... updated: Subject: 5.01 added: new URL for HTML version of AFS FAQ updated: Subject: 5.03 added: new URL for HTML version of AFS FAQ 1.95 => 1.96 (Wed Jan 11 16:11:28 1995) updated: Subject: 5.03 added: new URL for HTML version of AFS FAQ at Transarc 1.96 => 1.97 (Tue Jan 17 15:55:37 GMT 1995) updated: Subject: 3.12 How can I set up mail delivery... now <ftp://grand.central.org/pub/afs-contrib/doc/faq/auth-sendmail.tar.Z> updated: Subject: 4.08 Where can I find AFS related GIFs? changed to: /afs/transarc.com/public/www/Product/AFS/FAQ/images updated: Subject: 5.01 How can I get a copy of the AFS faq? changed wording. 1.97 => 1.98 (Wed Jan 18 13:29:12 GMT 1995) updated: Subject: 4.01 Is there an anonymous FTP site with AFS information? changed: cache-update to cache.update updated: Subject: 4.04 Where can I find AFS resources in World Wide Web? added: d) Transarc AFS Product Information updated: Subject: 1.07 What does "ls /afs" display removed: nce_ctc added: wu-wien.ac.at 1.98 => 1.99 (Tue 28 Feb 14:54:53 1995) added: World Wide Web URL reference to first page updated: Subject: 1.02 Who supplies AFS? added: Transarc homepage URL updated: Subject: 1.06 Which systems is AFS available for? added: John Kohl and NetBSD mailing list reference added: Subject: 1.10 How can I access AFS from my PC? updated: Subject: 2.09 Can I still run cron jobs with AFS? added: bit about non-authenticated cron jobs added: Subject: 2.17 What's the difference between /afs/cellname ... updated: Subject: 3.03 How does AFS compare with NFS? added: bit about using a RAM based cache and ref to Andrew benchmark updated: Subject: 3.17 Which TCP/IP ports and protocols ... added: added NTP doc refs added: Subject: 3.22 Should I run timed on my AFS client? updated: Subject: 4.03 Where can I get training in AFS? new (shorter) Transarc URL updated: Subject: 4.04 Where can I find AFS resources in (WWW)? new (shorter) Transarc URL updated: Subject: 5.01 How can I get a copy of the AFS faq? new URL http://www.transarc.com/Product/AFS/FAQ/faq.html updated: Subject: 5.03 How can I access the AFS faq via the World Wide Web? ditto 5.01 added: [35] [36] to Bibliography 1.99 => 1.100 (Tue Mar 28 15:31:32 GMT 1995) updated: Subject: 4.08 Where can I find AFS related GIFs? new (shorter) URL for GIFs updated: Subject: 5.01 How can I get a copy of the AFS faq? re-worded 1.100 => 1.101 (Fri Mar 31 07:38:17 GMT 1995) updated: Subject: 1.10 How can I access AFS from my PC? Added bit about SAMBA. 1.101 => 1.102 (Tue Apr 4 13:17:54 BST 1995) updated: Subject: 0.02 Acknowledgements added (New Century Systems) to Rens Troost entry updated: Subject: 1.10 How can I access AFS from my PC? corrected PCI-Interface URL (pci-faq => pci.faq) 1.102 => 1.103 (Tue May 9 16:09:32 BST 1995) updated: Subject: 5.01 How can I get a copy of the AFS faq? Added new CDROM source 1.103 => 1.104 (Wed May 24 08:43:19 BST 1995) updated: Subject: 1.07 What does "ls /afs" display in the Internet AFS removed: titech.ac.jp added: infn.it iway.org hep.net updated: Subject: 3.10 Is there a way to automatically balance disk usage added: new version (1.1a) reference added: new contact name Derrick Bradshear updated: Subject: 4.04 Where can I find AFS resources in WWW? added: "CERN AFS User's Guide version 1.0" updated: Subject: 5.01 How can I get a copy of the AFS faq? added: bit about downloadable HTML version added: for CD-ROM source, added both US tollfree and "normal" phone nos. 1.104 => 1.105 (Thu Jun 8 08:45:56 BST 1995) updated: Subject: 3.17 Which TCP/IP ports and protocols fixed typo updated: Subject: 4.04 Where can I find AFS resources in World Wide Web? new URL for Derrick Brashear's AFS reference page added: MIT SIPB's Inessential AFS added: Getting started with AFS (University of Michigan) 1.105 => 1.106 (Fri Jul 21 16:56:42 BST 1995) throughout: /afs/grand.central.org/pub/afs-contrib changed to /afs/transarc.com/public/afs-contrib updated: Subject: 0.02 Acknowledgements updated: Dan Lovinger now with Microsoft added: Anton Knaus (Carnegie Mellon University) added: Mike Shaddock (SAS Institute Inc.) updated: Subject: 0.04 Release Notes changed wording updated: Subject: 1.07 What does "ls /afs" display in the Internet AFS removed: hepafs1.hep.net inel.gov pub.nsa.hp.com ucop.edu added: belwue.uni-tuebingen.de cs.wisc.edu wisc.edu rl.ac.uk asu.edu isl.ntt.jp jrc.flinders.edu.au ntt.jp rhic sleeper.nsa.hp.com uni-bonn.de updated: Subject: 1.08 Why does AFS use Kerberos authentication? updated URL and added newsgroup URLs updated: Subject: 2.11 Is it possible to specify a user who is external.. added: example of creating authentication-only account moved 3.03 to 1.11: Subject: 1.11 How does AFS compare with NFS? replaced old 3.03 by: Subject: 3.03 What is /afs/@cell? updated: Subject: 3.09 Can I check my user's passwords ... changed contact and author details updated: Subject: 3.10 Is there a way to automatically balance disk usage changed contact and author details added: Subject: 3.23 Why should I keep /usr/vice/etc/CellServDB current? added: Subject: 3.24 How can I keep /usr/vice/etc/CellServDB current? added: Subject: 4.09 Bibt es eine deutsche AFS Benutzer Gruppe? 1.106 => 1.107 (Wed Aug 30 17:20:08 BST 1995) added to [37] bibliography 1.107 => 1.108 (Tue Jan 30 16:59:55 GMT 1996) Throughout: For the Ohio State U. text to HTML convertor remove "<" ">" from URLs. AnonFTP site grand.central.org changed to ftp.transarc.com. Fix (most) broken URLs to the restless Web. Remove surplus "WWW" strings. updated: Subject: 0.02 Acknowledgements added: Pat Wilson and Cristian Espinoza updated: Subject: 0.05 Quote new URL to Othello Act 3 Scene 4 (HTML version) updated: Subject: 1.02 Who supplies AFS? new URL to Pittsburgh page (HTML version) Updated: Subject: 1.07 What does "ls /afs" display in the Internet AFS removed: ctd.ornl.gov ntt.jp added: bnl.gov dkrz.de fh-heilbronn.de hephy.at zdv.uni-mainz.de nrel.gov postech.ac.kr le.caspur.it glue.umd.edu updated: Subject: 1.08 Why does AFS use Kerberos authentication? new URL to "Using MIT's Kerberos Server with AFS" added: Subject: 2.18 Can I klog as two users on a machine in the same cell? updated: Subject: 3.07 How does AFS maintain consistency on read-write new URLs for DFS and DCE (HTML version) updated: Subject: 3.09 Can I check my user's passwords Derrick Brashear email db74+@andrew.cmu.edu => shadow+@andrew.cmu.edu updated: Subject: 3.10 Is there a way to automatically balance disk usage Derrick Brashear email db74+@andrew.cmu.edu => shadow+@andrew.cmu.edu updated: Subject: 3.15 Will AFS run on a multi-homed fileserver? add text about AFS 3.4 multi-homed fileservers (not database servers) added: Subject: 3.25 How can I compute a list of AFS fileservers? added: Subject: 3.26 How can I set up anonymous FTP login to access /afs? updated: Subject: 4.01 Is there an anonymous FTP site with AFS information? changed ftom grand.central.org to ftp.transarc.com added bit about /afs/transarc.com/public/afs-contrib updated: Subject: 4.04 Where can I find AFS resources in World Wide Web? new URL to Derrick Brashear's AFS reference page added http://www-archive.stanford.edu/lists/info-afs.html updated: Subject: 4.09 Bibt es eine deutsche AFS Benutzer Gruppe? correct "Bibt" to "Gibt" added: Subject: 4.10 Donde puedo encontrar informacion en Espanol sobre AFS? 1.108 => 1.109 (Wed Feb 14 16:55:42 GMT 1996) removed: anonymous ftp reference from top (it is in 5.01 anyway) updated: Subject: 4.01 Is there an anonymous FTP site with AFS information? new location for AFS Programming Interface documentation added: [38] to bibliography updated: [17] [18] [19] [20] [21] [22] new URLs on ftp.transarc.com added: Subject: 3.27 Where can I find the Andrew Benchmark? updated: Subject: 1.06 Which systems is AFS available for? added URL for OS/2 information 1.109 => 1.110 (Fri Mar 8 11:02:36 GMT 1996) updated: Subject: 0.02 Acknowledgements added: Mary Ann DelBusso updated: Subject: 2.09 Can I still run cron jobs with AFS? new script, afs_wrap_cron, which gets a PAG, token, and execs user command updated: Subject: 3.17 Which TCP/IP ports and protocols..firewall.. added reference to Lyle Seaman's note to info-afs@transarc.com updated: Subject: 3.19 Is there a version of HP VUE login with AFS Kevin Eyre now the contact at HP for AFS authenticating HP-VUE updated: Subject: 3.25 How can I compute a list of AFS fileservers? fixed typo: viva Stimpy! 1.110 => 1.111 (Fri 29 Aug 16:12:29 1997) updated: Subject: 1.06 Which systems is AFS available for? mentioned "AFS Client for Windows/NT" new mailing list address for Linux and archive URL updated: Subject: 4.05 Is there a mailing list for AFS topics? new mailing list subscription address for info-afs@transarc.com 1.111 => 1.112 (Sat 25 Apr 17:54:00 1998) updated: AFS FAQ URL was: http://www.transarc.com/Product/AFS/FAQ/faq.html now: ftp://ftp.transarc.com/pub/afs-contrib/doc/faq/faq.html Changes in Transarc's website made it necessary to move the AFS FAQ URL updated: Subject: 0.02 Acknowledgements added: Michael Niksch updated: Subject: 1.02 Who supplies AFS? updated: URL for Pittsburgh (HTML version only) Updated: Subject: 1.07 What does "ls /afs" display in the Internet AFS removed: cs.arizona.edu dia.atd.net grand.central.org iway.org jrc.flinders.edu.au kiewit.dartmouth.edu le.caspur.it media-lab.mit.edu pegasus.cranfield.ac.uk rus-cip.uni-stuttgart.de ssc.gov stars.com stars.reston.unisys.com vfl.paramax.com wisc.edu added: bp.ncsu.edu cats.ucsc.edu cert.org cipool.uni-stuttgart.de clarkson.edu cs.rose-hulman.edu csv.ica.uni-stuttgart.de dapnia.saclay.cea.fr dce.emsl.pnl.gov dce.uni-stuttgart.de dis.uniroma1.it enea.it engin.umich.edu eos.ncsu.edu federation.atd.net fl.mcs.anl.gov ike.uni-stuttgart.de ipp-hgw.mpg.de isk.kth.se jpl.nasa.gov lcp.nrl.navy.mil le.infn.it lngs.infn.it msrc.pnl.gov msu.edu phy.bnl.gov rz.uni-jena.de spv.uniroma1.it thermo-a.mw.tu-muenchen.de tu-bs.de uni-mannheim.de unity.ncsu.edu vn.uniroma3.it added: Subject: 2.19 What are the ~/.__afsXXXX files? updated: Subject: 3.17 Which TCP/IP ports...firewall updated: URL for list of public NTP servers added: NTP reference web page N 1.112 => 1.113 (Thu 9 Jul 19:50:10 1998) N N updated: main header with new URLs N updated: Subject: Subject: 0.02 Acknowledgements N added: Kelly Chambers (Transarc) N updated: Subject: 1.06 Which systems is AFS available for? N removed: AFS 3.3 and 3.4 old URL references: N ftp://ftp.transarc.com/pub/afsps/doc/SUPPORTED_SYSTEMS.afs.rel33a N ftp://ftp.transarc.com/pub/afsps/doc/SUPPORTED_SYSTEMS.afs.rel34 N added new URL: N http://www.transarc.com/Support/afs/relversions/platforms.html N added reference to AFS on Linux FAQ at: N http://www.umlug.umd.edu/linuxafs/ N updated: Subject: 1.07 What does "ls /afs" display in the Internet AFS N removed: bnl.gov N added: dsi.uniroma1.it ovpit.indiana.edu vn.uniroma3.it N updated: Subject: 1.10 How can I access AFS from my PC? N changed SAMBA URLs: N http://samba.anu.edu.au/samba/ N http://samba.anu.edu.au/samba/docs/faq/sambafaq-1.html#ss1.1 N updated: Subject: 3.19 Is there a version of HP VUE login with N AFS authentication? N removed: reference to: N file:///afs/watson.ibm.com/projects/agora/hp/hp-agora/HP-VUElogin/ N changed HP contact from Kevin Eyre <kevin@fc.hp.com> N to Rajeev Pandey <rpandey@cv.hp.com> N updated: Subject: 4.04 Where can I find AFS resources in World Wide Web? N changed: N http://www.transarc.com/Product/AFS/AFS-Info.html N to http://www.transarc.com/dfs/public/www/htdocs/.hosts/external/Product/EFS/AFS/afsoverview.html N removed: http://www.css.itd.umich.edu/docs/tutorials/AFS/ N added: http://www.umlug.umd.edu/linuxafs/ AFS Linux FAQ N updated: Subject: 4.06 Where can I find an archive of info-afs N removed: file:///afs/ibm.uk/common/archive/info-afs@transarc.com/ N updated: Subject: 4.08 Where can I find AFS related GIFs? N changed: N file:///afs/transarc.com/public/www/Product/AFS/FAQ/images/ N to file:///afs/transarc.com/public/afs-contrib/doc/faq/images/ N http://www.transarc.com/Product/AFS/FAQ/images/index.html N to ftp://ftp.transarc.com/pub/afs-contrib/doc/faq/images/index.html N updated: Subject: 5.01 How can I get a copy of the AFS faq? N changed http URL from: N http://www.transarc.com/Product/AFS/FAQ/faq.html N to http://www.angelfire.com/hi/plutonic/afs-faq.html N removed reference to html.tar.Z and auto email server N updated: Subject: 5.03 How can I access the AFS faq via the World Wide Web? N changed http URL from: N http://www.transarc.com/Product/AFS/FAQ/faq.html N to http://www.angelfire.com/hi/plutonic/afs-faq.html