home *** CD-ROM | disk | FTP | other *** search
- Path: senator-bedfellow.mit.edu!senator-bedfellow.mit.edu!dreaderd!not-for-mail
- Message-ID: <afs-faq_1310185600@rtfm.mit.edu>
- Supersedes: <afs-faq_1307593460@rtfm.mit.edu>
- Expires: 22 Aug 2011 04:26:40 GMT
- X-Last-Updated: 1998/07/10
- Newsgroups: alt.filesystems.afs,alt.answers,news.answers
- From: mpb@mailserver.aixssc.uk.ibm.com (Paul Blackburn)
- Organization: AIX Systems Support Centre, IBM UK
- Approved: news-answers-request@MIT.Edu
- Subject: AFS distributed filesystem FAQ
- Followup-To: alt.filesystems.afs
- Reply-To: mpb@acm.org (AFS FAQ comments address)
- Summary: Introduction to AFS with pointers to further information
- Originator: faqserv@penguin-lust.mit.edu
- Date: 09 Jul 2011 04:26:46 GMT
- Lines: 2908
- NNTP-Posting-Host: PENGUIN-LUST.MIT.EDU
- X-Trace: 1310185606 senator-bedfellow.mit.edu 15315 18.181.0.29:36454
- Xref: senator-bedfellow.mit.edu alt.filesystems.afs:2714 alt.answers:85170 news.answers:329305
-
- Archive-name: afs-faq
- Version: 1.113
- Last-modified: 1950 Thursday 9th July 1998
-
- AFS frequently asked questions
- ______________________________________________________________________________
-
- This posting contains answers to frequently asked questions about AFS.
- Your comments and contributions are welcome (email: mpb@acm.org)
-
- Most newsreaders can skip from topic to topic with control-G.
- U URLs: file:///afs/transarc.com/public/afs-contrib/doc/faq/afs-faq.html
- N ftp://ftp.transarc.com/pub/afs-contrib/doc/faq/afs-faq.html
- N http://www.angelfire.com/hi/plutonic/afs-faq.html
- ______________________________________________________________________________
- Subject: Table of Contents:
-
- 0 Preamble
- 0.01 Purpose and Audience
- 0.02 Acknowledgements
- 0.03 Disclaimer
- 0.04 Release Notes
- 0.05 Quote
-
- 1 General
- 1.01 What is AFS?
- 1.02 Who supplies AFS?
- 1.03 What is /afs?
- 1.04 What is an AFS cell?
- 1.05 What are the benefits of using AFS?
- 1.05.a Cache Manager
- 1.05.b Location independence
- 1.05.c Scalability
- 1.05.d Improved security
- 1.05.e Single systems image (SSI)
- 1.05.f Replicated AFS volumes
- 1.05.g Improved robustness to server crash
- 1.05.h "Easy to use" networking
- 1.05.i Communications protocol
- 1.05.j Improved system management capability
- U 1.06 Which systems is AFS available for?
- U 1.07 What does "ls /afs" display in the Internet AFS filetree?
- 1.08 Why does AFS use Kerberos authentication?
- 1.09 Does AFS work over protocols other than TCP/IP?
- 1.10 How can I access AFS from my PC?
- 1.11 How does AFS compare with NFS?
-
- 2 Using AFS
- 2.01 What are the differences between AFS and a unix filesystem?
- 2.02 What is an AFS protection group?
- 2.03 What are the AFS defined protection groups?
- 2.04 What is an AFS access control list (ACL)?
- 2.05 What are the AFS access rights?
- 2.06 What is pagsh?
- 2.07 Why use a PAG?
- 2.08 How can I tell if I have a PAG?
- 2.09 Can I still run cron jobs with AFS?
- 2.10 How much disk space does a 1 byte file occupy in AFS?
- 2.11 Is it possible to specify a user who is external
- to the current AFS cell on an ACL?
- 2.12 Are there any problems printing files in /afs?
- 2.13 Can I create a fifo (aka named pipe) in /afs?
- 2.14 If an AFS server crashes, do I have to reboot my AFS client?
- 2.15 Can I use AFS on my diskless workstation?
- 2.16 Can I test for AFS tokens from within my program?
- 2.17 What's the difference between /afs/cellname and /afs/.cellname?
- 2.18 Can I klog as two users on one machine in the same cell?
- 2.19 What are the ~/.__afsXXXX files?
-
- 3 AFS administration
- 3.01 Is there a version of xdm available with AFS authentication?
- 3.02 Is there a version of xlock available with AFS authentication?
- 3.03 What is /afs/@cell?
- 3.04 Given that AFS data is location independent, how does
- an AFS client determine which server houses the data
- its user is attempting to access?
- 3.05 Which protocols does AFS use?
- 3.06 Are setuid programs executable across AFS cell boundaries?
- 3.07 How does AFS maintain consistency on read-write files?
- 3.08 How can I run daemons with tokens that do not expire?
- 3.09 Can I check my user's passwords for security purposes?
- 3.10 Is there a way to automatically balance disk usage across
- fileservers?
- 3.11 Can I shutdown an AFS fileserver without affecting users?
- 3.12 How can I set up mail delivery to users with $HOMEs in AFS?
- 3.13 Should I replicate a ReadOnly volume on the same partition
- and server as the ReadWrite volume?
- 3.14 Should I start AFS before NFS in /etc/inittab?
- 3.15 Will AFS run on a multi-homed fileserver?
- 3.16 Can I replicate my user's home directory AFS volumes?
- 3.17 Which TCP/IP ports and protocols do I need to enable
- in order to operate AFS through my Internet firewall?
- 3.18 What is the Andrew Benchmark?
- U 3.19 Is there a version of HP VUE login with AFS authentication?
- 3.20 How can I list which clients have cached files from a server?
- 3.21 Do Backup volumes require as much space as ReadWrite volumes?
- 3.22 Should I run timed on my AFS client?
- 3.23 Why should I keep /usr/vice/etc/CellServDB current?
- 3.24 How can I keep /usr/vice/etc/CellServDB current?
- 3.25 How can I compute a list of AFS fileservers?
- 3.26 How can I set up anonymous FTP login to access /afs?
- 3.27 Where can I find the Andrew Benchmark?
-
- 4 Getting more information
- 4.01 Is there an anonymous FTP site with AFS information?
- 4.02 Which USENET newsgroups discuss AFS?
- 4.03 Where can I get training in AFS?
- U 4.04 Where can I find AFS resources in World Wide Web (WWW)?
- 4.05 Is there a mailing list for AFS topics?
- U 4.06 Where can I find an archive of info-afs@transarc.com?
- 4.07 Where can I find an archive of alt.filesystems.afs?
- U 4.08 Where can I find AFS related GIFs?
- 4.09 Gibt es eine deutsche AFS Benutzer Gruppe?
- 4.10 Donde puedo encontrar informacion en Espanol sobre AFS?
-
- 5 About the AFS faq
- U 5.01 How can I get a copy of the AFS faq?
- 5.02 How can I get my question (and answer) into the AFS faq?
- U 5.03 How can I access the AFS faq via the World Wide Web?
-
- 6 Bibliography
-
- 7 Change History
- ______________________________________________________________________________
-
- Subject: 0 Preamble
-
- Subject: 0.01 Purpose and audience
-
- The aim of this compilation is to provide information about AFS including:
-
- + A brief introduction
- + Answers to some often asked questions
- + Pointers to further information
-
- Definitive and detailed information on AFS is provided in Transarc's
- AFS manuals ([23], [24], [25]).
-
- The intended audience ranges from people who know little of the subject
- and want to know more to those who have experience with AFS and wish
- to share useful information by contributing to the faq.
-
- Subject: 0.02 Acknowledgements
-
- The information presented here has been gleaned from many sources.
- Some material has been directly contributed by people listed below.
-
- I would like to thank the following for contributing:
-
- Pierette Maniago VanRyzin (Transarc)
- Lyle Seaman (Transarc)
- Joseph Jackson (Transarc)
- Dan Lovinger (Microsoft)
- Lucien Van Elsen (IBM)
- Jim Rees (University of Michigan)
- Derrick J. Brashear (Carnegie Mellon University)
- Hans-Werner Paulsen (MPI fuer Astrophysik, Garching)
- Margo Hikida (Hewlett Packard)
- Michael Fagan (IBM)
- Robert Malick (National Institute of Health, USA)
- Rainer Toebbicke (European Laboratory for Particle Physics, CERN)
- Mic Bowman (Transarc)
- Mike Prince (IBM)
- Bob Oesterlin (IBM)
- Pat Wilson (Dartmouth College)
- Cristian Espinoza (Pontificia Universidad Catolica de Chile)
- Mary Ann DelBusso (Transarc)
- Michael Niksch (IBM)
- N Kelly Chambers (Transarc)
-
- Thanks also to indirect contributors:
-
- Ken Paquette (IBM)
- Lance Pickup (IBM)
- Lisa Chavez (IBM)
- Dawn E. Johnson (Transarc)
- David Snearline (University of Michigan Engineering)
- Rens Troost (New Century Systems)
- Anton Knaus (Carnegie Mellon University)
- Mike Shaddock (SAS Institute Inc.)
-
- If this compilation has any merit then much credit belongs to Pierette
- for giving inspiration, support, answers, and proof-reading.
-
- Subject: 0.03 Disclaimer
-
- I make no representation about the suitability of this
- information for any purpose.
-
- While every effort is made to keep the information in
- this document accurate and current, it is provided "as is"
- with no warranty expressed or implied.
-
- Subject: 0.04 Release Notes
-
- This compilation contains material used with permission of
- Transarc Corporation. Permission to copy is given provided any
- copyright notices and acknowledgements are retained.
-
- Column 1 is used to indicate changes from the last issue:
-
- N = new item
- U = updated item
-
- Changes from the last version are to be found at the end of this file.
- ______________________________________________________________________________
- Subject: 0.05 Quote
-
- "'Tis true; there's magic in the web of it;" Othello, Act 3 Scene 4
- --William Shakespeare (1564-1616)
- ______________________________________________________________________________
- Subject: 1 General
-
- Subject: 1.01 What is AFS?
-
- AFS is a distributed filesystem that enables co-operating hosts
- (clients and servers) to efficiently share filesystem resources
- across both local area and wide area networks.
-
- AFS is marketed, maintained, and extended by Transarc Corporation.
-
- AFS is based on a distributed file system originally developed
- at the Information Technology Center at Carnegie-Mellon University
- that was called the "Andrew File System".
-
- "Andrew" was the name of the research project at CMU - honouring the
- founders of the University. Once Transarc was formed and AFS became a
- product, the "Andrew" was dropped to indicate that AFS had gone beyond
- the Andrew research project and had become a supported, product quality
- filesystem. However, there were a number of existing cells that rooted
- their filesystem as /afs. At the time, changing the root of the filesystem
- was a non-trivial undertaking. So, to save the early AFS sites from having
- to rename their filesystem, AFS remained as the name and filesystem root.
-
- Subject: 1.02 Who supplies AFS?
-
- Transarc Corporation phone: +1 (412) 338-4400
- The Gulf Tower
- 707 Grant Street fax: +1 (412) 338-4404
- Pittsburgh
- PA 15219 email: information@transarc.com
- United States of America afs-sales@transarc.com
-
- WWW: http://www.transarc.com
-
- Subject: 1.03 What is /afs?
-
- The root of the AFS filetree is /afs. If you execute "ls /afs" you will
- see directories that correspond to AFS cells (see below). These cells
- may be local (on same LAN) or remote (eg halfway around the world).
-
- With AFS you can access all the filesystem space under /afs with commands
- you already use (eg: cd, cp, rm, and so on) provided you have been granted
- permission (see AFS ACL below).
-
- Subject: 1.04 What is an AFS cell?
-
- An AFS cell is a collection of servers grouped together administratively
- and presenting a single, cohesive filesystem. Typically, an AFS cell is
- a set of hosts that use the same Internet domain name.
-
- Normally, a variation of the domain name is used as the AFS cell name.
-
- Users log into AFS client workstations which request information and files
- from the cell's servers on behalf of the users.
-
- Subject: 1.05 What are the benefits of using AFS?
-
- The main strengths of AFS are its:
-
- + caching facility
- + security features
- + simplicity of addressing
- + scalability
- + communications protocol
-
- Here are some of the advantages of using AFS in more detail:
-
- Subject: 1.05.a Cache Manager
-
- AFS client machines run a Cache Manager process. The Cache Manager
- maintains information about the identities of the users logged into
- the machine, finds and requests data on their behalf, and keeps chunks
- of retrieved files on local disk.
-
- The effect of this is that as soon as a remote file is accessed
- a chunk of that file gets copied to local disk and so subsequent
- accesses (warm reads) are almost as fast as to local disk and
- considerably faster than a cold read (across the network).
-
- Local caching also significantly reduces the amount of network traffic,
- improving performance when a cold read is necessary.
-
- Subject: 1.05.b Location independence
-
- Unlike NFS, which makes use of /etc/filesystems (on a client) to map
- (mount) between a local directory name and a remote filesystem, AFS
- does its mapping (filename to location) at the server. This has the
- tremendous advantage of making the served filespace location independent.
-
- Location independence means that a user does not need to know which
- fileserver holds the file, the user only needs to know the pathname
- of a file. Of course, the user does need to know the name of the
- AFS cell to which the file belongs. Use of the AFS cellname as the
- second part of the pathname (eg: /afs/$AFSCELL/somefile) is helpful
- to distinguish between file namespaces of the local and non-local
- AFS cells.
-
- To understand why such location independence is useful, consider
- having 20 clients and two servers. Let's say you had to move
- a filesystem "/home" from server a to server b.
-
- Using NFS, you would have to change the /etc/filesystems file on 20
- clients and take "/home" off-line while you moved it between servers.
-
- With AFS, you simply move the AFS volume(s) which constitute "/home"
- between the servers. You do this "on-line" while users are actively
- using files in "/home" with no disruption to their work.
-
- (Actually, the AFS equivalent of "/home" would be /afs/$AFSCELL/home
- where $AFSCELL is the AFS cellname.)
-
- Subject: 1.05.c Scalability
-
- With location independence comes scalability. An architectural goal
- of the AFS designers was client/server ratios of 200:1 which has
- been successfully exceeded at some sites.
-
- Transarc do not recommend customers use the 200:1 ratio. A more
- cautious value of 50:1 is expected to be practical in most cases.
- It is certainly possible to work with a ratio somewhere between
- these two values. Exactly what value depends on many factors including:
- number of AFS files, size of AFS files, rate at which changes are made,
- rate at which file are being accessed, speed of servers processor,
- I/O rates, and network bandwidth.
-
- AFS cells can range from the small (1 server/client) to the massive
- (with tens of servers and thousands of clients).
-
- Cells can be dynamic: it is simple to add new fileservers or clients
- and grow the computing resources to meet new user requirements.
-
- Subject: 1.05.d Improved security
-
- Firstly, AFS makes use of Kerberos to authenticate users.
- This improves security for several reasons:
-
- + passwords do not pass across the network in plaintext
-
- + encrypted passwords no longer need to be visible
-
- You don't have to use NIS, aka yellow pages, to distribute
- /etc/passwd - thus "ypcat passwd" can be eliminated.
-
- If you do choose to use NIS, you can replace the password
- field with "X" so the encrypted password is not visible.
- (These issues are discussed in detail in [25]).
-
- + AFS uses mutual authentication - both the service provider
- and service requester prove their identities
-
- Secondly, AFS uses access control lists (ACLs) to enable users to
- restrict access to their own directories.
-
- Subject: 1.05.e Single systems image (SSI)
-
- Establishing the same view of filestore from each client and server
- in a network of systems (that comprise an AFS cell) is an order of
- magnitude simpler with AFS than it is with, say, NFS.
-
- This is useful to do because it enables users to move from workstation
- to workstation and still have the same view of filestore. It also
- simplifies part of the systems management workload.
-
- In addition, because AFS works well over wide area networks the SSI
- is also accessible remotely.
-
- As an example, consider a company with two widespread divisions
- (and two AFS cells): ny.acme.com and sf.acme.com. Mr Fudd, based
- in the New York office, is visiting the San Francisco office.
-
- Mr. Fudd can then use any AFS client workstation in the San Francisco
- office that he can log into (a unprivileged guest account would suffice).
- He could authenticate himself to the ny.acme.com cell and securely access
- his New York filespace.
-
- For example:
-
- The following shows a guest in the sf.acme.com AFS cell:
- {0} add AFS executables directory to PATH
- {1} obtaining a PAG with pagsh command (see 2.06)
- {2} use the klog command to authenticate into the ny.acme.com AFS cell
- {3} making a HOME away from home
- {4} invoking a homely .profile
-
- guest@toontown.sf.acme.com $ PATH=/usr/afsws/bin:$PATH # {0}
- guest@toontown.sf.acme.com $ pagsh # {1}
- $ klog -cell ny.acme.com -principal elmer # {2}
- Password:
- $ HOME=/afs/ny.acme.com/user/elmer; export HOME # {3}
- $ cd
- $ . .profile # {4}
- you have new mail
- guest@toontown $
-
- It is not necessary for the San Francisco sys admin to give Mr. Fudd
- an AFS account in the sf.acme.com cell. Mr. Fudd only needs to be
- able to log into an AFS client that is:
- 1) on the same network as his cell and
- 2) his ny.acme.com cell is mounted in the sf.acme.com cell
- (as would certainly be the case in a company with two cells).
-
- Subject: 1.05.f Replicated AFS volumes
-
- AFS files are stored in structures called Volumes. These volumes
- reside on the disks of the AFS file server machines. Volumes containing
- frequently accessed data can be read-only replicated on several servers.
-
- Cache managers (on users client workstations) will make use of replicate
- volumes to load balance. If accessing data from one replicate copy, and
- that copy becomes unavailable due to server or network problems, AFS will
- automatically start accessing the same data from a different replicate copy.
-
- An AFS client workstation will access the closest volume copy.
- By placing replicate volumes on servers closer to clients (eg on same
- physical LAN) access to those resources is improved and network traffic
- reduced.
-
- Subject: 1.05.g Improved robustness to server crash
-
- The Cache Manager maintains local copies of remotely accessed files.
-
- This is accomplished in the cache by breaking files into chunks
- of up to 64k (default chunk size). So, for a large file, there may be
- several chunks in the cache but a small file will occupy a single chunk
- (which will be only as big as is needed).
-
- A "working set" of files that have been accessed on the client is
- established locally in the client's cache (copied from fileserver(s)).
-
- If a fileserver crashes, the client's locally cached file copies
- remain readable but updates to cached files fail while the server is down.
-
- Also, if the AFS configuration has included replicated read-only volumes
- then alternate fileservers can satisfy requests for files from those
- volumes.
-
- Subject: 1.05.h "Easy to use" networking
-
- Accessing remote file resources via the network becomes much simpler
- when using AFS. Users have much less to worry about: want to move
- a file from a remote site? Just copy it to a different part of /afs.
-
- Once you have wide-area AFS in place, you don't have to keep local
- copies of files. Let AFS fetch and cache those files when you need them.
-
- Subject: 1.05.i Communications protocol
-
- AFS communications protocol is optimized for Wide Area Networks.
- Retransmitting only the single bad packet in a batch of packets
- and allowing the number of unacknowledged packets to be higher
- (than in other protocols, see [4]).
-
- Subject: 1.05.j Improved system management capability
-
- Systems administrators are able to make configuration changes
- from any client in the AFS cell (it is not necessary to login
- to a fileserver).
-
- With AFS it is simple to effect changes without having to take
- systems off-line.
-
- Example:
-
- A department (with its own AFS cell) was relocated to another office.
- The cell had several fileservers and many clients.
- How could they move their systems without causing disruption?
-
- First, the network infrastructure was established to the new location.
- The AFS volumes on one fileserver were migrated to the other fileservers.
- The "freed up" fileserver was moved to the new office and connected
- to the network.
-
- A second fileserver was "freed up" by moving its AFS volumes across
- the network to the first fileserver at the new office. The second
- fileserver was then moved.
-
- This process was repeated until all the fileservers were moved.
-
- All this happened with users on client workstations continuing
- to use the cell's filespace. Unless a user saw a fileserver
- being physically moved (s)he would have no way to tell the change
- had taken place.
-
- Finally, the AFS clients were moved - this was noticed!
-
- Subject: 1.06 Which systems is AFS available for?
-
- AFS runs on systems from: HP, Next, DEC, IBM, SUN, and SGI.
-
- Transarc customers have done ports to Crays, and the 3090, but all
- are based on some flavour of unix. Some customers have done work to
- make AFS data available to PCs and Macs, although they are using
- something similar to the AFS/NFS translator (a system that enables
- "NFS only" clients to NFS mount the AFS filetree /afs).
-
- There is a client only implementation "AFS Client for Windows/NT".
-
- N A page describing the current systems for which AFS is supported
- N may be found at:
- N
- N http://www.transarc.com/Support/afs/relversions/platforms.html
- N
- There are also ports of AFS done by customers available from Transarc
- on an "as is" unsupported basis.
-
- More information on this can be found at:
-
- /afs/transarc.com/public/afs-contrib/bin/README
- ftp://ftp.transarc.com/pub/afs-contrib/bin/README
-
- These ports of AFS client code include:
-
- HP (Apollo) Domain OS - by Jim Rees at the University of Michigan.
- sun386i - by Derek Atkins and Chris Provenzano at MIT.
- Linux - by Derek Atkins, mailing list: <linux-afs-request@mit.edu>
- http://www.mit.edu:8008/menelaus/linux-afs/
- NetBSD - by John Kohl, mailing list: <netbsd-afs@mit.edu>
-
- There is some information about AFS on OS/2 at:
- http://www.club.cc.cmu.edu/~jgrande/afsos2.html
-
- N The AFS on Linux FAQ may be found at:
- N http://www.umlug.umd.edu/linuxafs/
-
- Subject: 1.07 What does "ls /afs" display in the Internet AFS filetree?
-
- Essentially this displays the AFS cells that co-operate in the
- Internet AFS filetree.
-
- Note that the output of this will depend on the cell you do it from;
- a given cell may not have all the publicly advertised cells available,
- and it may have some cells that aren't advertised outside of the given site.
-
- The definitive source for this information is:
-
- file:///afs/transarc.com/service/etc/CellServDB.export
-
- I've included the list of cell names included in it below:
-
- asu.edu #ASU
- uni-freiburg.de #Albert-Ludwigs-Universitat Freiburg
- anl.gov #Argonne National Laboratory
- fl.mcs.anl.gov # Argonne National Laboratory MCS Division FL
- dapnia.saclay.cea.fr #Axlan-CEA
- bcc.ac.uk #Bloomsbury Computing Consortium
- bu.edu #Boston University
- cs.brown.edu #Brown University Department of Computer Science
- caspur.it #CASPUR Inter-University Computing Consortium,Rome
- ciesin.org #CIESIN
- mathematik-cip.uni-stuttgart.de #CIP-Pool of Math. Dept, Univ. Stuttgart
- gg.caltech.edu #Caltech Computer Graphics Group
- cards.com #Cards - Electronic Warfare Associates
- cheme.cmu.edu #Carnegie Mellon Univ. Chemical Engineering Dept.
- cmu.edu #Carnegie Mellon University
- andrew.cmu.edu #Carnegie Mellon University - Campus
- ce.cmu.edu #Carnegie Mellon University - Civil Eng. Dept.
- ece.cmu.edu #Carnegie Mellon University - Elec. Comp. Eng. Dept.
- me.cmu.edu #Carnegie Mellon University - Mechanical Engineering
- cs.cmu.edu #Carnegie Mellon University - School of Comp. Sci.
- club.cc.cmu.edu #Carnegie Mellon University Computer Club
- cert.org #CERT/Coordination Center
- others.chalmers.se #Chalmers University of Technology - General users
- cipool.uni-stuttgart.de #CIP Pool, Rechenzentrum University of Stuttgart
- clarkson.edu #Clarkson University, Potsdam, USA
- msc.cornell.edu #Cornell University Materials Science Center
- graphics.cornell.edu #Cornell University Program of Computer Graphics
- theory.cornell.edu #Cornell University Theory Center
- ifh.de #DESY-IfH Zeuthen
- northstar.dartmouth.edu #Dartmouth College, Project Northstar
- desy.de #Deutsches Elektronen-Synchrotron
- dkrz.de #Deutsches Klimarechenzentrum Hamburg
- dis.uniroma1.it #DIS, Univ. "La Sapienza", Rome, area Buonarotti
- msrc.pnl.gov #EMSL's AFS Cell
- zdvpool.uni-tuebingen.de#Eberhard-Karls-Universitaet Tuebingen, WS-Pools
- enea.it #enea.it
- es.net #Energy Sciences Net
- research.ec.org #Esprit Research Network of Excellence
- dce.emsl.pnl.gov #EMSL's DCE Cell
- cern.ch #European Laboratory for Particle Physics, Geneva
- fnal.gov #Fermi National Acclerator Laboratory
- fh-heilbronn.de #Fachhochschule Heilbronn
- hephy.at #hephy-vienna
- sleeper.nsa.hp.com #HP Cupertino
- palo_alto.hpl.hp.com #HP Palo Alto
- afs.hursley.ibm.com #IBM Hursley Laboratories (UK), external cell
- ibm.uk #IBM UK, AIX Systems Support Centre
- zurich.ibm.ch #IBM Zurich Internet Cell
- ctp.se.ibm.com #IBM/4C, Chalmers, Sweden
- ipp-hgw.mpg.de #IPP site at Greifswald
- in2p3.fr #IN2P3 production cell
- lngs.infn.it #INFN Laboratori Nazionali di Gran Sasso, Italia
- le.infn.it #INFN Sezione di Lecce, Italia
- pi.infn.it #INFN Sezione di Pisa
- ike.uni-stuttgart.de #Institut fuer Kernenergetik, Universitaet Stuttgart
- ipp-garching.mpg.de #Institut fuer Plasmaphysik
- csv.ica.uni-stuttgart.de #Institut fuer Computeranwendungen, Uni. Stuttgart
- iastate.edu #Iowa State University
- infn.it #Istituto Nazionale di Fisica Nucleare, Italia
- jpl.nasa.gov #Jet Propulsion Laboratory
- zdv.uni-mainz.de #Johannes-Gutenberg-Universitaet Mainz
- isk.kth.se #KTH College of Engineering
- cc.keio.ac.jp #Keio University, Fac. of Sci. & Tech. Computing Ctr
- sfc.keio.ac.jp #Keio University, Japan
- afs-math.zib-berlin.de #Konrad-Zuse-Zentrum fuer Informationstechnik Berlin
- thermo-a.mw.tu-muenchen.de #Lehrstuhl A fuer Thermodynamik,TUM
- lrz-muenchen.de #Leibniz-Rechenzentrum Muenchen Germany
- athena.mit.edu #MIT/Athena cell
- net.mit.edu #MIT/Network Group cell
- sipb.mit.edu #MIT/SIPB cell
- msu.edu #Michigan State University home cell
- mpa-garching.mpg.de #Max-Planck-Institut fuer Astrophysik
- federation.atd.net #Multi Resident AFS at Naval Research Lab - CCS
- isl.ntt.jp #NTT Information and Communication
- nersc.gov #National Energy Research Supercomputer Center
- alw.nih.gov #National Institutes of Health
- nrel.gov #National Renewable Energy Laboratory
- cmf.nrl.navy.mil #Naval Research Lab
- lcp.nrl.navy.mil #Naval Research Lab - Lab for Computational Physics
- nrlfs1.nrl.navy.mil #Naval Research Laboratory
- eos.ncsu.edu #NCSU - College of Engineering
- unity.ncsu.edu #NCSU Campus
- ncat.edu #North Carolina Agricultural and Technical State U.
- bp.ncsu.edu #North Carolina State University - Backbone Prototype
- ri.osf.org #OSF Research Institute
- gr.osf.org #OSF Research Institute, Grenoble
- urz.uni-magdeburg.de #Otto-von-Guericke-Universitaet, Magdeburg
- N ovpit.indiana.edu #OVPIT at Indiana University
- psc.edu #PSC (Pittsburgh Supercomputing Center)
- psu.edu #Penn State
- phy.bnl.gov #Physics Deptpartment, Brookhaven National Lab
- postech.ac.kr #Pohang University of Science
- pppl.gov #Princeton Plasma Physics Laboratory
- rwcp.or.jp #Real World Computer Partnership(rwcp)
- rz.uni-jena.de #Rechenzentrum University of Jena, Germany
- rhrk.uni-kl.de #Rechenzentrum University of Kaiserslautern
- rus.uni-stuttgart.de #Rechenzentrum University of Stuttgart
- rhic #Relativistic Heavy Ion Collider
- rpi.edu #Rensselaer Polytechnic Institute
- uni-bonn.de #Rheinische Friedrich Wilhelm Univesitaet Bonn
- rose-hulman.edu #Rose-Hulman Institute of Technology
- cs.rose-hulman.edu # Rose-Hulman Inst. of Tech., CS Department
- nada.kth.se #Royal Institute of Technology, NADA
- rl.ac.uk #Rutherford Appleton Lab, England
- slac.stanford.edu #Stanford Linear Accelerator Center
- dsg.stanford.edu #Stanford Univ. - Comp. Sci. - Distributed Systems
- ir.stanford.edu #Stanford University
- afs1.scri.fsu.edu #Supercomputer Computations Research Instit
- ethz.ch #Swiss Federal Inst. of Tech. - Zurich, Switzerland
- hrzone.th-darmstadt.de #TH-Darmstadt
- tu-bs.de #Technical University of Braunschweig, Germany
- tu-chemnitz.de #Technische Universitaet Chemnitz-Zwickau, Germany
- telos.com #Telos Systems Group - Chantilly, Va.
- transarc.com #Transarc Corporation
- cats.ucsc.edu #UC Santa Cruz, Comp and Tech Services, California
- umr.edu #UMR - Missouri's Technological University
- hep.net #US High Energy Physics Information cell
- uni-mannheim.de #Uni Mannheim (Rechenzentrum)
- ece.ucdavis.edu #Univ California - Davis campus
- geo.uni-koeln.de #Univ. of Cologne Inst. for Geophysics & Meteorology
- meteo.uni-koeln.de #Univ. of Cologne Inst. for Geophysics & Meteorology
- N dsi.uniroma1.it #Univ. Rome-1, Dept. of Computer Science
- U spv.uniroma1.it #Univ. Rome-1, Area San Pietro in Vincoli
- N vn.uniroma3.it #Univ. Rome-3, Area Vasca Navale
- urz.uni-heidelberg.de #Universitaet Heidelberg
- spc.uchicago.edu #University of Chicago - Social Sciences
- rrz.uni-koeln.de #University of Cologne - Reg Comp Center
- wu-wien.ac.at #University of Economics, Vienna, Austria
- uni-hohenheim.de #University of Hohenheim
- ncsa.uiuc.edu #University of Illinois
- wam.umd.edu #University of Maryland Network WAM Project
- glue.umd.edu #University of Maryland - Project Glue
- engin.umich.edu #University of Michigan - CAEN
- umich.edu #University of Michigan - Campus
- dmsv.med.umich.edu #University of Michigan - DMSV
- citi.umich.edu #University of Michigan - IFS Development
- lsa.umich.edu #University of Michigan - LSA College
- math.lsa.umich.edu #University of Michigan - Math Cell
- sph.umich.edu #University of Michigan -- School of Public
- cs.unc.edu #University of North Carolina at Chapel Hill
- nd.edu #University of Notre Dame
- pitt.edu #University of Pittsburgh
- vn.uniroma3.it #University of Rome 3, Area Vasca Navale, Italy
- isi.edu #University of Southern California/ISI
- dce.uni-stuttgart.de #University of Stuttgart - DCE/DFS Cell
- ihf.uni-stuttgart.de #University of Stuttgart, Ins. fuer Hochfrequenz-Tec
- mathematik.uni-stuttgart.de #University of Stuttgart, Math Dept.
- cs.utah.edu #University of Utah Computer Science Dept
- utah.edu #University of Utah Information Tech. Service
- cs.washington.edu #University of Washington Comp Sci Department
- wisc.edu #University of Wisconsin-Madison, Campus
- cs.wisc.edu #University of Wisconsin-Madison, Comp Sci Dept
- belwue.uni-tuebingen.de #ZDV Universitaet Tuebingen
-
- This shows different and widespread organizations making use
- of the Internet AFS filetree.
-
- Note that it is also possible to use AFS "behind the firewall"
- within the confines of your organization's network - you don't have
- to participate in the Internet AFS filetree.
-
- Indeed, there are lots of benefits of using AFS on a local area network
- without using the WAN capabilities.
-
- Subject: 1.08 Why does AFS use Kerberos authentication?
-
- It improves security.
-
- Kerberos uses the idea of a trusted third party to prove identification.
- This is a bit like using a letter of introduction or quoting a referee
- who will vouch for you.
-
- When a user authenticates using the klog command (s)he is prompted
- for a password. If the password is accepted the Kerberos
- Authentication Server (KAS) provides the user with an encrypted token
- (containing a "ticket granting ticket").
-
- From that point on, it is the encrypted token that is used to prove
- the user's identity. These tokens have a limited lifetime (typically
- a day) and are useless when expired.
-
- In AFS, it is possible to authenticate into multiple AFS cells.
- A summary of the current set of tokens held can be displayed
- by using the "tokens" command.
-
- For example:
- elmer@toontown $ tokens
-
- Tokens held by the Cache Manager:
-
- User's (AFS ID 9997) tokens for afs@ny.acme.com [Expires Sep 15 06:50]
- User's (AFS ID 5391) tokens for afs@sf.acme.com [Expires Sep 15 06:48]
- --End of list--
-
- Kerberos improves security because a users's password need only be
- entered once (at klog time).
-
- AFS uses Kerberos to do complex mutual authentication which means that
- both the service requester and the service provider have to prove their
- identities before a service is granted.
-
- Transarc's implementation of Kerberos is slightly different from
- MIT Kerberos V4 but AFS can work with either version.
-
- Joe Jackson wrote about this in:
- http://www.cs.cmu.edu/afs/andrew.cmu.edu/usr/shadow/www/afs/afs-with-kerberos.html
-
- For more detail on this and other Kerberos issues see the faq
- for Kerberos (posted to news.answers and comp.protocols.kerberos) [28].
- (Also, see [15], [16], [26], [27])
-
- Subject: 1.09 Does AFS work over protocols other than TCP/IP?
-
- No. AFS was designed to work over TCP/IP.
-
- Subject: 1.10 How can I access AFS from my PC?
-
- You can use PC-Interface which is available from Transarc and
- Locus Computing Corporations.
-
- For more information on PC-Interface see the PC-Interface
- Frequently Asked Questions file in:
-
- file:///afs/transarc.com/public/afs-contrib/doc/faq/pci.faq
- ftp://ftp.transarc.com/pub/afs-contrib/doc/faq/pci.faq
-
- There is also SAMBA (an SMB/netbios server for UNIX). The current
- version will authenticate the connecting process with AFS as well.
-
- U http://samba.anu.edu.au/samba/
-
- The SAMBA FAQ is in:
-
- U http://samba.anu.edu.au/samba/docs/faq/sambafaq-1.html#ss1.1
-
- The SAMBA mailing list can be joined via: samba-request@anu.edu.au
-
- Subject: 1.11 How does AFS compare with NFS?
-
- AFS NFS
- File Access Common name space from Different file names from
- all workstations different workstations
-
- File Location Automatic tracking by Mountpoints to files set by
- Tracking file system processes administrators and users
- and databases
-
- Performance Client caching to reduce No local disk caching;
- network load; callbacks limited cache consistency
- to maintain cache consis-
- tency
-
- Andrew Benchmark Average time of 210 Average time of 280
- (5 phases, 8 clients) seconds/client seconds/client
-
- Scaling capabilities Maintains performance in Best in small to mid-size
- small and very large installations
- installations
-
- Excellent performance on Best in local-area
- wide-area configuration configurations
-
- Security Kerberos mutual authen- Security based on
- tication unencrypted user ID's
-
- Access control lists on No access control lists
- directories for user and
- group access
-
- Availability Replicates read-mostly No replication
- data and AFS system
- information
-
- Backup Operation No system downtime with Standard UNIX backup system
- specially developed AFS
- Backup System
-
- Reconfiguration By volumes (groups of Per-file movement
- files)
-
- No user impact; files Users lose access to files
- remain accessible during and filenames change
- moves, and file names do (mountpoints need to be
- not change reset)
-
- System Management Most tasks performed from Frequently involves telnet
- any workstation to other workstations
-
- Autonomous Autonomous administrative File servers and clients
- Architecture units called cells, in
- addition to file servers
- and clients
-
- No trust required between No security distinctions
- cells between sites
-
- [ source: ftp://ftp.transarc.com/pub/afsps/doc/afs-nfs.comparison ]
-
- Other points:
-
- + Some vendors offer more secure versions of NFS but implementations vary.
- Many NFS ports have no extra security features (such as Kerberos).
-
- + The AFS Cache Manager can be configured to work with a RAM (memory)
- based cache. This offers signifigant performance benefits over
- a disk based cache.
-
- NFS has no such feature.
- Imagine how much faster it is to access files cached into RAM!
-
- + The Andrew benchmark demonstrates that AFS has better performance
- than NFS as the number of clients increases. A graph of this
- (taken from Andrew benchmark report) is available in:
-
- U http://www.angelfire.com/hi/plutonic/images/andrew1.jpg
-
- Subject: 2 Using AFS
-
- Subject: 2.01 What are the differences between AFS and a unix filesystem?
-
- Essentially, from a user's point of view, there is little difference
- between AFS and local unix filestore. Nearly all the commands normally
- used to access local files can be used to access files in /afs.
-
- In the following set of sections, I have attempted to "target"
- each section to an appropriate type of user by including to the
- right of each section heading one of: User, Programmer, SysAdmin.
-
- Here is a summary of the differences:
-
- Authentication: [ User ]
-
- Before a user can access protected AFS files (s)he needs to become
- authenticated to AFS using the klog command (Kerberos login) to get
- a Kerberos "ticket granting ticket" (called a token from here on).
-
- Without a token, an unauthenticated user is given the AFS identity
- "system:anyuser" and as such is only able to access files in directories
- that have ACLs granting system:anyuser access.
-
- Many systems have the klog function built into the system login program.
- So a user would not even have to know they gain a token on logging in.
- If you use a system where you have to issue the klog command after
- login then you should run the pagsh command first (see below).
-
- AFS provides access control lists to give more precise control
- to users wishing to protect their files (see AFS ACL below).
-
- File permissions: [ User ]
-
- Unix mode bits for group and other are ignored.
- The mode bits for the file owner don't work the way they used to.
-
- Users should protect their AFS files with (directory) ACLs only.
- Just use mode bits to make a file executable.
-
- Data protection with AFS ACLs: [ User ]
-
- Some versions of unix (eg IBM's AIX version 3) allow ACLs on
- local files. In AFS, ACLs protect directories and used with
- AFS protection groups (see below) provide a finer granularity
- of protection than can be achieved with basic unix file permissions.
- (AFS ACLs are described in more detail below.)
-
- Protection groups: [ User ]
-
- Users can create and maintain their own protection groups in AFS -
- as opposed to unix where only sys admins can manage protection groups.
-
- Hard links: [ User ]
-
- In AFS, hard links (eg: ln old new) are only valid within a directory.
- This is because AFS ACLs protect directories (not individual files)
- and allowing hard links that span directories would subvert ACL
- protection.
-
- Symbolic links work in AFS because they reference a pathname and
- not an i-node directly. (Hard links reference an i-node directly.)
-
- Changing file protection by moving a file: [ User ]
-
- Moving a file to a different directory will change the protection
- of a file if the ACL on the new directory if different to the ACL
- on the original directory.
-
- chown and chgrp: [ User ]
-
- Only members of the AFS group "system:administrators" can use these
- commands on files in /afs.
-
- Save on close: [ Programmer ]
-
- AFS Cache Manager does not send file modifications to a file server
- until the close() or fsync() system call.
-
- write() system calls only update the local cache copy on the client.
-
- Note the difference in semantic of writing a file:
-
- local unix file: writes update the file "immediately"
- AFS file: local cached copy updated "immediately" but
- the server copy is only updated when the file
- is closed or fsync'ed.
-
- It is important to understand that most applications (eg: vi, emacs,
- frame, interleaf, wingz, dogz, etc) issue the close() system call when
- the user chooses/issues the "save" command in the application.
-
- Users are not required to exit the application to "save" their
- changes back to the server.
-
- byte-range file locking: [ Programmer ]
-
- AFS does not support byte-range locking within a file,
- although lockf() and fcntl() calls will return 0 (success).
- The first time a byte-range lock is attempted, AFS will display:
-
- "afs: byte-range lock/unlock ignored; make sure no one else
- else is running this program."
-
- whole file locking: [ Programmer ]
-
- AFS does support advisory locking an entire file with flock().
- Processes on the same client workstation that attempt to lock
- a file obey the proper locking semantics.
-
- Processes on different AFS clients requesting a lock on the same
- file would get EWOULDBLOCK returned.
-
- character and block special files: [ SysAdmin ]
-
- AFS does not support character and block special files.
- The mknod command does not create either character or block
- special files in /afs.
-
- AFS version of fsck: [ SysAdmin ]
-
- On an AFS server, the partitions containing served files are NOT
- unix filesystems and standard fsck *must* not be used - use the AFS
- version instead.
-
- Subject: 2.02 What is an AFS protection group?
-
- A named list of users.
-
- Group names are used in AFS ACLs to identify lists of users with
- particular access permissions.
-
- In AFS, users can create and maintain their own protection groups.
- This is different to unix where only the system administrator can
- manage /etc/group.
-
- AFS groups are stored in the protection database on fileserver(s)
- and managed by using the "pts" command.
-
- An AFS group typically has the format:
-
- owner-id:group-name
-
- By default, only the owner of a group can change its members.
-
- It is possible to have both users and IP addresses as members
- of an AFS group. By using an IP address like this you can specify
- all the users from the host with that IP address.
-
- Subject: 2.03 What are the AFS defined protection groups?
-
- system:anyuser
-
- Everyone who has access to an AFS client in any cell that is
- on the same network as your cell.
-
- system:authuser
-
- Everyone who has access to an AFS client in any cell that is
- on the same network as your cell *and* has valid tokens for
- your cell (ie has been authenticated in your cell).
-
- system:administrators
-
- Users who have privileges to execute some but not all
- system administrator commands.
-
- Subject: 2.04 What is an AFS access control list (ACL)?
-
- There is an ACL for every directory in AFS. The ACL specifies
- protection at the directory level (not file level) by listing
- permissions of users and/or groups to a directory. There is a
- maximum of 20 entries on an ACL.
-
- For example:
-
- An AFS ACL is displayed by using the "fs" command as shown below:
-
- tweety@toontown $ fs listacl .
- Access list for . is
- Normal rights:
- fac:coords rlidwka
- system:anyuser rl
-
- This ACL shows that members of the AFS protection group "fac:coords"
- have full access rights to the current directory and "system:anyuser"
- has only read and lookup rights.
-
- The members of "fac:coords" can be determined by accessing the
- protection group database using the "pts" command as shown below:
-
- tweety@toontown $ pts membership fac:coords
- Members of fac:coords (id: -1577) are:
- sylvester
- roadrunner
- yosemite.sam
-
- Subject: 2.05 What are the AFS access rights?
-
- In AFS, there are seven access rights that may be set or not set:
-
- lookup l Permission to examine the ACL and traverse the
- directory (needed with most other access rights).
- Permission to look up filenames in a directory.
- read r View the contents of files in the directory
- insert i Add new files or sub-directories
- write w Modify file contents, use "chmod"
- delete d Remove file(s) in directory
- lock k Permission for programs to "flock" files
- in the directory
- administer a Ability to change the ACL
-
- There are short-hand forms:
-
- read rl read and lookup
- write rlidwk all rights except administer
- all rlidwka
- none removes all rights
-
- Subject: 2.06 What is pagsh?
-
- A command to get a new shell with a process authentication group (PAG).
-
- This is normally used if your system does not use the AFS version of login.
- It is used to get a PAG prior to running klog.
-
- The PAG uniquely identifies the user to the Cache Manager.
- Without a PAG the Cache Manager uses the unix UID to identify a user.
-
- Subject: 2.07 Why use a PAG?
-
- There are two reasons:
-
- a) Child processes inherit the PAG and the Kerberos token so they are AFS
- authenticated.
-
- b) For security: if you don't have a PAG then the Cache Manager identifies
- you by unix UID. Another user with root access to the client could
- su to you and therefore use your token.
-
- Subject: 2.08 How can I tell if I have a PAG?
-
- You can tell if you have a PAG by typing "groups". A PAG is indicated
- by the appearance of two integers in the list of groups.
-
- For example:
- sylvester@toontown $ groups
- 33536 32533 staff catz
-
- Subject: 2.09 Can I still run cron jobs with AFS?
-
- Yes, but remember that in order to fully access files in AFS you have
- to be AFS authenticated. If your cron job doesn't klog then it only
- gets system:anyuser access.
-
- The klog command has a "-pipe" option which will read a password from
- stdin. IF (yes, that's a big if :-) you are prepared to store your
- password in a local (non-AFS) file then you might use the following:
-
- a) create a "wrapper" script to get a PAG, get your AFS token
- and execute a command:
-
- #!/usr/afsws/bin/pagsh
- #
- # NAME afs_wrap_cron
- # AUTHOR Paul Blackburn <mpb@acm.org>
- # PURPOSE Run an AFS authenticated cron job.
- # Get a PAG, get the user's token,
- # then exec user's command
-
- CMD=`basename ${0}`
-
- usage() {
- echo "Usage: ${CMD} [ -principal AFSID ] passwordfile command" >&2
- }
-
- if [ ${1} = "-principal" ]; then
- PRINCIPAL="${1} ${2}"
- shift 2
- fi
-
- if [ -z "${1}" ]; then
- echo "${CMD} error: need name of password file" >&2
- usage
- exit 1
- else
- passwordfile=${1}
- shift
- fi
-
- /usr/afsws/bin/klog ${PRINCIPAL} -pipe < ${passwordfile}
-
- if [ -z "${1}" ]; then
- echo "${CMD} error: need name of command to run" >&2
- usage
- exit 1
- else
- command_line="$*"
- command=`echo ${command_line} | awk '{print $1}'`
-
- # Check if we can run the command.
- # If we got this far, it is likely that the command name is correct
- # but there may be a problem in accessing the command file.
- # If there is an error, log it via syslog (logger) rather than ">&2"
-
- if [ ! -x "${command}" ]; then
- M="error: unable to execute command ${command}"
- logger -i -t "${CMD}" "${M}"
- exit 1
- fi
- fi
- exec ${command_line}
-
- b) Store your password in a local (non-AFS) file that only you
- have access to (perhaps: /home/$USER/.p).
-
- Make sure that this file is mode 600 and also be sure that
- you trust whoever has root access on this system and whoever
- has access to backup tapes! Also, don't forget to change this
- file if you change your AFS password.
-
- c) In your crontab file, run afs_wrap_cron followed by unlog:
-
- 0 6 * * * /usr/local/bin/afs_wrap_cron /home/$USER/.p \
- $HOME/bin/6AMdaily; /usr/afsws/bin/unlog
-
- Note that you can still run a cron job without getting a token if
- the task does not need to be AFS authenticated. In this case, you
- may get stderr from the cron job if your .profile is not accessible
- because of the ACL protecting your $HOME. Simply redirect to /dev/null:
-
- 0 7 * * * $sys_anyuser_readable_dir/7AMdaily 2>/dev/null
-
- Subject: 2.10 How much disk space does a 1 byte file occupy in AFS?
-
- One kilobyte.
-
- Other filesystems allocate different file block sizes.
- For example, IBM's AIX version 3 journaled file system (JFS)
- uses 4K blocks (exception: 2K for the 160MB disk drive).
-
- Such blocksize differences lead to variations on the amount of
- disk space required to store files. Copying a directory from AFS
- to AIX JFS would require more space in JFS because of the block
- fragmentation.
-
- Example:
-
- a) Create a one byte file in AFS and use "ls -s" to show how many
- kilobytes it occupies:
-
- ariel@atlantica $ echo z >/afs/dsea/tmp/one_byte_file
- ariel@atlantica $ ls -s /afs/dsea/tmp/one_byte_file
- 1 /afs/dsea/tmp/one_byte_file
-
- b) Create same file in local filesystem (AIX JFS):
-
- ariel@atlantica $ echo z >/tmp/one_byte_file
- ariel@atlantica $ ls -s /tmp/one_byte_file
- 4 /tmp/one_byte_file
-
- Subject: 2.11 Is it possible to specify a user who is external
- to the current AFS cell on an ACL?
-
- No. You cannot reference a particular user from another AFS cell.
-
- You can specify an IP address on the ACL; this means any and all
- users from the host with that IP address.
-
- Another solution to this problem is to give the external user an
- "authentication-only" account in your AFS cell. This means that
- (s)he can klog (but has no home directory) in your cell.
-
- # Example: AFS administrator creates an authentication-only user
- $ uss add daffy "Daffy Duck" -t /dev/null
- $ kas setpassword daffy -admin admin
-
- Cross-realm authentication (where co-operating cells are able to
- specify remore users as "user@remote.cell" on an ACL) is an *unsupported*
- feature of AFS 3.3a. That means that Transarc doesn't promise
- to make it work for you, nor keep it running in future releases.
-
- Subject: 2.12 Are there any problems printing files in /afs?
-
- The issue of printing in AFS is almost always the same: what do you
- send to the printing daemon? Do you send it the bytes you want to
- print or do you just send the file name containing those bytes? If
- you send it a file name, you have to be sure that the printing daemon
- can read it. Most daemons run with no AFS tokens, so can't access
- directories unless they are open for system:anyuser read access.
- Often, printing commands (lpr, lp, enq) have an option that allows
- for both modes of operation, though the default behavior varies from
- system to system. If you're interested in making your daemons
- authenticate to AFS, check out the example scripts in AFS-Contrib:
-
- file:///afs/transarc.com/public/afs-contrib/tools/reauth-example
- ftp://ftp.transarc.com/pub/afs-contrib/tools/reauth-example/
-
- Another common problem is setuid printing commands. For instance, the
- "enq" command runs as root, daemon, or some such user. If you aren't
- using the AFS login and simply issue "klog" to get tokens, those
- tokens are associated with your uid. When setuid programs run, they
- lose access to your token and often can't read the file name given as
- an argument. The solution in this case is to use "pagsh" before
- "klog" so that your tokens are transferred to subprocesses
- automatically by group membership. This works even if the uid
- changes, as for setuid programs.
-
- Subject: 2.13 Can I create a fifo (aka named pipe) in /afs?
-
- No. AFS does not support "mknod fifofile p".
-
- Subject: 2.14 If an AFS server crashes, do I have to reboot my AFS client?
-
- No.
-
- Typically, if an AFS server becomes unavailable, the AFS Cache Manager on
- your AFS client will see you through the outage until the server returns.
- This robustness is dependent on the way your AFS cell has been configured
- including the following factors:
-
- + On the client side:
- + How big is the cache?
- + Are the files you need already in the cache?
-
- + On the server side:
- + How many servers? It's best to have a minimum of three.
- + Is the data you are accessing replicated? In AFS, replicas
- are ReadOnly copies.
-
- With replicated volumes, the AFS Cache Manager knows about all of the
- servers on which the replicas are located. Therefore, when the Cache
- Manager accesses a replicated volume, if the RPC times out, the
- Cache Manager automatically retrys the RPC, using a different file server.
-
- If necessary, the Cache Manager will attempt to contact all file servers
- on which a replica of the volume resides.
-
- If you are accessing ReadWrite volumes on a crashed server then you
- will not be able to save changes back to the server until it returns.
-
- You don't need to reboot, and the Cache Manager activity is "invisible"
- to the user.
-
- Subject: 2.15 Can I use AFS on my diskless workstation?
-
- Yes. The AFS Cache Manager can be configured to work with either
- a disk based cache or a memory (RAM) based cache. With the latter,
- you can expect file access from the cache with a whizz!
-
- U http://www.uni-hohenheim.de/~schaefer/afs/info-afs/1306.html
-
- Subject: 2.16 Can I test for AFS tokens from within my program?
-
- Yes. Some sample code showing how to do this can be found in:
-
- file:///afs/transarc.com/public/afs-contrib/tools/auth-samples/listtokens.c
- ftp://ftp.transarc.com/pub/afs-contrib/tools/auth-samples/listtokens.c
-
- Subject: 2.17 What's the difference between /afs/cellname and /afs/.cellname?
-
- AFS has ReadOnly (RO) and ReadWrite (RW) volumes.
-
- The convention in AFS is to mount the RW volume "root.cell" as
- /afs/.cellname and the RO volume "root.cell.readonly" as /afs/cellname.
-
- This is so that when you travel down the /afs/.cellname link, AFS will
- always use the RW site of any volumes that have RO clones.
-
- This allows your administrator to update the RW copy of a volume and
- "vos release $volname" so that it will appear in /afs/cellname.
-
- Subject: 2.18 Can I klog as two users on a machine in the same cell?
-
- Yes, if you use two different PAGs.
-
- It's: "One token per PAG per client system."
-
- From one shell you can only authenticate as a single user of a cell.
- If you open another shell (with another PAG) you can klog as a different
- user of the same cell from the same client.
-
- You can authenticate into many cells from one client shell.
-
- Subject: 2.19 What are the ~/.__afsXXXX files?
-
- They are temporary reference files used by the AFS Cache Manager.
-
- In UNIX filesystems, when you a remove a file that is kept open
- by a process, the file stays around physically while it is no longer
- referenced in any directory (which you will see as a mismatch between
- disk space usage according to df and du).
-
- Some applications rely on that feature, e.g. they create a temporary file
- and remove it immediatley while keeping the file descriptor open.
- The file then disappears from the filesystem automagically
- when the process terminates or the file descriptor gets closed otherwise.
- Such applications could get into trouble with older versions of AFS,
- where the file could really disappear while it was held open.
-
- Newer versions of AFS rename such files to .__afsXXXX, thus making sure
- that the data stays around as expected by the application. As soon as
- the file gets closed, the associated .__afsXXXX should disappear.
-
- Subject: 3 AFS administration
-
- Subject: 3.01 Is there a version of xdm available with AFS authentication?
-
- Yes, xdm can be found in:
-
- file:///afs/transarc.com/public/afs-contrib/tools/xdm
- ftp://ftp.transarc.com/pub/afs-contrib/tools/xdm/
-
- Subject: 3.02 Is there a version of xlock available with AFS authentication?
-
- Yes, xlock can be found in:
-
- file:///afs/transarc.com/public/afs-contrib/tools/xlock
- ftp://ftp.transarc.com/pub/afs-contrib/tools/xlock/
-
- Subject: 3.03 What is /afs/@cell?
-
- It is a symbolic link pointing at /afs/$your_cell_name.
-
- NB, @cell is not something that is provided by AFS. You may decide
- it is useful in your cell and wish to create it yourself.
-
- /afs/@cell is useful because:
-
- + If you look after more than one AFS cell, you could create
- the link in each cell then set your PATH as:
- PATH=$PATH:/afs/@cell/@sys/local/bin
-
- + For most cells, it shortens the path names to be typed in
- thus reducing typos and saving time.
-
- A disadvantage of using this convention is that when you cd into
- /afs/@cell then type "pwd" you see "/afs/@cell" instead of the full name
- of your cell. This may appear confusing if a user wants to tell a user
- in another cell the pathname to a file.
-
- You could create your own /afs/@cell with the following:
-
- #/bin/ksh -
- # author: mpb
- [ -L /afs/@cell ] && echo We already have @cell! && exit
- cell=$(cat /usr/vice/etc/ThisCell)
- cd /afs/.${cell} && fs mkm temp root.afs
- cd temp
- ln -s /afs/${cell} @cell
- ln -s /afs/.${cell} .@cell # .@cell for RW path
- cd /afs/.${cell} && fs rmm temp
- vos release root.afs; fs checkv
-
- U http://www-archive.stanford.edu/lists/info-afs/hyper95/0298.html
-
- Subject: 3.04 Given that AFS data is location independent, how does
- an AFS client determine which server houses the data
- its user is attempting to access?
-
- The Volume Location Database (VLDB) is stored on AFS Database
- Servers and is ideally replicated across 3 or more Database Server
- machines. Replication of the Database ensures high availability
- and load balances the requests for the data. The VLDB maintains
- information regarding the current physical location of all volume
- data (files and directories) in the cell, including the IP address
- of the FileServer, and the name of the disk partition the data is
- stored on.
-
- A list of a cell's Database Servers is stored on the local disk of
- each AFS Client machine as: /usr/vice/etc/CellServDB
-
- The Database Servers also house the Kerberos Authentication
- Database (encrypted user and server passwords), the Protection
- Database (user UID and protection group information) and the
- Backup Database (used by System Administrators to backup AFS file
- data to tape).
-
- Subject: 3.05 Which protocols does AFS use?
-
- AFS may be thought of as a collection of protocols and software
- processes, nested one on top of the other. The constant interaction
- between and within these levels makes AFS a very sophisticated software
- system.
-
- At the lowest level is the UDP protocol, which is part of TCP/IP. UDP
- is the connection to the actual network wire. The next protocol level is
- the remote procedure call (RPC). In general, RPCs allow the developer
- to build applications using the client/server model, hiding the
- underlying networking mechanisms. AFS uses Rx, an RPC protocol developed
- specifically for AFS during its development phase at Carnegie Mellon
- University.
-
- Above the RPC is a series of server processes and interfaces that all
- use Rx for communication between machines. Fileserver, volserver,
- upserver, upclient, and bosserver are server processes that export RPC
- interfaces to allow their user interface commands to request actions and
- get information. For example, a bos status <machine name> command will
- examine the bos server process on the indicated file server machine.
-
- Database servers use ubik, a replicated database mechanism which is
- implemented using RPC. Ubik guarantees that the copies of AFS databases
- of multiple server machines remain consistent. It provides an
- application programming interface (API) for database reads and writes,
- and uses RPCs to keep the database synchronized. The database server
- processes, vlserver, kaserver, and ptserver, reside above ubik. These
- processes export an RPC interface which allows user commands to control
- their operation. For instance, the pts command is used to communicate
- with the ptserver, while the command klog uses the kaserver's RPC
- interface.
-
- Some application programs are quite complex, and draw on RPC interfaces
- for communication with an assortment of processes. Scout utilizes the
- RPC interface to file server processes to display and monitor the status
- of file servers. The uss command interfaces with kaserver, ptserver,
- volserver and vlserver to create new user accounts.
-
- The Cache Manager also exports an RPC interface. This interface is used
- principally by file server machines to break callbacks. It can also be
- used to obtain Cache Manager status information. The program cmdebug
- shows the status of a Cache Manager using this interface.
-
- For additional information, Section 1.5 of the AFS System
- Administrator's Guide and the April 1990 Cache Update contain more
- information on ubik. Udebug information and short descriptions of all
- debugging tools were included in the January 1991 Cache Update. Future
- issues will discuss other debugging tools in more detail.
-
- [ source: ftp://ftp.transarc.com/pub/afsug/newsletter/apr91 ]
- [ Copyright 1991 Transarc Corporation ]
-
- Subject: 3.06 Are setuid programs executable across AFS cell boundaries?
-
- By default, the setuid bit is ignored but the program may be run
- (without setuid privilege).
-
- It is possible to configure an AFS client to honour the setuid bit.
- This is achieved by root running:
-
- root@toontown # fs setcell -cell $cellname -suid
-
- (where $cellname is the name of the foreign cell. Use with care!).
-
- NB: making a program setuid (or setgid) in AFS does *not* mean
- that the program will get AFS permissions of a user or group.
- To become AFS authenticated, you have to klog. If you are not
- authenticated, AFS treats you as "system:anyuser".
-
- Subject: 3.07 How does AFS maintain consistency on read-write files?
-
- AFS uses a mechanism called "callback".
-
- Callback is a promise from the fileserver that the cache version
- of a file/directory is up-to-date. It is established by the fileserver
- with the caching of a file.
-
- When a file is modified the fileserver breaks the callback. When the
- user accesses the file again the Cache Manager fetches a new copy
- if the callback has been broken.
-
- The following paragraphs describe AFS callback mechanism in more detail:
-
- If I open() fileA and start reading, and you then open() fileA,
- write() a change ***and close() or fsync()*** the file to get your
- changes back to the server - at the time the server accepts and writes
- your changes to the appropriate location on the server disk, the
- server also breaks callbacks to all clients to which it issued a copy
- of fileA.
-
- So my client receives a message to break the callback on fileA, which
- it dutifully does. But my application (editor, spreadsheet, whatever
- I'm using to read fileA) is still running, and doesn't really care
- that the callback has been broken.
-
- When something causes the application to read() more of the file
- the read() system call executes AFS cache manager code via the VFS switch,
- which does check the callback and therefore gets new copies of the data.
-
- Of course, the application may not re-read data that it has already read,
- but that would also be the case if you were both using the same host.
- So, for both AFS and local files, I may not see your changes.
-
- Now if I exit the application and start it again, or if the
- application does another open() on the file, then I will see the
- changes you've made.
-
- This information tends to cause tremendous heartache and discontent
- - but unnecessarily so. People imagine rampant synchronization problems.
- In practice this rarely happens and in those rare instances, the data in
- question is typically not critical enough to cause real problems or
- crashing and burning of applications. Since 1985, we've found
- that the synchronization algorithm has been more than adequate in practice
- - but people still like to worry!
-
- The source of worry is that, if I make changes to a file from my
- workstation, your workstation is not guaranteed to be notified until I
- close or fsync the file, at which point AFS guarantees that your
- workstation will be notified. This is a significant departure from NFS,
- in which no guarantees are provided.
-
- Partially because of the worry factor and largely because of Posix,
- this will change in DFS. DFS synchronization semantics are identical
- to local file system synchronization.
-
- [ DFS is the Distributed File System which is part of the Distributed ]
- [ Computing Environment (DCE). ]
-
- Subject: 3.08 How can I run daemons with tokens that do not expire?
-
- It is not a good idea to run with tokens that do not expire because
- this would weaken one of the security features of Kerberos.
-
- A better approach is to re-authenticate just before the token expires.
-
- There are two examples of this that have been contributed to
- afs-contrib. The first is "reauth":
-
- file:///afs/transarc.com/public/afs-contrib/tools/reauth/
- ftp://ftp.transarc.com/pub/afs-contrib/tools/reauth/
-
- The second is "lat":
-
- /afs/transarc.com/public/afs-contrib/pointers\
- /UMich-lat-authenticated-batch-jobs
- ftp://ftp.transarc.com/pub/afs-contrib/pointers
- /UMich-lat-authenticated-batch-jobs
-
- Subject: 3.09 Can I check my user's passwords for security purposes?
-
- Yes. Alec Muffett's Crack tool (at version 4.1f) has been converted
- to work on the Transarc kaserver database. This modified Crack
- (AFS Crack) is available via anonymous ftp from:
-
- ftp://export.acs.cmu.edu/pub/crack.tar.Z
-
- and is known to work on: pmax_* sun4*_* hp700_* rs_aix* next_*
-
- It uses the file /usr/afs/db/kaserver.DB0, which is the database on
- the kaserver machine that contains the encrypted passwords. As a bonus,
- AFS Crack is usually two to three orders of magnitude faster than the
- standard Crack since there is no concept of salting in a Kerberos database.
-
- On a normal UNIX /etc/passwd file, each password can have been encrypted
- around 4096 (2^12) different saltings of the crypt(3) algorithm, so for
- a large number of users it is easy to see that a potentially large
- (up to 4095) number of seperate encryptions of each word checked has
- been avoided.
-
- Author: Dan Lovinger
- Contact: Derrick J. Brashear <shadow+@andrew.cmu.edu>
-
- Note: AFS Crack does not work for MIT Kerberos Databases.
- The author is willing to give general guidance to someone interested
- in doing the (probably minimal) amount of work to port it to do MIT
- Kerberos. The author does not have access to a MIT Kerberos server
- to do this.
-
- Subject: 3.10 Is there a way to automatically balance disk usage across
- fileservers?
-
- Yes. There is a tool, balance, which does exactly this.
- It can be retrieved via anonymous ftp from:
-
- ftp://ftp.andrew.cmu.edu/pub/balance-1.1a.tar.Z
-
- Actually, it is possible to write arbitrary balancing algorithms
- for this tool. The default set of "agents" provided for the current
- version of balance balance by usage, # of volumes, and activity per week,
- the latter currently requiring a source patch to the AFS volserver.
- Balance is highly configurable.
-
- Author: Dan Lovinger
- Contact: Derrick Brashear <shadow+@andrew.cmu.edu>
-
- Subject: 3.11 Can I shutdown an AFS fileserver without affecting users?
-
- Yes, this is an example of the flexibility you have in managing AFS.
-
- Before attempting to shutdown an AFS fileserver you have to make
- some arrangements that any services that were being provided are
- moved to another AFS fileserver:
-
- 1) Move all AFS volumes to another fileserver. (Check you have the space!)
- This can be done "live" while users are actively using files
- in those volumes with no detrimental effects.
-
- 2) Make sure that critical services have been replicated on one
- (or more) other fileserver(s). Such services include:
-
- kaserver - Kerberos Authentication server
- vlserver - Volume Location server
- ptserver - Protection server
- buserver - Backup server
-
- It is simple to test this before the real shutdown by issuing:
-
- bos shutdown $server $service
-
- where: $server is the name of the server to be shutdown
- and $service is one (or all) of: kaserver vlserver ptserver buserver
-
- Other points to bear in mind:
-
- + "vos remove" any RO volumes on the server to be shutdown.
- Create corresponding RO volumes on the 2nd fileserver after moving the RW.
- There are two reasons for this:
-
- 1) An RO on the same partition ("cheap replica") requires less space
- than a full-copy RO.
-
- 2) Because AFS always accesses RO volumes in preference to RW,
- traffic will be directed to the RO and therefore quiesce the load
- on the fileserver to be shutdown.
-
- + If the system to be shutdown has the lowest IP address there may be a
- brief delay in authenticating because of timeout experienced before
- contacting a second kaserver.
-
- Subject: 3.12 How can I set up mail delivery to users with $HOMEs in AFS?
-
- There are many ways to do this. Here, only two methods are considered:
-
- Method 1: deliver into local filestore
-
- This is the simplest to implement. Set up your mail delivery to
- append mail to /var/spool/mail/$USER on one mailserver host.
- The mailserver is an AFS client so users draw their mail out of
- local filestore into their AFS $HOME (eg: inc).
-
- Note that if you expect your (AFS unauthenticated) mail delivery program
- to be able to process .forward files in AFS $HOMEs then you need to
- add "system:anyuser rl" to each $HOMEs ACL.
-
- The advantages are:
-
- + Simple to implement and maintain.
- + No need to authenticate into AFS.
-
- The drawbacks are:
-
- - It doesn't scale very well.
- - Users have to login to the mailserver to access their new mail.
- - Probably less secure than having your mailbox in AFS.
- - System administrator has to manage space in /var/spool/mail.
-
- Method 2: deliver into AFS
-
- This takes a little more setting up than the first method.
-
- First, you must have your mail delivery daemon AFS authenticated
- (probably as "postman"). The reauth example in afs-contrib
- shows how a daemon can renew its token. You will also need to setup
- the daemon startup soon after boot time to klog (see the -pipe option).
-
- Second, you need to set up the ACLs so that "postman" has lookup rights
- down to the user's $HOME and "lik" on $HOME/Mail.
-
- Advantages:
-
- + Scales better than first method.
- + Delivers to user's $HOME in AFS giving location independence.
- + Probably more secure than first method.
- + User responsible for space used by mail.
-
- Disadvantages:
-
- - More complicated to set up.
- - Need to correctly set ACLs down to $HOME/Mail for every user.
- - Probably need to store postman's password in a file so that
- the mail delivery daemon can klog after boot time.
- This may be OK if the daemon runs on a relatively secure host.
-
- An example of how to do this for IBM RISC System/6000 is auth-sendmail.
- A beta test version of auth-sendmail can be found in:
-
- file:///afs/transarc.com/public/afs-contrib/doc/faq/auth-sendmail.tar.Z
- ftp://ftp.transarc.com/pub/afs-contrib/doc/faq/auth-sendmail.tar.Z
-
- Subject: 3.13 Should I replicate a ReadOnly volume on the same partition
- and server as the ReadWrite volume?
-
- Yes, Absolutely! It improves the robustness of your served volumes.
-
- If ReadOnly volumes exist (note use of term *exist* rather than
- *are available*), Cache Managers will *never* utilize the ReadWrite
- version of the volume. The only way to access the RW volume is via
- the "dot" path (or by special mounting).
-
- This means if *all* RO copies are on dead servers, are offline, are
- behind a network partition, etc, then clients will not be able to get
- the data, even if the RW version of the volume is healthy, on a healthy
- server and in a healthy network.
-
- However, you are *very* strongly encouraged to keep one RO copy of a
- volume on the *same server and partition* as the RW. There are two
- reasons for this:
-
- 1) The RO that is on the same server and partition as the RW is a clone
- (just a copy of the header - not a full copy of each file).
- It therefore is very small, but provides access to the same set of files
- that all other (full copy) ReadOnly volume do.
- Transarc trainers refer to this as the "cheap replica".
-
- 2) To prevent the frustration that occurs when all your ROs are unavailable
- but a perfectly healthy RW was accessible but not used.
-
- If you keep a "cheap replica", then by definition, if the RW is available,
- one of the RO's is also available, and clients will utilize that site.
-
- Subject: 3.14 Should I start AFS before NFS in /etc/inittab?
-
- Yes, it is possible to run both AFS and NFS on the same system but
- you should start AFS first.
-
- In IBM's AIX 3.2, your /etc/inittab would contain:
-
- rcafs:2:wait:/etc/rc.afs > /dev/console 2>&1 # Start AFS daemons
- rcnfs:2:wait:/etc/rc.nfs > /dev/console 2>&1 # Start NFS daemons
-
- With AIX, you need to load NFS kernel extensions before the AFS KEs
- in /etc/rc.afs like this:
-
- #!/bin/sh -
- # example /etc/rc.afs for an AFS fileserver running AIX 3.2
- #
- echo "Installing NFS kernel extensions (for AFS+NFS)"
- /etc/gfsinstall -a /usr/lib/drivers/nfs.ext
- echo "Installing AFS kernel extensions..."
- D=/usr/afs/bin/dkload
- ${D}/cfgexport -a ${D}/export.ext
- ${D}/cfgafs -a ${D}/afs.ext
- /usr/afs/bin/bosserver &
-
- Subject: 3.15 Will AFS run on a multi-homed fileserver?
-
- (multi-homed = host has more than one network interface.)
-
- Yes, it will. However, AFS was designed for hosts with a single IP address.
- There can be problems if you have one host name being resolved to several
- IP addresses.
-
- Transarc suggest designating unique hostnames for each network interface.
- For example, a host called "spot" has two tokenring and one ethernet
- interfaces: spot-tr0, spot-tr1, spot-en0.
- Then, select which interface will be used for AFS and use that hostname
- in the CellServDB file (eg: spot-tr0).
-
- You also have to remember to use the AFS interface name with any AFS
- commands that require a server name (eg: vos listvol spot-tr0).
-
- There is a more detailed discussion of this in the August 1993 issue
- of "Cache Update" (see: ftp://ftp.transarc.com/pub/afsug/newsletter/aug93).
-
- The simplest way of dealing with this is to make your AFS fileservers
- single-homed (eg only use one network interface).
-
- At release 3.4 of AFS, it is possible to have multi-homed fileservers
- (but _not_ multi-homed database servers).
-
- Subject: 3.16 Can I replicate my user's home directory AFS volumes?
-
- No.
-
- Users with $HOMEs in /afs normally have an AFS ReadWrite volume
- mounted in their home directory.
-
- You can replicate a RW volume but only as a ReadOnly volume
- and there can only be one instance of a ReadWrite volume.
-
- In theory, you could have RO copies of a user's RW volume
- on a second server but in practice this won't work for the
- following reasons:
-
- a) AFS has built-in bias to always access the RO copy of a RW volume.
- So the user would have a ReadOnly $HOME which is not too useful!
-
- b) Even if a) was not true you would have to arrange frequent
- synchronisation of the RO copy with the RW volume (for example:
- "vos release user.fred; fs checkv") and this would have to be
- done for all such user volumes.
-
- c) Presumably, the idea of replicating is to recover the $HOME
- in the event of a server crash. Even if a) and b) were not
- problems consider what you might have to do to recover a $HOME:
-
- 1) Create a new RW volume for the user on the second server
- (perhaps named "user.fred.2").
-
- 2) Now, where do you mount it?
-
- The existing mountpoint cannot be used because it already has
- the ReadOnly copy of the original volume mounted there.
-
- Let's choose: /afs/MyCell/user/fred.2
-
- 3) Copy data from the RO of the original into the new RW volume
- user.fred.2
-
- 4) Change the user's entry in the password file for the new $HOME:
- /afs/MyCell/user/fred.2
-
- You would have to attempt steps 1 to 4 for every user who had
- their RW volume on the crashed server. By the time you had done
- all of this, the crashed server would probably have rebooted.
-
- The bottom line is: you cannot replicate $HOMEs across servers.
-
- Subject: 3.17 Which TCP/IP ports and protocols do I need to enable
- in order to operate AFS through my Internet firewall?
-
- Assuming you have already taken care of nameserving, you may wish to
- use an Internet timeserver for Network Time Protocol [35] [36]:
-
- ntp 123/tcp
-
- A list of NTP servers is available via anonymous FTP from:
- http://www.eecis.udel.edu/~mills/ntp/servers.html
-
- For further details on NTP see: http://www.eecis.udel.edu/~ntp/
-
- For a "minimal" AFS service which does not allow inbound or outbound klog:
-
- fileserver 7000/udp
- cachemanager 7001/udp
- ptserver 7002/udp
- vlserver 7003/udp
- kaserver 7004/udp
- volserver 7005/udp
- reserved 7006/udp
- bosserver 7007/udp
-
- (Ports in the 7020-7029 range are used by the AFS backup system,
- and won't be needed by external clients performing simple file accesses.)
-
- Additionally, for "klog" to work through the firewall you need to
- allow inbound and outbound UDP on ports >1024 (probably 1024<port<2048
- would suffice depending on the number of simultaneous klogs).
-
- See also: http://www-archive.stanford.edu/lists/info-afs/hyper95/0874.html
-
- Subject: 3.18 What is the Andrew Benchmark?
-
- "It is a script that operates on a collection of files constituting
- an application program. The operations are intended to represent typical
- actions of an average user. The input to the benchmark is a source tree
- of about 70 files. The files total about 200 KB in size. The benchmark
- consists of five distinct phases:
-
- I MakeDir - Construct a target subtree that is identical to the
- source subtree.
- II Copy - Copy every file from the source subtree to the target subtree.
- III ScanDir - Traverse the target subtree and examine the status
- of every file in it.
- IV ReadAll - Scan every byte of every file in the target subtree.
- V Make - Complete and link all files in the target subtree."
-
- Source:
- file:///afs/transarc.com/public/afs-contrib/doc/benchmark/Andrew.Benchmark.ps
- ftp://ftp.transarc.com/pub/afs-contrib/doc/benchmark/Andrew.Benchmark.ps
-
- Subject: 3.19 Is there a version of HP VUE login with AFS authentication?
-
- Yes, the availability of this is described in:
- file:///afs/transarc.com/public/afs-contrib/pointers/HP-VUElogin.txt
- ftp://ftp.transarc.com/pub/afs-contrib/pointers/HP-VUElogin.txt
-
- U If you don't have access to the above, please contact Rajeev Pandey
- U of Hewlett Packard whose email address is <rpandey@cv.hp.com>.
-
- Subject: 3.20 How can I list which clients have cached files from a server?
-
- By using the following script:
-
- #!/bin/ksh -
- #
- # NAME afsclients
- # AUTHOR Rainer Toebbicke <rtb@dxcern.cern.ch>
- # DATE June 1994
- # PURPOSE Display AFS clients which have grabbed files from a server
-
- if [ $# = 0 ]; then
- echo "Usage: $0 <afs_server 1> ... <afsserver n>"
- exit 1
- fi
- for n; do
- /usr/afsws/etc/rxdebug -servers $n -allconn
- done | grep '^Connection' | \
- while read x y z ipaddr rest; do echo $ipaddr; done | sort -u |
- while read ipaddr; do
- ipaddr=${ipaddr%%,}
- n="`nslookup $ipaddr`"
- n="${n##*Name: }"
- n="${n%%Address:*}"
- n="${n##*([ ])}"
- n="${n%?}"
- echo "$n ($ipaddr)"
- done
-
- Subject: 3.21 Do Backup volumes require as much space as ReadWrite volumes?
-
- No.
-
- The technique used is to create a new volume, where every file in the
- RW copy is pointed to by the new backup volume. The files don't exist
- in the BK, only in the RW volume. The backup volume therefore takes up
- very little space.
-
- If the user now starts modifying data, the old copy must not be destroyed.
-
- There is a Copy-On-Write bit in the vnode - if the fileserver writes to
- a vnode with the bit on it allocates a new vnode for the data and turns
- off the COW bit. The BK volume hangs onto the old data, and the RW volume
- slowly splits itself away over time.
-
- The BK volume is re-synchronised with the RW next time a "vos backupsys"
- is run.
-
- The space needed for the BK volume is directly related to the size
- of all files changed in the RW between runs of "vos backupsys".
-
- Subject: 3.22 Should I run timed on my AFS client?
-
- No.
-
- The AFS Cache Manager makes use of NTP [35] [36] to synchronise time
- with your cell's NTP servers.
-
- Typically, one of your AFS cell's servers synchronises with an
- external NTP server and provides accurate time to your cell.
-
- Subject: 3.23 Why should I keep /usr/vice/etc/CellServDB current?
-
- On AFS clients, /usr/vice/etc/CellservDB, defines the cells and
- (their servers) that can be accessed via /afs.
-
- Over time, site details change: servers are added/removed or moved
- onto new network addresses. New sites appear.
-
- In order to keep up-to-date with such changes, the CellservDB file
- on each AFS client should be kept consistent with some master copy
- (at your site).
-
- As well as updating CellservDB, your AFS administrator should
- ensure that new cells are mounted in your cell's root.afs volume.
-
- Subject: 3.24 How can I keep /usr/vice/etc/CellServDB current?
-
- Do a daily copy from a master source and update the AFS kernel sitelist.
-
- The client CellServDB file must not reside under /afs and is best located
- in local filespace.
-
- Simply updating a client CellServDB file is not enough.
- You also need to update the AFS kernel sitelist by either:
- a) rebooting the client
- or b) running "fs newcell $cell_name $server_list" for each site in
- the CellServDB file.
-
- A script to update the AFS kernel sitelist on a running system
- is newCellServDB.
-
- file:///afs/ece.cmu.edu/usr/awk/Public/newCellServDB
- ftp://ftp.ece.cmu.edu/pub/afs-tools/newCellServDB
-
- One way to distribute CellServDB is to have a root cron job on each
- AFS client copy the file then run newCellServDB.
-
- Example:
-
- #!/bin/ksh -
- #
- # NAME syncCellServDB
- # PURPOSE Update local CellServDB file and update AFS kernel sitelist
- # USAGE run by daily root cron job eg:
- # 0 3 * * * /usr/local/sbin/syncCellServDB
- #
- # NOTE "@cell" is a symbolic link to /afs/$this_cell_name
-
- src=/afs/@cell/service/etc/CellServDB
- dst=/usr/vice/etc/CellServDB
- xec=/usr/local/sbin/newCellServDB
- log=/var/log/syncCellServDB
-
- if [ -s ${src} ]; then
- if [ ${src} -nt ${dst} ]; then
- cp $dst ${dst}- && cp $src $dst && $xec 2>&1 >$log
- else
- echo "master copy no newer: no processing to be done" >$log
- fi
- else
- echo "zero length file: ${src}" >&2
- fi
-
- Subject: 3.25 How can I compute a list of AFS fileservers?
-
- Here is a Korn shell command to do it:
-
- stimpy@nick $ vos listvldb -cell $(cat /usr/vice/etc/ThisCell) \
- | awk '(/server/) {print $2}' | sort -u
-
- Subject: 3.26 How can I set up anonymous FTP login to access /afs?
-
- The easiest way on a primarily "normal" machine (where you don't want to
- have everything in AFS) is to actually mount root.cell under ~ftp, and then
- symlink /afs to ~ftp/afs or whatever. It's as simple as changing the
- mountpoint in /usr/vice/etc/cacheinfo and restarting afsd.
-
- Note that when you do this, anon ftp users can go anywhere system:anyuser
- can (or worse, if you're using IP-based ACLs and the ftp host is PTS groups).
- The only "polite" solution I've arrived at is to have the ftp host
- machine run a minimal CellServDB and police my ACLs tightly.
-
- Alternatively, you can make ~ftp an AFS volume and just mount whatever you
- need under that - this works well if you can keep everything in AFS, and
- you don't have the same problems with anonymous "escapes" into /afs.
-
- Unless you need to do authenticating ftp, you are _strongly_ recommended
- using wu-ftpdv2.4 (or better).
-
- Subject: 3.27 Where can I find the Andrew Benchmark?
-
- file:///afs/transarc.com/public/afs-contrib/doc/faq/ab.tar.Z [156k]
- ftp://ftp.transarc.com/pub/afs-contrib/doc/faq/ab.tar.Z [156k]
-
- This is a tar archive of file:///afs/cs.cmu.edu/user/satya/ftp/ab/
-
- Subject: 4 Getting more information
-
- Subject: 4.01 Is there an anonymous FTP site with AFS information?
-
- Yes, it is: ftp.transarc.com
-
- A brief summary of contents:
-
- Directory Contents
-
- pub/afsug/newsletter AFS user group newsletters
- pub/afs-contrib Contributed tools and documents
- pub/afsps/doc release notes, SUPPORTED_SYSTEMS.afs.*
- pub/afsug AFS user group (see README for detail)
- pub/afsps/progint AFS programming interface docs
-
- These directories are also accessible via AFS. For example:
- /afs/transarc.com/public/afs-contrib
-
- (NB "pub" => "public" when using AFS to access these.)
-
- Subject: 4.02 Which USENET newsgroups discuss AFS?
-
- alt.filesystems.afs and occasionally in comp.unix.admin.
-
- Subject: 4.03 Where can I get training in AFS?
-
- Transarc provide user and administrator courses.
- These can be provided at the customer site or at Transarc's offices.
-
- Transarc's education coordinator may be contacted by:
-
- telephone: +1 412 338 4363 email: education@transarc.com
-
- U http://www.transarc.com
-
- Subject: 4.04 Where can I find AFS resources in World Wide Web (WWW)?
-
- Here are some I have found (please let me know if you find more):
-
- a) A collection of AFS information maintained by Derrick Brashear at CMU:
-
- http://www.cs.cmu.edu/afs/andrew.cmu.edu/usr/shadow/www/afs.html
- (Also accessible in: /afs/andrew.cmu.edu/usr/shadow/www)
-
- b) AFS Beginners Guide (ALW/NIH):
- http://www.alw.nih.gov/Docs/AFS/AFS_toc.html
-
- c) NCSA AFS User Guide:
- http://www.ncsa.uiuc.edu/Pubs/UserGuides/AFSGuide/AFSv2.1Book.html
-
- d) Transarc AFS Product Information:
- U http://www.transarc.com/dfs/public/www/htdocs/.hosts/external/Product/EFS/AFS/afsoverview.html
-
- e) CERN AFS User's Guide:
- http://wsspinfo.cern.ch/file/doc/afsug.html
-
- f) MIT SIPB's Inessential AFS
- http://web.mit.edu/afs/sipb.mit.edu/project/doc/afs/html/afs-new.html
-
- g) Stanford University hypermail archive of info-afs@transarc.com
- http://www-archive.stanford.edu/lists/info-afs.html
-
- N h) Linux AFS FAQ:
- N http://www.umlug.umd.edu/linuxafs/
-
- Subject: 4.05 Is there a mailing list for AFS topics?
-
- Yes, it is info-afs@transarc.com.
-
- An automated program called Majordomo is now handling the info-afs
- list. To join the mailing list, send a message to:
-
- majordomo@transarc.com
-
- In the body (not the Subject line) of the message, type:
-
- subscribe info-afs
-
- For example:
-
- $ mail -s "subscribe to info-afs" majordomo@transarc.com <<%
- subscribe info-afs
- %
-
- To unsubscribe:
-
- $ mail -s "unsubscribe from info-afs" majordomo@transarc.com <<%
- unsubscribe info-afs
-
- Subject: 4.06 Where can I find an archive of info-afs@transarc.com?
-
- There is a hypermail archive at:
- http://www-archive.stanford.edu/lists/info-afs.html
-
- Subject: 4.07 Where can I find an archive of alt.filesystems.afs?
-
- file:///afs/ibm.uk/common/archive/alt.filesystems.afs/
-
- Both the info-afs@transarc.com and alt.filesystems.afs archives are
- incomplete. If you have material to contribute, please let me know.
-
- Subject: 4.08 Where can I find AFS related GIFs?
-
- U file:///afs/transarc.com/public/afs-contrib/doc/faq/images/index.html
- U ftp://ftp.transarc.com/pub/afs-contrib/doc/faq/images/index.html
-
- Subject: 4.09 Gibt es eine deutsche AFS Benutzer Gruppe?
-
- Ja, wenn Sie mitmachen wollen, schicken Sie bitte eine E-Mail an:
-
- afsdeu-request@hrz.th-darmstadt.de
-
- Ueber diese Adresse werden "subscribe" und "unsubscribe" Requests
- bearbeitet.
-
- Subject: 4.10 Donde puedo encontrar informacion en Espanol sobre AFS?
-
- Hay algunas notas en Espanol sobre AFS en:
- http://w3.ing.puc.cl/~cet/afs.html
-
- Subject: 5 About the AFS faq
-
- I started compiling the FAQ after attending an AFS administrators class
- and while waiting for the distribution tape to arrive from Transarc
- (back in July 93). The initial goal was to assist users at my site
- to understand AFS issues.
-
- The FAQ seemed to be a more widely useful resource so it was made
- generally available.
-
- I hope you have found the AFS FAQ useful.
-
- Your criticism or suggestions for improving it are welcome, so please
- don't hesitate to email your views (or just say "hello").
-
- This compilation is dedicated to my AFS teacher and all those
- who inspire through good humour, enthusiasm, wit and wisdom.
- --
- paul http://acm.org/~mpb/homepage.html
-
- Subject: 5.01 How can I get a copy of the AFS faq?
-
- If you do make a copy, please be aware that this compilation
- changes over time: you will need to do a periodic re-copy to
- keep your copy up-to-date.
-
- There are two reference sources:
-
- 1) The text only version, available via AFS from:
- /afs/transarc.com/public/afs-contrib/doc/faq/afs.faq
-
- 2) The World Wide Web (HTML) version, available via URL:
- U http://www.angelfire.com/hi/plutonic/afs-faq.html
-
-
- There are several other ways to get a copy.
-
- via AFS: /afs/transarc.com/public/afs-contrib/doc/faq/afs.faq
-
- U via FTP: ftp://rtfm.mit.edu/pub/usenet/news.answers/afs-faq
-
- U via WWW: http://www.angelfire.com/hi/plutonic/afs-faq.html
-
- via USENET news:
-
- From time to time this faq will be posted to the USENET newsgroups:
- alt.filesystems.afs alt.answers news.answers
-
- via CD-ROM:
-
- The AFS faq is now available on CD-ROM "Internet Info" (containing
- 17,420 documents including other FAQs, RFCs, IENs, etc) from:
-
- Walnut Creek CDROM phone: 1 800 786-9907 (US tollfree)
- 4041 Pike Lane, Ste D-www +1 510 674-0783
- Concord, CA 94250 fax: +1 510 674-0821
- United States of America email: orders@cdrom.com
- WWW: http://www.cdrom.com/
-
- The file is in: $cd_mount_point/faqs/alt/filesystems.afs
-
- Subject: 5.02 How can I get my question (and answer) into the AFS faq?
-
- Comments and contributions are welcome, please send to: mpb@acm.org
-
- I am looking for reviewers to help me check the material here, please
- let me know if you would like to help.
-
- Subject: 5.03 How can I access the AFS faq via the World Wide Web?
-
- To access the World Wide Web you either need your own browser
- or have telnet access to WWW servers.
-
- WWW browsers exist for most machines. Here's a list of some browsers;
-
- Name System/requirements Available from (among others)
- ==== =================== ==============
- Mosaic X windows, MS-Windows, Mac ftp.ncsa.uiuc.edu /Web
- lynx vt100 ftp.wustl.edu /packages/www/lynx
-
- From your own browser, OPEN or GO to the following document:
-
- U http://www.angelfire.com/hi/plutonic/afs-faq.html
-
- It is much better to run your own browser but if this is not possible
- there are several WWW servers accessible via telnet:
-
- + telnet info.cern.ch
- U then type: go http://www.angelfire.com/hi/plutonic/afs-faq.html
-
- + telnet www.njit.edu (login: www)
- then type:
- g
- U http://www.angelfire.com/hi/plutonic/afs-faq.html
-
- + telnet ukanaix.cc.ukans.edu (login: www, needs vt100)
- U then type: ghttp://www.angelfire.com/hi/plutonic/afs-faq.html
-
- Subject: 6 Bibliography
-
- If documentation is available via anonymous FTP it is indicated
- by a World Wide Web URL like:
-
- ftp://athena-dist.mit.edu/pub/kerberos/doc/usenix.PS
-
- where: athena-dist.mit.edu is the anonymous FTP site and
- pub/kerberos/doc/usenix.PS is the filename
-
- Similarly, for those who have appropriate access, documents available
- via AFS are shown with the format:
-
- file:///afs/.....
-
- [1] John H Howard, Michael L Kazar, Sherri G Menees, David A Nichols,
- M Satyanarayanan, Robert N Sidebotham, Michael J West
- "Scale and Performance in a Distributed File System",
- ACM Transactions on Computer Systems, Vol. 6, No. 1, Feb 1988 pp 51-81.
-
- [2] Michael L Kazar,
- "Synchronisation and Caching Issues in the Andrew File System",
- USENIX Proceedings, Dallas, TX, Winter 1988
-
- [3] Alfred Z Spector, Michael L Kazar,
- "Uniting File Systems", UNIX Review, March 1989
-
- [4] Johna Till Johnson,
- "Distributed File System brings LAN Technology to WANs",
- Data Communications, November 1990, pp 66-67.
-
- [5] Michael Padovano, PADCOM Associates,
- "AFS widens your horizons in distributed computing",
- Systems Integration, March 1991
-
- [6] Steve Lammert,
- "The AFS 3.0 Backup System", LISA IV Conference Proceedings,
- Colorado Springs, Colorado, October 1990.
-
- [7] Michael L Kazar, Bruce W Leverett, Owen T Anderson,
- Vasilis Apostolides, Beth A Bottos, Sailesh Chutani,
- Craig F Everhart, W Anthony Mason, Shu-Tsui Tu, Edward R Zayas,
- "DEcorum File System Architectural Overview",
- USENIX Conference Proceedings, Anaheim, Texas, Summer 1990.
-
- [8] "AFS Drives DCE Selection", Digital Desktop, Vol 1 No 6 Sept 1990.
-
- [9] James J Kistler, M Satyanarayanan,
- "Disconnected Operation in the Coda Filesystem",
- CMU School of Computer Science technical report, CMU-CS-91-166
- 26th July 1991.
-
- [10] Puneet Kumar. M Satyanarayanan,
- "Log-based Directory Resolution in the Coda File System",
- CMU School of Computer Science internal document, 2 July 1991.
-
- [11] Edward R Zayas,
- "Administrative Cells: Proposal for Cooperative Andrew File Systems",
- Information Technology Center internal document,
- Carnegie-Mellon University, 25th June 1987
-
- [12] Ed Zayas, Craig Everhart,
- "Design and Specification of the Cellular Andrew Environment",
- Information Technology Center, Carnegie-Mellon University,
- CMU-ITC-070, 2 August 1988
-
- [13] Kazar, Michael L, Information Technology Center,
- Carnegie-Mellon University,
- "Ubik - A library for Managing Ubiquitous Data",
- ITCID, Pittsburgh, PA, 1988
-
- [14] Kazar, Michael L, Information Technology Center,
- Carnegie-Mellon University,
- "Quorum Completion", ITCID, Pittsburgh, PA, 1988
-
- [15] SP Miller, BC Neuman, JI Schiller, JH Saltzer,
- "Kerberos Authentication and Authorization System",
- Project Athena technical Plan, Section E.2.1, MIT, December 1987
- ftp://athena-dist.mit.edu/pub/kerberos/doc/techplan.PS
- ftp://athena-dist.mit.edu/pub/kerberos/doc/techplan.txt
- file:///afs/watson.ibm.com/projects/agora/papers/kerberos/techplan.PS
-
- [16] Bill Bryant,
- "Designing an Authentication System: a Dialogue in Four Scenes",
- Project Athena internal document, MIT, draft of 8th February 1988
- ftp://athena-dist.mit.edu/pub/kerberos/doc/dialogue.PS
- ftp://athena-dist.mit.edu/pub/kerberos/doc/dialogue.mss
- file:///afs/watson.ibm.com/projects/agora/papers/kerberos/dialogue.PS
-
- [17] Edward R Zayas,
- "AFS-3 Programmer's Reference: Architectural Overview",
- Transarc Corporation, FS-00-D160, September 1991
- ftp://ftp.transarc.com/pub/afsps/doc/progint/archov-doc.ps
- ftp://ftp.transarc.com/pub/afsps/doc/progint/archov-doc.dvi
- file:///afs/transarc.com/public/afsps/doc/progint/archov-doc.ps
- file:///afs/transarc.com/public/afsps/doc/progint/archov-doc.dvi
- file:///afs/watson.ibm.com/projects/agora/papers/afs/archov-doc.ps
-
- [18] "AFS Programmer's Reference: Authentication Server Interface",
- Transarc Corporation, 12th April 1993
- ftp://ftp.transarc.com/pub/afsps/doc/progint/asrv-ispec.ps
- ftp://ftp.transarc.com/pub/afsps/doc/progint/asrv-ispec.dvi
- file:///afs/transarc.com/public/afsps/doc/progint/asrv-ispec.ps
- file:///afs/transarc.com/public/afsps/doc/progint/asrv-ispec.dvi
- file:///afs/watson.ibm.com/projects/agora/papers/afs/asrv-ispec.ps
-
- [19] Edward R Zayas,
- "AFS-3 Programmer's Reference: BOS Server Interface",
- Transarc Corporation, FS-00-D161, 28th August 1991
- ftp://ftp.transarc.com/pub/afsps/doc/progint/bsrv-spec.ps
- ftp://ftp.transarc.com/pub/afsps/doc/progint/bsrv-spec.dvi
- file:///afs/transarc.com/public/afsps/doc/progint/bsrv-spec.ps
- file:///afs/transarc.com/public/afsps/doc/progint/bsrv-spec.dvi
- file:///afs/watson.ibm.com/projects/agora/papers/afs/bsrv-spec.ps
-
- [20] Edward R Zayas,
- "AFS-3 Programmer's Reference: File Server/Cache Manager Interface",
- Transarc Corporation, FS-00-D162, 20th August 1991
- ftp://ftp.transarc.com/pub/afsps/doc/progint/fscm-ispec.ps
- ftp://ftp.transarc.com/pub/afsps/doc/progint/fscm-ispec.dvi
- file:///afs/transarc.com/public/afsps/doc/progint/fscm-ispec.ps
- file:///afs/transarc.com/public/afsps/doc/progint/fscm-ispec.dvi
- file:///afs/watson.ibm.com/projects/agora/papers/afs/fscm-ispec.ps
-
- [21] Edward R Zayas,
- "AFS-3 Programmer's Reference:
- Specification for the Rx Remote Procedure Call Facility",
- Transarc Corporation, FS-00-D164, 28th August 1991
- ftp://ftp.transarc.com/pub/afsps/doc/progint/rx-spec.ps
- ftp://ftp.transarc.com/pub/afsps/doc/progint/rx-spec.dvi
- file:///afs/transarc.com/public/afsps/doc/progint/rx-spec.ps
- file:///afs/transarc.com/public/afsps/doc/progint/rx-spec.dvi
- file:///afs/watson.ibm.com/projects/agora/papers/afs/rx-spec.ps
-
- [22] Edward R Zayas,
- "AFS-3 Programmer's Reference:
- Volume Server/Volume Location Server Interface",
- Transarc Corporation, FS-00-D165, 29th August 1991
- ftp://ftp.transarc.com/pub/afsps/doc/progint/vvl-spec.ps
- ftp://ftp.transarc.com/pub/afsps/doc/progint/vvl-spec.dvi
- file:///afs/transarc.com/public/afsps/doc/progint/vvl-spec.ps
- file:///afs/transarc.com/public/afsps/doc/progint/vvl-spec.dvi
- file:///afs/watson.ibm.com/projects/agora/papers/afs/vvl-spec.ps
-
- [23] "AFS User Guide",
- Transarc Corporation, FS-D200-00.08.3
-
- [24] "AFS Commands Reference Manual",
- Transarc Corporation, FS-D200-00.11.3
-
- [25] "AFS Systems Administrators Guide",
- Transarc Corporation, FS-D200-00.10.3
-
- [26] Steven M. Bellovin, Michael Merritt
- "Limitations of the Kerberos Authentication System",
- Computer Communications Review, October 1990, Vol 20 #5, pp. 119-132
- ftp://research.att.com/dist/internet_security/kerblimit.usenix.ps
- file:///afs/watson.ibm.com/projects/agora/papers/kerberos/limitations.PS
-
- [27] Jennifer G. Steiner, Clifford Neuman, Jeffrey I. Schiller
- "Kerberos: An Authentication Service for Open Network Systems"
- ftp://athena-dist.mit.edu/pub/kerberos/doc/usenix.PS
- ftp://athena-dist.mit.edu/pub/kerberos/doc/usenix.txt
-
- [28] Barry Jaspan
- "Kerberos Users' Frequently Asked Questions"
- ftp://rtfm.mit.edu/pub/usenet/news.answers/kerberos-faq/user
- http://www.ov.com/misc/krb-faq.html
-
- [29] P. Honeyman, L.B. Huston, M.T. Stolarchuk
- "Hijacking AFS"
- ftp://ftp.sage.usenix.org/pub/usenix/winter92/hijacking-afs.ps.Z
- file:///afs/watson.ibm.com/projects/agora/papers/afs/afs_hijacking.ps
-
- [30] R.N. Sidebotham
- "Rx: Extended Remote Procedure Call"
- Proceedings of the Nationwide File System Workshop
- Information Technology Center, Carnegie Mellon University,
- (August 1988)
-
- [31] R.N. Sidebotham
- "Volumes: The Andrew File System Data Structuring Primitive"
- Technical Report CMU-ITC-053, Information Technology Center,
- Carnegie Mellon University, (August 1986)
-
- [32] Cohen, David L. "AFS: NFS on steroids",
- LAN Technology March 1993 v9 n3 p51(9)
- ftp://ftp.transarc.com/pub/afs-contrib/doc/faq/NFS_on_steroids
-
- [33] Marybeth Schultz "AFS Troubleshooting Tools"
- Transarc Corporation, January 11 1993, draft document
- ftp://ftp.transarc.com/pub/afsps/doc/trguide/external.afsug.ps
-
- [34] William Stallings "Kerberos Keeps the Enterprise Secure"
- Data Communications, October 1994, Vol 23 No 14 Page 103
-
- [35] DL Mills "Internet Time Synchronization: the Network Time Protocol"
- RFC 1129, October 1989
- ftp://nic.ddn.mil/rfc/rfc1129.ps
-
- [36] DL Mills "Network Time Protocol (Version 3)
- Specification, Implementation and Analysis"
- RFC 1305, March 1992
- ftp://nic.ddn.mil/rfc/rfc1305.tar.Z
- ftp://nic.ddn.mil/rfc/rfc1305.txt
-
- [37] Craig Everhart "Conventions for Names in the Service Directory
- in the AFS Distributed File System"
- March 1990
- ftp://ftp.transarc.com/pub/afs-contrib/doc/faq/service-spec.ez.ps
- ftp://ftp.transarc.com/pub/afs-contrib/doc/faq/service-spec.ez
- file:///afs/transarc.com/public/afs-contrib/doc/faq/service-spec.ez
- file:///afs/transarc.com/public/afs-contrib/doc/faq/service-spec.ez.ps
-
- [38] AFS Programmer's Reference Manual
- ftp://ftp.transarc.com/pub/afsps/doc/progref/3.0/
- file:///afs/transarc.com/public/afsps/doc/progref/3.0/
-
- Subject: 7 Change History
-
- 1.82 => 1.83 (Mon Aug 15 15:30:00 1994)
- added: Subject: 0.06 Change History
- added: Subject: 4.06 Where can I find an archive of info-afs@transarc.com?
- added: Subject: 4.07 Where can I find an archive of alt.filesystems.afs?
- updated: throughout
- changed format of references use WWW URL where appropriate
- checked references point to existing files
- updated: Subject: 0.02 Acknowledgements
- added Michael Fagan and Robert Malick
-
- 1.83 => 1.84 (Mon Aug 15 15:47:22 1994)
- updated: Newsgroups header (fixed typo)
-
- 1.84 => 1.85 (Fri Aug 19 10:30:36 1994)
- updated: Subject: 1.05.e Single systems image (SSI)
- In example, /usr/afsws/etc/pagsh => /usr/afsws/bin/pagsh for AFS 3.3
- updated: Subject: 1.07 ...Internet AFS filetree?
- added: pi.infn.it mpa-garching.mpg.de pppl.gov meteo.uni-koeln.de
- geo.uni-koeln.de utah.edu
- removed: jrc.flinders.edu.au
-
- 1.85 => 1.86 (Tue Aug 23 17:16:48 1994)
- added: Subject: 3.20 How can I list which clients...
- updated: Subject: 0.02 Acknowledgements
- added Rainer Toebbicke
-
- 1.86 => 1.87 (Mon Oct 10 09:30:00 1994)
- swapped: 0.05 and 0.06
- updated: 1.07 ...Internet AFS filetree?
- added: research.ec.org psu.edu
- added: [32] and [33] to Bibliography
- added: 2.14 If an AFS server crashes,...
-
- 1.87 => 1.88 (Mon Oct 10 12:23:00 1994)
- added: [34] to Bibliography
-
- 1.88 => 1.89 (Thu Oct 13 14:49:21 1994)
- updated: 1.06 Which systems is AFS available for?
- added: Linux
-
- 1.98 => 1.90 (Thu Oct 13 15:07:54 1994)
- updated: 2.14 If an AFS server crashes,...
-
- 1.90 -> 1.91 (Mon Oct 17 08:31:36 1994)
- updated: Table of contents:
- moved: Change History out of Preamble to Subject 7
- updated: 2.14 If an AFS server crashes,...
- updated: 1.06 Which systems is AFS available for?
- added: NetBSD
- added: 2.15 Can I use AFS on my diskless workstation?
- moved: Change History to the end of the file so that a search from
- Table of contents will go straight to the Subject and not
- match on items in the Change History. Also, latest change
- is described at the end of the file.
- updated: all URL refs a la minimal-digest-format FAQ
- updated: 4.04 Where can I find AFS resources in World Wide Web (WWW)?
- added: c) NCSA AFS User Guide
- updated: 5.01 How can I get a copy of the AFS faq?
- added: reference to latest copy via ftp
- added: Anon ftp source reference to first page. (EFAQTOOBIG? :-)
-
- 1.91 => 1.92 (Fri Oct 21 12:03:20 1994)
- added: 2.16 Can I test for AFS tokens from within my program?
- added: 4.08 Where can I find AFS related GIFs?
-
- 1.92 => 1.93 (Wed Dec 14 09:22:32 1994)
- updated: Subject: 0.02 Acknowledgements
- added: David Snearline
- updated: Subject: 0.04 Release Notes
- added ref to changes at end of file
- updated: Subject: 1.01 What is AFS?
- added: Transarc homepage URL
- updated: Subject: 1.05.g Improved robustness to server crash
- updated: Subject: 1.07 What does "ls /afs" display
- removed: test.alw.nih.gov
- added: afs-math.zib-berlin.de
- updated: Subject: 3.03 How does AFS compare with NFS?
- added: bit about some NFS implementations having extra security
- updated: Subject: 3.12 How can I set up mail delivery...
- added: ref to beta test version of auth-sendmail
- updated: Subject: 3.17 Which TCP/IP ports...
- added: NTP servers URL
- updated: Subject: 4.03 Where can I get training in AFS?
- added: Transarc Training URL
- updated: Subject: 5 About the AFS faq
- added: some history
-
- 1.93 => 1.94 (Thu Jan 05 14:01:04 1995)
- updated: Subject: 5 About the AFS faq
- added: RFF (Request For Feedback)
-
- 1.94 => 1.95 (Wed Jan 11 08:42:50 1995)
- updated: Subject: 0.02 Acknowledgements
- added: Mic Bowman
- added: Mike Prince
- updated: Subject: 1.07
- added: cheme.cmu.edu dia.atd.net desy.de ifh.de
- mathematik-cip.uni-stuttgart.de umr.edu urz.uni-magdeburg.de
- removed: rel-eng.athena.mit.edu nce nce_psc nsf-centers.edu
- updated: Subject: 2.14
- added: bit about ReadWrite volumes
- added: Subject: 3.21 Do Backup volumes...
- updated: Subject: 5.01
- added: new URL for HTML version of AFS FAQ
- updated: Subject: 5.03
- added: new URL for HTML version of AFS FAQ
-
- 1.95 => 1.96 (Wed Jan 11 16:11:28 1995)
- updated: Subject: 5.03
- added: new URL for HTML version of AFS FAQ at Transarc
-
- 1.96 => 1.97 (Tue Jan 17 15:55:37 GMT 1995)
- updated: Subject: 3.12 How can I set up mail delivery...
- now <ftp://grand.central.org/pub/afs-contrib/doc/faq/auth-sendmail.tar.Z>
- updated: Subject: 4.08 Where can I find AFS related GIFs?
- changed to: /afs/transarc.com/public/www/Product/AFS/FAQ/images
- updated: Subject: 5.01 How can I get a copy of the AFS faq?
- changed wording.
-
- 1.97 => 1.98 (Wed Jan 18 13:29:12 GMT 1995)
- updated: Subject: 4.01 Is there an anonymous FTP site with AFS information?
- changed: cache-update to cache.update
- updated: Subject: 4.04 Where can I find AFS resources in World Wide Web?
- added: d) Transarc AFS Product Information
- updated: Subject: 1.07 What does "ls /afs" display
- removed: nce_ctc
- added: wu-wien.ac.at
-
- 1.98 => 1.99 (Tue 28 Feb 14:54:53 1995)
- added: World Wide Web URL reference to first page
- updated: Subject: 1.02 Who supplies AFS?
- added: Transarc homepage URL
- updated: Subject: 1.06 Which systems is AFS available for?
- added: John Kohl and NetBSD mailing list reference
- added: Subject: 1.10 How can I access AFS from my PC?
- updated: Subject: 2.09 Can I still run cron jobs with AFS?
- added: bit about non-authenticated cron jobs
- added: Subject: 2.17 What's the difference between /afs/cellname ...
- updated: Subject: 3.03 How does AFS compare with NFS?
- added: bit about using a RAM based cache and ref to Andrew benchmark
- updated: Subject: 3.17 Which TCP/IP ports and protocols ...
- added: added NTP doc refs
- added: Subject: 3.22 Should I run timed on my AFS client?
- updated: Subject: 4.03 Where can I get training in AFS?
- new (shorter) Transarc URL
- updated: Subject: 4.04 Where can I find AFS resources in (WWW)?
- new (shorter) Transarc URL
- updated: Subject: 5.01 How can I get a copy of the AFS faq?
- new URL http://www.transarc.com/Product/AFS/FAQ/faq.html
- updated: Subject: 5.03 How can I access the AFS faq via the World Wide Web?
- ditto 5.01
- added: [35] [36] to Bibliography
-
- 1.99 => 1.100 (Tue Mar 28 15:31:32 GMT 1995)
- updated: Subject: 4.08 Where can I find AFS related GIFs?
- new (shorter) URL for GIFs
- updated: Subject: 5.01 How can I get a copy of the AFS faq?
- re-worded
-
- 1.100 => 1.101 (Fri Mar 31 07:38:17 GMT 1995)
- updated: Subject: 1.10 How can I access AFS from my PC?
- Added bit about SAMBA.
-
- 1.101 => 1.102 (Tue Apr 4 13:17:54 BST 1995)
- updated: Subject: 0.02 Acknowledgements
- added (New Century Systems) to Rens Troost entry
- updated: Subject: 1.10 How can I access AFS from my PC?
- corrected PCI-Interface URL (pci-faq => pci.faq)
-
- 1.102 => 1.103 (Tue May 9 16:09:32 BST 1995)
- updated: Subject: 5.01 How can I get a copy of the AFS faq?
- Added new CDROM source
-
- 1.103 => 1.104 (Wed May 24 08:43:19 BST 1995)
- updated: Subject: 1.07 What does "ls /afs" display in the Internet AFS
- removed: titech.ac.jp
- added: infn.it iway.org hep.net
- updated: Subject: 3.10 Is there a way to automatically balance disk usage
- added: new version (1.1a) reference
- added: new contact name Derrick Bradshear
- updated: Subject: 4.04 Where can I find AFS resources in WWW?
- added: "CERN AFS User's Guide version 1.0"
- updated: Subject: 5.01 How can I get a copy of the AFS faq?
- added: bit about downloadable HTML version
- added: for CD-ROM source, added both US tollfree and "normal" phone nos.
-
- 1.104 => 1.105 (Thu Jun 8 08:45:56 BST 1995)
- updated: Subject: 3.17 Which TCP/IP ports and protocols
- fixed typo
- updated: Subject: 4.04 Where can I find AFS resources in World Wide Web?
- new URL for Derrick Brashear's AFS reference page
- added: MIT SIPB's Inessential AFS
- added: Getting started with AFS (University of Michigan)
-
- 1.105 => 1.106 (Fri Jul 21 16:56:42 BST 1995)
- throughout: /afs/grand.central.org/pub/afs-contrib changed to
- /afs/transarc.com/public/afs-contrib
- updated: Subject: 0.02 Acknowledgements
- updated: Dan Lovinger now with Microsoft
- added: Anton Knaus (Carnegie Mellon University)
- added: Mike Shaddock (SAS Institute Inc.)
- updated: Subject: 0.04 Release Notes
- changed wording
- updated: Subject: 1.07 What does "ls /afs" display in the Internet AFS
- removed: hepafs1.hep.net inel.gov pub.nsa.hp.com ucop.edu
- added: belwue.uni-tuebingen.de cs.wisc.edu wisc.edu rl.ac.uk asu.edu
- isl.ntt.jp jrc.flinders.edu.au ntt.jp rhic sleeper.nsa.hp.com
- uni-bonn.de
- updated: Subject: 1.08 Why does AFS use Kerberos authentication?
- updated URL and added newsgroup URLs
- updated: Subject: 2.11 Is it possible to specify a user who is external..
- added: example of creating authentication-only account
- moved 3.03 to 1.11: Subject: 1.11 How does AFS compare with NFS?
- replaced old 3.03 by: Subject: 3.03 What is /afs/@cell?
- updated: Subject: 3.09 Can I check my user's passwords ...
- changed contact and author details
- updated: Subject: 3.10 Is there a way to automatically balance disk usage
- changed contact and author details
- added: Subject: 3.23 Why should I keep /usr/vice/etc/CellServDB current?
- added: Subject: 3.24 How can I keep /usr/vice/etc/CellServDB current?
- added: Subject: 4.09 Bibt es eine deutsche AFS Benutzer Gruppe?
-
- 1.106 => 1.107 (Wed Aug 30 17:20:08 BST 1995)
-
- added to [37] bibliography
-
- 1.107 => 1.108 (Tue Jan 30 16:59:55 GMT 1996)
-
- Throughout:
- For the Ohio State U. text to HTML convertor remove "<" ">" from URLs.
- AnonFTP site grand.central.org changed to ftp.transarc.com.
- Fix (most) broken URLs to the restless Web.
- Remove surplus "WWW" strings.
- updated: Subject: 0.02 Acknowledgements
- added: Pat Wilson and Cristian Espinoza
- updated: Subject: 0.05 Quote
- new URL to Othello Act 3 Scene 4 (HTML version)
- updated: Subject: 1.02 Who supplies AFS?
- new URL to Pittsburgh page (HTML version)
- Updated: Subject: 1.07 What does "ls /afs" display in the Internet AFS
- removed: ctd.ornl.gov ntt.jp
- added: bnl.gov dkrz.de fh-heilbronn.de hephy.at zdv.uni-mainz.de
- nrel.gov postech.ac.kr le.caspur.it glue.umd.edu
- updated: Subject: 1.08 Why does AFS use Kerberos authentication?
- new URL to "Using MIT's Kerberos Server with AFS"
- added: Subject: 2.18 Can I klog as two users on a machine in the same cell?
- updated: Subject: 3.07 How does AFS maintain consistency on read-write
- new URLs for DFS and DCE (HTML version)
- updated: Subject: 3.09 Can I check my user's passwords
- Derrick Brashear email db74+@andrew.cmu.edu => shadow+@andrew.cmu.edu
- updated: Subject: 3.10 Is there a way to automatically balance disk usage
- Derrick Brashear email db74+@andrew.cmu.edu => shadow+@andrew.cmu.edu
- updated: Subject: 3.15 Will AFS run on a multi-homed fileserver?
- add text about AFS 3.4 multi-homed fileservers (not database servers)
- added: Subject: 3.25 How can I compute a list of AFS fileservers?
- added: Subject: 3.26 How can I set up anonymous FTP login to access /afs?
- updated: Subject: 4.01 Is there an anonymous FTP site with AFS information?
- changed ftom grand.central.org to ftp.transarc.com
- added bit about /afs/transarc.com/public/afs-contrib
- updated: Subject: 4.04 Where can I find AFS resources in World Wide Web?
- new URL to Derrick Brashear's AFS reference page
- added http://www-archive.stanford.edu/lists/info-afs.html
- updated: Subject: 4.09 Bibt es eine deutsche AFS Benutzer Gruppe?
- correct "Bibt" to "Gibt"
- added: Subject: 4.10 Donde puedo encontrar informacion en Espanol sobre AFS?
-
- 1.108 => 1.109 (Wed Feb 14 16:55:42 GMT 1996)
-
- removed: anonymous ftp reference from top (it is in 5.01 anyway)
- updated: Subject: 4.01 Is there an anonymous FTP site with AFS information?
- new location for AFS Programming Interface documentation
- added: [38] to bibliography
- updated: [17] [18] [19] [20] [21] [22] new URLs on ftp.transarc.com
- added: Subject: 3.27 Where can I find the Andrew Benchmark?
- updated: Subject: 1.06 Which systems is AFS available for?
- added URL for OS/2 information
-
- 1.109 => 1.110 (Fri Mar 8 11:02:36 GMT 1996)
-
- updated: Subject: 0.02 Acknowledgements
- added: Mary Ann DelBusso
- updated: Subject: 2.09 Can I still run cron jobs with AFS?
- new script, afs_wrap_cron, which gets a PAG, token, and execs user command
- updated: Subject: 3.17 Which TCP/IP ports and protocols..firewall..
- added reference to Lyle Seaman's note to info-afs@transarc.com
- updated: Subject: 3.19 Is there a version of HP VUE login with AFS
- Kevin Eyre now the contact at HP for AFS authenticating HP-VUE
- updated: Subject: 3.25 How can I compute a list of AFS fileservers?
- fixed typo: viva Stimpy!
-
- 1.110 => 1.111 (Fri 29 Aug 16:12:29 1997)
-
- updated: Subject: 1.06 Which systems is AFS available for?
- mentioned "AFS Client for Windows/NT"
- new mailing list address for Linux and archive URL
- updated: Subject: 4.05 Is there a mailing list for AFS topics?
- new mailing list subscription address for info-afs@transarc.com
-
- 1.111 => 1.112 (Sat 25 Apr 17:54:00 1998)
-
- updated: AFS FAQ URL
- was: http://www.transarc.com/Product/AFS/FAQ/faq.html
- now: ftp://ftp.transarc.com/pub/afs-contrib/doc/faq/faq.html
- Changes in Transarc's website made it necessary to move the AFS FAQ URL
- updated: Subject: 0.02 Acknowledgements
- added: Michael Niksch
- updated: Subject: 1.02 Who supplies AFS?
- updated: URL for Pittsburgh (HTML version only)
- Updated: Subject: 1.07 What does "ls /afs" display in the Internet AFS
- removed: cs.arizona.edu dia.atd.net grand.central.org iway.org
- jrc.flinders.edu.au kiewit.dartmouth.edu le.caspur.it
- media-lab.mit.edu pegasus.cranfield.ac.uk
- rus-cip.uni-stuttgart.de ssc.gov stars.com
- stars.reston.unisys.com vfl.paramax.com wisc.edu
- added: bp.ncsu.edu cats.ucsc.edu cert.org cipool.uni-stuttgart.de
- clarkson.edu cs.rose-hulman.edu csv.ica.uni-stuttgart.de
- dapnia.saclay.cea.fr dce.emsl.pnl.gov dce.uni-stuttgart.de
- dis.uniroma1.it enea.it engin.umich.edu eos.ncsu.edu
- federation.atd.net fl.mcs.anl.gov ike.uni-stuttgart.de
- ipp-hgw.mpg.de isk.kth.se jpl.nasa.gov lcp.nrl.navy.mil
- le.infn.it lngs.infn.it msrc.pnl.gov msu.edu phy.bnl.gov
- rz.uni-jena.de spv.uniroma1.it thermo-a.mw.tu-muenchen.de
- tu-bs.de uni-mannheim.de unity.ncsu.edu vn.uniroma3.it
- added: Subject: 2.19 What are the ~/.__afsXXXX files?
- updated: Subject: 3.17 Which TCP/IP ports...firewall
- updated: URL for list of public NTP servers
- added: NTP reference web page
-
- N 1.112 => 1.113 (Thu 9 Jul 19:50:10 1998)
- N
- N updated: main header with new URLs
- N updated: Subject: Subject: 0.02 Acknowledgements
- N added: Kelly Chambers (Transarc)
- N updated: Subject: 1.06 Which systems is AFS available for?
- N removed: AFS 3.3 and 3.4 old URL references:
- N ftp://ftp.transarc.com/pub/afsps/doc/SUPPORTED_SYSTEMS.afs.rel33a
- N ftp://ftp.transarc.com/pub/afsps/doc/SUPPORTED_SYSTEMS.afs.rel34
- N added new URL:
- N http://www.transarc.com/Support/afs/relversions/platforms.html
- N added reference to AFS on Linux FAQ at:
- N http://www.umlug.umd.edu/linuxafs/
- N updated: Subject: 1.07 What does "ls /afs" display in the Internet AFS
- N removed: bnl.gov
- N added: dsi.uniroma1.it ovpit.indiana.edu vn.uniroma3.it
- N updated: Subject: 1.10 How can I access AFS from my PC?
- N changed SAMBA URLs:
- N http://samba.anu.edu.au/samba/
- N http://samba.anu.edu.au/samba/docs/faq/sambafaq-1.html#ss1.1
- N updated: Subject: 3.19 Is there a version of HP VUE login with
- N AFS authentication?
- N removed: reference to:
- N file:///afs/watson.ibm.com/projects/agora/hp/hp-agora/HP-VUElogin/
- N changed HP contact from Kevin Eyre <kevin@fc.hp.com>
- N to Rajeev Pandey <rpandey@cv.hp.com>
- N updated: Subject: 4.04 Where can I find AFS resources in World Wide Web?
- N changed:
- N http://www.transarc.com/Product/AFS/AFS-Info.html
- N to http://www.transarc.com/dfs/public/www/htdocs/.hosts/external/Product/EFS/AFS/afsoverview.html
- N removed: http://www.css.itd.umich.edu/docs/tutorials/AFS/
- N added: http://www.umlug.umd.edu/linuxafs/ AFS Linux FAQ
- N updated: Subject: 4.06 Where can I find an archive of info-afs
- N removed: file:///afs/ibm.uk/common/archive/info-afs@transarc.com/
- N updated: Subject: 4.08 Where can I find AFS related GIFs?
- N changed:
- N file:///afs/transarc.com/public/www/Product/AFS/FAQ/images/
- N to file:///afs/transarc.com/public/afs-contrib/doc/faq/images/
- N http://www.transarc.com/Product/AFS/FAQ/images/index.html
- N to ftp://ftp.transarc.com/pub/afs-contrib/doc/faq/images/index.html
- N updated: Subject: 5.01 How can I get a copy of the AFS faq?
- N changed http URL from:
- N http://www.transarc.com/Product/AFS/FAQ/faq.html
- N to http://www.angelfire.com/hi/plutonic/afs-faq.html
- N removed reference to html.tar.Z and auto email server
- N updated: Subject: 5.03 How can I access the AFS faq via the World Wide Web?
- N changed http URL from:
- N http://www.transarc.com/Product/AFS/FAQ/faq.html
- N to http://www.angelfire.com/hi/plutonic/afs-faq.html
-