Index: openafs/doc/man-pages/README diff -c openafs/doc/man-pages/README:1.8.2.5 openafs/doc/man-pages/README:1.8.2.11 *** openafs/doc/man-pages/README:1.8.2.5 Sun Aug 5 19:41:53 2007 --- openafs/doc/man-pages/README Sun Aug 19 18:20:43 2007 *************** *** 185,190 **** --- 185,195 ---- the bug number so that I'm aware of it, as I don't always notice new bugs. + You can test your new POD documentation by running the check-pod script + in this directory with "prove check-pod". (And check other people's + documentation and find any problems that have crept in.) You will need + to have Test::Pod installed. + Known Problems The current man pages have the following known deficiencies. Please *************** *** 193,215 **** * The following installed commands have no man pages: - bos_util copyauth - flushall (Windows only) - fs getcalleraccess fs rxstatpeer fs rxstatproc fs setcbaddr kseal - pts interactive - pts quit - pts sleep - pts source read_tape restorevol rmtsysd vldb_convert - vos changeloc vos clone vos convertROtoRW vos copy --- 198,212 ---- *************** *** 230,235 **** --- 227,235 ---- * bos listkeys and the KeyFile man page assume that you're using the kaserver. + * bos addkey should be marked deprecated in favor of using asetkey with + a keytab. + * I'm fairly sure that the fileserver man page no longer documents all of the fileserver options. Index: openafs/doc/man-pages/check-pod diff -c /dev/null openafs/doc/man-pages/check-pod:1.1.2.3 *** /dev/null Thu Aug 23 22:27:08 2007 --- openafs/doc/man-pages/check-pod Sun Aug 19 18:20:43 2007 *************** *** 0 **** --- 1,17 ---- + #!/usr/bin/perl + # + # Written by Jason Edgecombe based on the Test::Pod documentation. The + # best way to run it is to run: + # + # prove check-pod + # + # from the doc/man-pages directory, which will show any errors found in + # any of the POD files. + + use strict; + use Test::More; + eval "use Test::Pod 1.00"; + + plan skip_all => "Test::Pod 1.00 required for testing POD" if $@; + my @poddirs = qw( pod1 pod5 pod8 ); + all_pod_files_ok( all_pod_files( @poddirs ) ); Index: openafs/doc/man-pages/pod1/fs.pod diff -c openafs/doc/man-pages/pod1/fs.pod:1.4.2.2 openafs/doc/man-pages/pod1/fs.pod:1.4.2.3 *** openafs/doc/man-pages/pod1/fs.pod:1.4.2.2 Sun Aug 5 19:38:43 2007 --- openafs/doc/man-pages/pod1/fs.pod Fri Aug 17 21:55:32 2007 *************** *** 34,39 **** --- 34,40 ---- Commands to administer access control lists (ACLs): L|fs_cleanacl(1)>, L|fs_copyacl(1)>, + L|fs_getcalleraccess(1)>, L|fs_listacl(1)>, and L|fs_setacl(1)>. *************** *** 55,60 **** --- 56,62 ---- Commands to administer the local client cache and related information: L|fs_checkvolumes(1)>, L|fs_flush(1)>, + L|fs_flushall(1)>, L|fs_flushvolume(1)>, L|fs_getcacheparms(1)>, L|fs_listaliases(1)>, *************** *** 185,193 **** --- 187,197 ---- L, L, L, + L, L, L, L, + L, L, L, L, Index: openafs/doc/man-pages/pod1/fs_flushall.pod diff -c /dev/null openafs/doc/man-pages/pod1/fs_flushall.pod:1.1.2.2 *** /dev/null Thu Aug 23 22:27:09 2007 --- openafs/doc/man-pages/pod1/fs_flushall.pod Fri Aug 17 21:55:33 2007 *************** *** 0 **** --- 1,62 ---- + =head1 NAME + + fs flushall - Force the AFS Cache Manager to discard all data + + =head1 SYNOPSIS + + =for html +
+ + B [B<-help>] + + B [B<-h>] + + =for html +
+ + =head1 DESCRIPTION + + The B command flushes all data from the AFS cache. + + =head1 CAUTIONS + + This command is only available on Windows. + + =head1 OPTIONS + + =over 4 + + =item B<-help> + + Prints the online help for this command. + + =back + + =head1 OUTPUT + + This command has no output. + + =head1 EXAMPLES + + Aside from the help, there is only one way to run B, which is + as follows: + + % fs flushall + % + + =head1 PRIVILEGE REQUIRED + + No special privileges are required for this command. + + =head1 SEE ALSO + + L, + L, + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/fs_getcalleraccess.pod diff -c /dev/null openafs/doc/man-pages/pod1/fs_getcalleraccess.pod:1.1.2.2 *** /dev/null Thu Aug 23 22:27:09 2007 --- openafs/doc/man-pages/pod1/fs_getcalleraccess.pod Fri Aug 17 21:55:33 2007 *************** *** 0 **** --- 1,73 ---- + =head1 NAME + + fs getcalleraccess - Show the current user's access to a file or directory + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-path> >+] >>> [B<-help>] + + B S<<< [B<-p> >] >>> [B<-h>] + + =for html +
+ + =head1 DESCRIPTION + + The B command displays the access that the current + user has to the specified path using the same representation as B. + + =head1 OPTIONS + + =over 4 + + =item B<-help> + + Prints the online help for this command. All other valid options are + ignored. + + =item B<-path> >+ + + The B<-path> option specifies the path on which to operate. B<-path> may + be omitted. If this option isn't given, the default is to act on the + current directory. + + =back + + =head1 OUTPUT + + For each path, B outputs a line like: + + Callers access to is + + where is the path on which it is operating and is an + ACL string in the same format as is returned by B. See + L for more information about AFS ACL strings. + + =head1 EXAMPLES + + The following command shows the current user's access to the path + F, which is read and lookup access. + + % fs getcalleraccess /afs/openafs.org + Callers access to /afs/openafs.org is rl + % + + =head1 PRIVILEGE REQUIRED + + No special privileges are required for this command. + + =head1 SEE ALSO + + L, + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/fs_getcrypt.pod diff -c openafs/doc/man-pages/pod1/fs_getcrypt.pod:1.3.4.4 openafs/doc/man-pages/pod1/fs_getcrypt.pod:1.3.4.5 *** openafs/doc/man-pages/pod1/fs_getcrypt.pod:1.3.4.4 Sun Aug 5 19:38:43 2007 --- openafs/doc/man-pages/pod1/fs_getcrypt.pod Fri Aug 17 21:46:25 2007 *************** *** 58,65 **** % fs getcrypt - =back - =head1 PRIVILEGE REQUIRED No special priviledges are required for this command. --- 58,63 ---- Index: openafs/doc/man-pages/pod1/fs_listaliases.pod diff -c openafs/doc/man-pages/pod1/fs_listaliases.pod:1.2.4.3 openafs/doc/man-pages/pod1/fs_listaliases.pod:1.2.4.4 *** openafs/doc/man-pages/pod1/fs_listaliases.pod:1.2.4.3 Sun Aug 5 19:38:43 2007 --- openafs/doc/man-pages/pod1/fs_listaliases.pod Fri Aug 17 21:46:25 2007 *************** *** 43,50 **** % fs listaliases - =back - =head1 PRIVILEGE REQUIRED No special priviledges are required for this command. --- 43,48 ---- Index: openafs/doc/man-pages/pod1/pts.pod diff -c openafs/doc/man-pages/pod1/pts.pod:1.2 openafs/doc/man-pages/pod1/pts.pod:1.2.6.1 *** openafs/doc/man-pages/pod1/pts.pod:1.2 Fri Dec 9 08:26:31 2005 --- openafs/doc/man-pages/pod1/pts.pod Fri Aug 17 21:46:25 2007 *************** *** 52,57 **** --- 52,66 ---- =item * + Commands to run commands interactively: B, B, and B. + + =item * + + A command to run commands from a file: B. + + =item * + Commands to obtain help: B and B. =back *************** *** 136,149 **** L, L, L, L, L, L, L, L, L, L, ! L =head1 COPYRIGHT --- 145,162 ---- L, L, L, + L, L, L, L, L, + L, L, L, L, ! L, ! L, ! L =head1 COPYRIGHT Index: openafs/doc/man-pages/pod1/pts_interactive.pod diff -c /dev/null openafs/doc/man-pages/pod1/pts_interactive.pod:1.2.4.2 *** /dev/null Thu Aug 23 22:27:09 2007 --- openafs/doc/man-pages/pod1/pts_interactive.pod Fri Aug 17 22:50:20 2007 *************** *** 0 **** --- 1,119 ---- + =head1 NAME + + pts interactive - Enters interactive mode + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-cell>] > >>> [B<-noauth>] + [B<-force>] + + B S<<< [B<-c>] > >>> [B<-n>] [B<-f>] + + =for html +
+ + =head1 DESCRIPTION + + The B command allows the user to enter an interactive + mode, useful for running bulk commands like creating new users or groups. + + =head1 CAUTIONS + + Prior to OpenAFS 1.4.5 and OpenAFS 1.5.23, the B command + was only available on Unix or Linux and when OpenAFS was compiled with the + supergroups option (disabled by default). As of OpenAFS 1.4.5 and 1.5.23, + it is always available. + + Running bulk B commands may degrade the performance of the Protection + Server while they are run and server resources may not be released + immediately after commands are run. The B command can be used + in interactive mode or with B to give the Protection Server a + change to catch up. + + =head1 OPTIONS + + B only takes the standard B options. + + =over 4 + + =item B<-cell> > + + Names the cell in which to run the command. For more details, see + L. + + =item B<-force> + + Enables the command to continue executing as far as possible when errors + or other problems occur, rather than halting execution at the first error. + This is useful for bulk operations where you would like to continue even + if one of many operations fails. + + =item B<-noauth> + + Assigns the unprivileged identity anonymous to the issuer. For more + details, see L. + + =back + + =head1 OUTPUT + + The output is the same as if each individual command were run from the + command line. + + =head1 EXAMPLES + + Here is an example of a B session: + + % pts interactive + pts> examine admin + Name: admin, id: 1, owner: system:administrators, creator: anonymous, + membership: 2, flags: S----, group quota: 20. + pts> help + pts: Commands are: + adduser add a user to a group + apropos search by help text + chown change ownership of a group + creategroup create a new group + createuser create a new user + delete delete a user or group from database + examine examine an entry + help get help on commands + interactive enter interactive mode + listentries list users/groups in the protection database + listmax list max id + listowned list groups owned by an entry or zero id gets orphaned groups + membership list membership of a user or group + quit exit program + removeuser remove a user from a group + rename rename user or group + setfields set fields for an entry + setmax set max id + sleep pause for a bit + source read commands from file + pts> quit + % + + =head1 PRIVILEGE REQUIRED + + The same privilege is required to run the command in interactive mode as + is required to run the command by itself on the command line. Some + commands such as B require that the user belong to the + system:administrators group, while others do not. + + =head1 SEE ALSO + + L, + L, + L, + L, + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/pts_quit.pod diff -c /dev/null openafs/doc/man-pages/pod1/pts_quit.pod:1.1.2.2 *** /dev/null Thu Aug 23 22:27:09 2007 --- openafs/doc/man-pages/pod1/pts_quit.pod Fri Aug 17 21:46:25 2007 *************** *** 0 **** --- 1,76 ---- + =head1 NAME + + pts quit - Exit from pts interactive mode + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-cell>] > >>> [B<-noauth>] [B<-force>] + + B S<<< [B<-c>] > >>> [B<-n>] [B<-f>] + + =for html +
+ + =head1 DESCRIPTION + + The B command exits from B mode. The command + can be run from the command line or interactively, but on the command line + it does nothing and is therefore of questionable utility. + + =head1 CAUTIONS + + Prior to OpenAFS 1.4.5 and OpenAFS 1.5.23, the B command was + only available on Unix or Linux and when OpenAFS was compiled with the + supergroups option (disabled by default). As of OpenAFS 1.4.5 and 1.5.23, + it is always available. + + =head1 OPTIONS + + Although they have no effect, B takes the following standard + B options: + + =over 4 + + =item B<-cell> > + + Names the cell in which to run the command. For more details, see + L. + + =item B<-force> + + Enables the command to continue executing as far as possible when errors + or other problems occur, rather than halting execution at the first error. + + =item B<-noauth> + + Assigns the unprivileged identity anonymous to the issuer. For more + details, see L. + + =back + + =head1 OUTPUT + + This command produces no output. + + =head1 EXAMPLES + + Here is an example of a B session: + + % pts interactive + pts> quit + % + + =head1 SEE ALSO + + L, + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/pts_sleep.pod diff -c /dev/null openafs/doc/man-pages/pod1/pts_sleep.pod:1.2.4.2 *** /dev/null Thu Aug 23 22:27:09 2007 --- openafs/doc/man-pages/pod1/pts_sleep.pod Fri Aug 17 22:50:20 2007 *************** *** 0 **** --- 1,81 ---- + =head1 NAME + + pts sleep - Pauses for a few seconds + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-delay>] > >>> + S<<< [B<-cell>] > >>> [B<-noauth>] [B<-force>] + + B S<<< [B<-d>] > >>> S<<< [B<-c>] > >>> + [B<-n>] [B<-f>] + + =for html +
+ + =head1 DESCRIPTION + + The B pauses for a specified number of seconds. The command can + be run from the command line or interactively, although from the command + line it's essentially equivalent to the B command. It is intended + for use in interactive mode to pause for a few seconds between batch + commands to allow the Protection Server to catch up. + + =head1 CAUTIONS + + Prior to OpenAFS 1.4.5 and OpenAFS 1.5.23, the B command was + only available on Unix or Linux and when OpenAFS was compiled with the + supergroups option (disabled by default). As of OpenAFS 1.4.5 and 1.5.23, + it is always available. + + =head1 OPTIONS + + Although they have no effect, B takes the following standard + B options: + + =over 4 + + =item B<-cell> > + + Names the cell in which to run the command. For more details, see + L. + + =item B<-force> + + Enables the command to continue executing as far as possible when errors + or other problems occur, rather than halting execution at the first error. + + =item B<-noauth> + + Assigns the unprivileged identity anonymous to the issuer. For more + details, see L. + + =back + + =head1 OUTPUT + + This command produces no output. + + =head1 EXAMPLES + + Here is an example of a B session: + + % pts interactive + pts> sleep 5 + pts> quit + % + + =head1 SEE ALSO + + L, + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/pts_source.pod diff -c /dev/null openafs/doc/man-pages/pod1/pts_source.pod:1.3.4.2 *** /dev/null Thu Aug 23 22:27:09 2007 --- openafs/doc/man-pages/pod1/pts_source.pod Fri Aug 17 22:50:20 2007 *************** *** 0 **** --- 1,90 ---- + =head1 NAME + + pts source - Read pts commands from a file + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-file>] > >>> S<<< [B<-cell>] > >>> + [B<-noauth>] [B<-force>] + + B S<<< [B<-f>] > >>> S<<< [B<-c>] > >>> + [B<-n>] [B<-f>] + + =for html +
+ + =head1 DESCRIPTION + + The B runs commands from a file as if they were typed in B mode. The command can be run from the command line or + interactively. + + =head1 CAUTIONS + + Prior to OpenAFS 1.4.5 and OpenAFS 1.5.23, the B command was + only available on Unix or Linux and when OpenAFS was compiled with the + supergroups option (disabled by default). As of OpenAFS 1.4.5 and 1.5.23, + it is always available. + + =head1 OPTIONS + + B takes the following options: + + =over 4 + + =item B<-cell> > + + Names the cell in which to run the command. For more details, see + L. + + =item B<-file> > + + Specifies the filename from which to read commands. + + =item B<-force> + + Enables the command to continue executing as far as possible when errors + or other problems occur, rather than halting execution at the first error. + This is useful for bulk operations where you would like to continue even + if one of many operations fails. + + =item B<-noauth> + + Assigns the unprivileged identity anonymous to the issuer. For more + details, see L. + + =back + + =head1 OUTPUT + + This command shows the output of each comand in the file as if it were + run normally. + + =head1 EXAMPLES + + Here is an example of using B in a B session: + + % echo examine admin > /tmp/commands.txt + % pts interactive + pts> source /tmp/commands.txt + Name: admin, id: 1, owner: system:administrators, creator: anonymous, + membership: 2, flags: S----, group quota: 20. + pts> quit + % + + =head1 SEE ALSO + + L, + L, + L, + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/vos.pod diff -c openafs/doc/man-pages/pod1/vos.pod:1.3.6.1 openafs/doc/man-pages/pod1/vos.pod:1.3.6.2 *** openafs/doc/man-pages/pod1/vos.pod:1.3.6.1 Sun Aug 5 19:41:54 2007 --- openafs/doc/man-pages/pod1/vos.pod Fri Aug 17 22:36:20 2007 *************** *** 41,47 **** =item * Commands to create, move, and rename volumes: B, B, B, B, and B. =item * --- 41,48 ---- =item * Commands to create, move, and rename volumes: B, B, B, B, B, and B. =item * *************** *** 236,241 **** --- 237,243 ---- L, L, L, + L, L, L, L, Index: openafs/doc/man-pages/pod1/vos_backupsys.pod diff -c openafs/doc/man-pages/pod1/vos_backupsys.pod:1.5 openafs/doc/man-pages/pod1/vos_backupsys.pod:1.5.2.1 *** openafs/doc/man-pages/pod1/vos_backupsys.pod:1.5 Wed Mar 1 00:02:30 2006 --- openafs/doc/man-pages/pod1/vos_backupsys.pod Fri Aug 17 21:46:26 2007 *************** *** 109,115 **** -prefix '^.*aix' ! =back 4 To display a list of the volumes to be cloned, without actually cloning them, include the B<-dryrun> flag. To display a statement that summarizes --- 109,115 ---- -prefix '^.*aix' ! =back To display a list of the volumes to be cloned, without actually cloning them, include the B<-dryrun> flag. To display a statement that summarizes Index: openafs/doc/man-pages/pod1/vos_changeloc.pod diff -c /dev/null openafs/doc/man-pages/pod1/vos_changeloc.pod:1.1.2.3 *** /dev/null Thu Aug 23 22:27:09 2007 --- openafs/doc/man-pages/pod1/vos_changeloc.pod Sun Aug 19 18:20:46 2007 *************** *** 0 **** --- 1,150 ---- + =head1 NAME + + vos changeloc - Change a volume's entry in the VLDB + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-server>] > >>> + S<<< [B<-partition>] > >>> + S<<< [B<-id>] > >>> + S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] + [B<-verbose>] [B<-encrypt>] [B<-help>] + + B S<<< [B<-s>] > >>> + S<<< [B<-p>] > >>> + S<<< [B<-i>] > >>> + S<<< [B<-c> >] >>> [B<-n>] [B<-l>] [B<-v>] [B<-e>] [B<-h>] + + =for html +
+ + =head1 DESCRIPTION + + The B command changes the location of a volume in the + Volume Location Database (VLDB) without needing to contact the original + file server on which the volume was hosted. This is useful when a file + server has gone down permanently and the data that was stored on that + server has been moved to a new file server with a different name and IP + address (perhaps by mounting the same /vicepX partitions on a different + host). After moving the data and running B, run B and then B against the new server to ensure full + synchronization of the VLDB with the file server. + + In essence, B performs the same operations on the VLDB as + B, but it does NOT move the data from one server's file system + to another. + + =head1 CAUTIONS + + Using B changes the VLDB without modifying the file server + data, so it inherently causes the VLDB to be out of sync with the data on + the servers. It should only be used when recovering from server failure. + If the servers are on-line, B should be used instead. It is + highly recommended that B and B be run after + using the B command to ensure properly synchronization of + the VLDB with the file servers. + + =head1 OPTIONS + + B takes the following options: + + =over 4 + + =item B<-server> > + + Specifies the new server where the VLDB should believe the volume resides. + Provide the machine's IP address or its host name (either fully qualified + or using an unambiguous abbreviation). For details, see L. + + =item B<-partition> > + + Specifies the partition where the VLDB should believe the volume resides. + entries. Provide the B<-server> argument along with this one. Provide the + partition's complete name with preceding slash (for example, C) + or use one of the three acceptable abbreviated forms. For details, see + L. + + =item B<-id> > + + Specifies the name or volume ID number on which to operate. + + =item B<-cell> > + + Names the cell in which to run the command. Do not combine this argument + with the B<-localauth> flag. For more details, see L. + + =item B<-noauth> + + Assigns the unprivileged identity C to the issuer. Do not + combine this flag with the B<-localauth> flag. For more details, see + L. + + =item B<-localauth> + + Constructs a server ticket using a key from the local + F file. The B command interpreter presents it + to the Volume Server and Volume Location Server during mutual + authentication. Do not combine this flag with the B<-cell> argument or + B<-noauth> flag. For more details, see L. + + =item B<-verbose> + + Produces on the standard output stream a detailed trace of the command's + execution. If this argument is omitted, only warnings and error messages + appear. + + =item B<-encrypt> + + Encrypts the commands that are sent to the server. + + =item B<-help> + + Prints the online help for this command. All other valid options are + ignored. + + =back + + =head1 OUTPUT + + B shows a brief message upon completion: + + Changed location to server2 /vicepa for volume user.jdoe + + =head1 EXAMPLES + + The following command changes the location of the C volume to + be F on the file server machine C while being verbose: + + % vos changeloc server2 a user.jdoe -verbose + done + Changed location to server2 /vicepa for volume user.jdoe + + The following command changes the location of the C volume to + be F on C without being verbose: + + % vos changeloc server1 a user.jdoe + Changed location to server1 /vicepa for volume user.jdoe + + =head1 PRIVILEGE REQUIRED + + The issuer must be listed in the F file on each + database server machine. If the B<-localauth> flag is included, the issuer + must instead be logged on to a server machine as the local superuser + C. + + =head1 SEE ALSO + + L, + L, + L, + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/vos_size.pod diff -c openafs/doc/man-pages/pod1/vos_size.pod:1.1.4.2 openafs/doc/man-pages/pod1/vos_size.pod:1.1.4.3 *** openafs/doc/man-pages/pod1/vos_size.pod:1.1.4.2 Sun Aug 5 19:41:55 2007 --- openafs/doc/man-pages/pod1/vos_size.pod Fri Aug 17 21:46:26 2007 *************** *** 125,132 **** Volume: user.thoron dump_size: 21095 - =back - =head1 PRIVILEGE REQUIRED The issuer must be listed in the F file on the --- 125,130 ---- Index: openafs/doc/man-pages/pod8/bos_util.pod diff -c /dev/null openafs/doc/man-pages/pod8/bos_util.pod:1.1.2.2 *** /dev/null Thu Aug 23 22:27:09 2007 --- openafs/doc/man-pages/pod8/bos_util.pod Fri Aug 17 21:50:37 2007 *************** *** 0 **** --- 1,118 ---- + =head1 NAME + + bos_util - Manipulate the AFS server Keyfile + + =head1 SYNOPSIS + + =for html +
+ + B add > + + B adddes > + + B delete > + + B list + + =for html +
+ + =head1 DESCRIPTION + + The B command manipulates the AFS server B. It can take + a password from standard input, convert it to a key, and add it to the + F; list the keys in the F; or remove a key from thet + F. It is very similar in function to B, but B + works with keytab files wheras B works with passwords directly. + + B expects one of the following subcommands: + + =over 4 + + =item add > + + Add a key with key version > to the F using a password + from standard input. This command uses the normal AFS password salt + algorithm to generate the key (equivalent to the des-cbc-crc:afs3 enctype + in Kerberos v5). This command is basically equivalent to B. + + =item adddes > + + Add a key with key version > to the B using a password + from standard input. This command does not salt the password when + generating the key (equivalent to the des-cbc-crc:v4 enctype in Kerberos + v5). + + Since this command applies no salt to the password, it can be used as a + last resort for generating a DES key with a salt algorithm that other + utilities don't know how to use by giving this command the pre-salted + password. This can be useful when, for example, using Microsoft Active + Directory as the Kerberos KDC, since Active Directory uses a different + salt algorithm for service principals than most Unix Kerberos + implementations. The best approach, however, is to find a way to generate + a keytab and then use B. + + =item delete > + + Delete the key with the specified key version from the F. This + command is equivalent to B or B. + + =item list + + List the keys in the F. This command is equivalent to B or B. + + =back + + The B command does not use the normal AFS option parsing library + and its subcommands cannot be abbreviated. + + =head1 CAUTIONS + + B is intended for use with a Kerberos v4 environment and + therefore is mostly obsolete. Normally, rather than using this command, + you will want to use B to create a keytab (perhaps with its + B command) and then use B as normal. B only + supports the AFS password salt algorithm and no password salt algorithm + and therefore may not produce the same key from a given password as + Kerberos v5 utilities unless one is careful to use that same salt + algorithm when creating the key in the KDC. + + Creating an AFS key with a known password and then using B or + B to add that key to the F is not recommended. + Human-created passwords are usually not as strong as a random key + generated using a good entropy source, such as with the B<-randkey> option + to the MIT Kerberos v5 B command or the equivalent in other + Kerberos v5 implementations. The security of AFS depends on the strength + of the AFS service key; it should therefore be as random as possible. + + It is imperative that the key version number (kvno) given matches the kvno + on the Kerberos server. If it doesn't, users won't be able to + authenticate. The key generated by B must also match the + internal representation on the Kerberos server including the salt. + + =head1 OPTIONS + + B takes no options. + + =head1 PRIVILEGE REQUIRED + + The issuer must be logged onto a file server machine as the local + superuser C. + + =head1 SEE ALSO + + L, + L, + L, + L, + kadmin(8), + ktutil(8) + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. + This man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod8/ka-forwarder.pod diff -c /dev/null openafs/doc/man-pages/pod8/ka-forwarder.pod:1.1.10.2 *** /dev/null Thu Aug 23 22:27:09 2007 --- openafs/doc/man-pages/pod8/ka-forwarder.pod Sun Aug 19 18:15:28 2007 *************** *** 0 **** --- 1,85 ---- + =head1 NAME + + ka-forwarder - Forward AFS Authentication Server requests to another server + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-p> >] >>> >[/>] [...] + + =for html +
+ + =head1 DESCRIPTION + + B listens for requests for an AFS Authentication Server and + forwards them to a remove B server. B is a server that + answers AFS Authentication Server protocol requests using a regular + Kerberos KDC and is provided with some Kerberos 5 implementations. + B has to run on the same host as the Kerberos KDC, however, and + AFS clients send all native AFS authentication requests to the AFS + database servers. If you don't want to run your Kerberos KDCs and your + AFS database servers on the same host, run B on the AFS + database servers and point it to B running on the Kerberos KDCs. + + B takes one or more servers to which to forward the + requests. The default port on the remote server to which to forward the + command is 7004, but a different port can be specified by following the + server name with a slash (C) and the port number. If multiple servers + are given, B will send queries to each server in turn in a + round-robin fashion. + + =head1 CAUTIONS + + Due to the way that B distinguishes from client requests and + server responses, any messages from one of the servers to which + B is forwarding will be considered a reply rather than a + command and will not be forwarded. This means that the servers running + B will not be able to use native AFS authentication requests and + rely on B to send the requests to the right server. + + B does not background itself. It should either be run in + the background via the shell, or run via the Basic OverSeer Server (see + L). + + =head1 OPTIONS + + =over 4 + + =item B<-p> > + + By default, B listens to the standard AFS Authentication + Server port (7004). To listen to a different port, specify it with the + B<-p> option. + + =back + + =head1 EXAMPLES + + Forward AFS Authentication Server reqests to the B servers on + kdc1.example.com and kdc2.example.com: + + % ka-forwarder kdc1.example.com kdc2.example.com & + + Note the C<&> to tell the shell to run this command in the background. + + =head1 PRIVILEGE REQUIRED + + B only has to listen to port 7004 and therefore does not + require any special privileges unless a privileged port is specified with + the B<-p> option. + + =head1 SEE ALSO + + L, + fakeka(8), + L + + =head1 COPYRIGHT + + Copyright 2006 Russ Allbery + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Russ Allbery for OpenAFS. Index: openafs/doc/man-pages/pod8/pt_util.pod diff -c /dev/null openafs/doc/man-pages/pod8/pt_util.pod:1.1.8.2 *** /dev/null Thu Aug 23 22:27:09 2007 --- openafs/doc/man-pages/pod8/pt_util.pod Mon Aug 20 01:39:53 2007 *************** *** 0 **** --- 1,187 ---- + =head1 NAME + + pt_util - Load or dump a Protection Server database + + =head1 SYNOPSIS + + =for html +
+ + B + S<<< [B<-w>] >>> S<<< [B<-user>] >>> S<<< [B<-group>] >>> + S<<< [B<-members>] >>> S<<< [B<-name>] >>> S<<< [B<-system>] >>> + S<<< [B<-xtra>] >>> S<<< [B<-prdb> >] >>> + S<<< [B<-datafile> >] >>> S<<< [B<-help>] >>> + + =for html +
+ + =head1 DESCRIPTION + + The B command can be used to load or dump the protection + database. It should only be used when B is not running. + + The most likely reason to use it is to initialize the protection database + when bringing up a new cell. The current syntax for this, presented + below, needs improvement. B can also be used when problems are + suspected with the database. It can be used to dump the database or + portions thereof, in several different ways, and to reload it. + + The textual representation of the database has the following form: + For users, + + name flags/quota viceid ownerid creatorid + + For groups, + + name flags/quota viceid ownerid creatorid + a-username a-user-viceid + + The second line is repeated for each member of the group. When reading + the database, membership is not reported unless B<-members> is also + included. + + =head1 OPTIONS + + If you don't specify any options, the only thing you'll learn is the ubik + database epoch and version. + + =over 4 + + =item B<-w> + + Write to the protection database instead of reading. Only the file + arguments make sense in combination with this argument. + + =item B<-user> + + When reading, display users. + + =item B<-group> + + When reading, display groups (but not necessarily members). + + =item B<-members> + + When reading, display groups and also group members. + + =item B<-name> + + When reading, + follow name hashes, instead of id hashes. + This may print different information if the database was corrupted. + Otherwise, it should print exactly the same information, except + in a different order. + + =item B<-system> + + When reading, display system data, or more precisely, do not display + entries with a viced <= -32768 or >= +97537. + + =item B<-xtra> + + When reading, display extra users and groups, or more precisely, do not + display entries that are in the range -32767...+97536 inclusive. + + =item B<-prdb> > + + Specifies the complete pathname of the file in which the Protection + Database resides. Provide the complete name, including the ending + F<.DB0>. + + =item B<-datafile> > + + Specify the file to which to dump (or B<-w> from which to read) textual + database records. + + =back + + =head1 CAUTIONS + + The file dump format does not include supergroup information, so should + not be used if you have and are using groups within groups. + + In all cases, entry timestamps and other information is also not + preserved. + + The epoch and version are reported on standard error. On little-endian + machines, they'll be byte swapped, so may be very random. + + =head1 EXAMPLES + + The following example shows how to initialize the database from scratch. + + Before you do this, make sure B is not running. If you have + multiple database servers, make sure F does not exist on any + server machine. + + Now, type this in EXACTLY, including the leading space on the line + indicated. But do use Control-D at the end, not up-arrow D. + + pt_util -w + admin 128/20 1 -204 -204 + system:administrators 130/20 -204 -204 -204 + admin 1 + ^D + + You will see this: + + # pt_util -w + pt_util: /usr/afs/db/prdb.DB0: Bad UBIK_MAGIC. Is 0 should be 354545 + Ubik Version is: 2.0 + admin 128/20 1 -204 -204 + system:administrators 130/20 -204 -204 -204 + Error while creating system:administrators: Entry for id already exists + admin 1 + pt_util: Ubik Version number changed during execution. + Old Version = 2.0, new version = 33554432.0 + # + + To make a complete copy of the database, + + # pt_util -user -members -datafile /tmp/out + + To load from the complete copy, + + # pt_util -w -datafile /tmp/out + + Don't do this until you read cautions, above. + + =head1 PRIVILEGE REQUIRED + + The issuer must be logged in as the superuser C on a file server + machine to use B. + + =head1 SEE ALSO + + L, + L + + =head1 COPYRIGHT + + The following copyright covers this documentation: + + Copyright (c) 2005 The Regents of the University of Michigan. ALL RIGHTS + RESERVED. + + Permission is granted to use, copy, create derivative works and + redistribute this software and such derivative works for any purpose, so + long as the name of the University of Michigan is not used in any + advertising or publicity pertaining to the use or distribution of this + software without specific, written prior authorization. If the above + copyright notice or any other identification of the University of Michigan + is included in any copy of any portion of this software, then the + disclaimer below must also be included. + + This software is provided as is, without representation from the + University of Michigan as to its fitness for any purpose, and without + warranty by the University of Michigan of any kind, either express or + implied, including without limitation the implied warranties of + merchantability and fitness for a particular purpose. The regents of the + University of Michigan shall not be liable for any damages, including + special, indirect, incidental, or consequential damages, with respect to + any claim arising out of or in connection with the use of the software, + even if it has been or is hereafter advised of the possibility of such + damages. + + =cut Index: openafs/doc/txt/winnotes/afs-changes-since-1.2.txt diff -c openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.72.2.31 openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.72.2.32 *** openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.72.2.31 Thu Aug 9 18:31:47 2007 --- openafs/doc/txt/winnotes/afs-changes-since-1.2.txt Thu Aug 23 13:23:11 2007 *************** *** 1,3 **** --- 1,40 ---- + Since 1.5.22 + + * A new registry value, "BlockSize", can now be used to adjust + the size of the internal buffers used to store file data. + The default is 4KB. When set, the values 1..1024 specify + multiples of 4KB. Values > 1024 specify actual block sizes + and must be multiples of 4KB. The actual block size in KB + can not be larger than the chunk size which defaults to 1MB. + + HKLM\SYSTEM\CurrentControlSet\Services\TransarcAfsDaemon\Parameters + (DWORD) BlockSize + + * pts.exe and ptserver.exe built with -DSUPERGROUPS + + * Service Manager shutdown hints have been added. The hint + specifies that it may take the AFS client service up to two + minutes to shutdown. + + * Fix the recursion detection feature introduced in 1.5.22. + The previous implementation broke the evaluation of paths + using ../path or ./path. It also broke the evaluation of + symlinks to absolute paths. For example, /afs/cell/path. + + * Fix an uninitialized variable in cm_MakeDir that could result + in crash if the requested directory could not be created. + + * Fix a the VolumeStatusNotification log messages to save + the input string in the circular log buffer so garbarge + won't be output to afsd.log when the log is dumped. + + + * Increase the SMB Maximum Path length to 260 characters + from 256 as that is what CIFS supports. + + * On 64-bit Windows, use a unique description string for + the 32-bit AFS Shell Extension. + Since 1.5.21 * In the AFS Admin Library, replaced all of the Index: openafs/doc/txt/winnotes/afs-issues.txt diff -c openafs/doc/txt/winnotes/afs-issues.txt:1.28.2.6 openafs/doc/txt/winnotes/afs-issues.txt:1.28.2.7 *** openafs/doc/txt/winnotes/afs-issues.txt:1.28.2.6 Thu Aug 9 18:31:47 2007 --- openafs/doc/txt/winnotes/afs-issues.txt Thu Aug 23 13:23:11 2007 *************** *** 1,4 **** ! This file is a rough list of known issues with the 1.5.22 release of OpenAFS on Windows. This list is not complete. There are probably other issues which can be found in the RT database or on the mailing list. --- 1,4 ---- ! This file is a rough list of known issues with the 1.5.23 release of OpenAFS on Windows. This list is not complete. There are probably other issues which can be found in the RT database or on the mailing list.