Index: openafs/doc/man-pages/README diff -c openafs/doc/man-pages/README:1.8 openafs/doc/man-pages/README:1.8.2.5 *** openafs/doc/man-pages/README:1.8 Thu Mar 23 00:41:02 2006 --- openafs/doc/man-pages/README Sun Aug 5 19:41:53 2007 *************** *** 123,129 **** References to functions should be noted like function() with the trailing parens. The POD converters know how to format these sorts of references appropriately. References to other sections in the same page ! should be given as L
. Command and output examples should be indented three spaces. Commands entered by the user should be given on a line beginning with %. If the --- 123,133 ---- References to functions should be noted like function() with the trailing parens. The POD converters know how to format these sorts of references appropriately. References to other sections in the same page ! should be given as L
. Man pages for all other AFS commands or ! file formats referenced in the page should be listed in the SYNOPSIS. ! List each reference on its own line for easier addition of other ! references later, but don't put blank lines between them. Don't forget ! the commas at the end of each line but the last. Command and output examples should be indented three spaces. Commands entered by the user should be given on a line beginning with %. If the *************** *** 191,204 **** bos_util copyauth fs getcalleraccess - fs getcrypt - fs listaliases - fs newalias fs rxstatpeer fs rxstatproc fs setcbaddr - fs setcrypt kseal pts interactive pts quit --- 195,205 ---- bos_util copyauth + flushall (Windows only) fs getcalleraccess fs rxstatpeer fs rxstatproc fs setcbaddr kseal pts interactive pts quit *************** *** 213,225 **** vos convertROtoRW vos copy vos shadow - vos size vsys - * The following configuration files have no man pages: - - CellAlias - * klog.krb, pagsh.krb, and tokens.krb need to be listed as alternative names in the NAME line of the non-.krb man pages, links should be installed on man page installation, and the behavior of pagsh.krb --- 214,221 ---- *************** *** 231,242 **** * fs sysname documentation needs to include the possibility of setting multiple sysnames and the resulting behavior. - * The afsd man page is horribly out of date. It doesn't explain - dynroot, many options are missing, and some of the options described - are no longer valid. It also still assumes that -settime is the - default and says that the system must be rebooted after shutdown, - which isn't the case at least on Linux. - * bos listkeys and the KeyFile man page assume that you're using the kaserver. --- 227,232 ---- Index: openafs/doc/man-pages/pod1/fs.pod diff -c openafs/doc/man-pages/pod1/fs.pod:1.4 openafs/doc/man-pages/pod1/fs.pod:1.4.2.2 *** openafs/doc/man-pages/pod1/fs.pod:1.4 Tue Feb 28 18:43:03 2006 --- openafs/doc/man-pages/pod1/fs.pod Sun Aug 5 19:38:43 2007 *************** *** 19,28 **** --- 19,30 ---- machines: L|fs_checkservers(1)>, L|fs_getcellstatus(1)>, + L|fs_getcrypt(1)>, L|fs_getserverprefs(1)>, L|fs_listcells(1)>, L|fs_newcell(1)>, L|fs_setcell(1)>, + L|fs_setcrypt(1)>, L|fs_setserverprefs(1)>, L|fs_sysname(1)>, and L|fs_wscell(1)>. *************** *** 55,60 **** --- 57,64 ---- L|fs_flush(1)>, L|fs_flushvolume(1)>, L|fs_getcacheparms(1)>, + L|fs_listaliases(1)>, + L|fs_newalias(1)>, and L|fs_setcachesize(1)>. =item * *************** *** 186,199 **** --- 190,206 ---- L, L, L, + L, L, L, L, + L, L, L, L, L, L, + L, L, L, L, *************** *** 201,206 **** --- 208,214 ---- L, L, L, + L, L, L, L, Index: openafs/doc/man-pages/pod1/fs_getcrypt.pod diff -c /dev/null openafs/doc/man-pages/pod1/fs_getcrypt.pod:1.3.4.4 *** /dev/null Fri Aug 10 00:27:34 2007 --- openafs/doc/man-pages/pod1/fs_getcrypt.pod Sun Aug 5 19:38:43 2007 *************** *** 0 **** --- 1,79 ---- + =head1 NAME + + fs getcrypt - Displays the state of encryption for AFS file transfers + + =head1 SYNOPSIS + + =for html +
+ + B [B<-help>] + + =for html +
+ + =head1 DESCRIPTION + + The B command shows the status of network traffic encryption + for file traffic in the AFS client. This encryption applies to file + traffic going to and coming from the AFS server for users with valid + tokens. The complement of this command is B which sets the + status of encryption on the client. + + =head1 CAUTIONS + + AFS uses an encryption scheme called fcrypt, based on but slightly weaker + than DES. Because fcrypt and DES are obsolete, the user must decide how + much to trust the encryption. Consider using a Virtual Private Network at + the IP level if better encryption is needed. + + Encrypting file traffic requires a token. Unauthenticated connections or + connections authorized via IP-based ACLs will not be encrypted even when + encryption is turned on. + + =head1 OPTIONS + + =over 4 + + =item B<-help> + + Prints the online help for this command. All other valid options are + ignored. + + =back + + =head1 OUTPUT + + If encryption is enabled, the output is: + + Security level is currently crypt (data security). + + If encryption if disabled, the output is: + + Security level is currently clear. + + =head1 EXAMPLES + + There is only one way to invoke B: + + % fs getcrypt + + =back + + =head1 PRIVILEGE REQUIRED + + No special priviledges are required for this command. + + =head1 SEE ALSO + + L + + The description of the fcrypt encryption mechanism at + L. + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/fs_listaliases.pod diff -c /dev/null openafs/doc/man-pages/pod1/fs_listaliases.pod:1.2.4.3 *** /dev/null Fri Aug 10 00:27:34 2007 --- openafs/doc/man-pages/pod1/fs_listaliases.pod Sun Aug 5 19:38:43 2007 *************** *** 0 **** --- 1,63 ---- + =head1 NAME + + fs listaliases - Displays the current list of aliases for AFS cells + + =head1 SYNOPSIS + + =for html +
+ + B [B<-help>] + + =for html +
+ + =head1 DESCRIPTION + + The B command shows the list of cell aliases currently in + effect, both from F and created using B. Cell + aliases can only be used when the using a Dynamic Root (the B<-dynroot> + option to B). + + =head1 OPTIONS + + =over 4 + + =item B<-help> + + Prints the online help for this command. All other valid options are + ignored. + + =back + + =head1 OUTPUT + + If an alias C exists for the cell C, the output + include the following line: + + Alias openafs for cell openafs.org + + =head1 EXAMPLES + + There is only one way to invoke B: + + % fs listaliases + + =back + + =head1 PRIVILEGE REQUIRED + + No special priviledges are required for this command. + + =head1 SEE ALSO + + L, + L, + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/fs_newalias.pod diff -c /dev/null openafs/doc/man-pages/pod1/fs_newalias.pod:1.1.4.2 *** /dev/null Fri Aug 10 00:27:34 2007 --- openafs/doc/man-pages/pod1/fs_newalias.pod Sun Aug 5 19:38:43 2007 *************** *** 0 **** --- 1,96 ---- + =head1 NAME + + fs newalias - Creates a new alias for a cell + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-alias>] > >>> + S<<< [B<-name>] > >>> [B<-help>] + + =for html +
+ + =head1 DESCRIPTION + + The B command is used when the AFS Cache Manager is in + Dynamic Root (B<-dynroot>) mode. It creates a symbolic link in F + from an alias to the full name of the cell. It also creates a symbolic + link from the alias prepended with C<.> to the full name of the cell + prepended with C<.>, the convention for access to the read/write version + of the C volume of that cell. + + This command is used to supplement aliases created via the F + configuration file when B starts. + + Traditionally, these aliases would be created by the local AFS + administrator by creating symbolic links in the C volume. Such + symlinks do not appear when Dynamic Root is enabled because, with Dynamic + Root, the Cache Manager does not mount or look at the C + volume. This alias capability is a replacement that allows such short + names to be created under client control. + + =head1 CAUTIONS + + Aliases created with B are only temporary and will be lost + when the AFS Cache Manager is restarted or the client machine is + rebooted. In order to make the alias permanent, it must be put into the + F file. + + There is no way to remove an alias once created without restarting the + AFS Cache Manager. + + =head1 OPTIONS + + =over 4 + + =item B<-alias> > + + This is the short name to which the user wants to map the real cell name. + + =item B<-name> > + + This is the real cell name. + + =item B<-help> + + Prints the online help for this command. All other valid options are + ignored. + + =back + + =head1 OUTPUT + + This command has no output. + + =head1 EXAMPLES + + There are two ways to call B: + + % fs newalias openafs openafs.org + % fs newalias -alias openafs -name openafs.org + + Both of the above examples create an alias C for the cell + C. Two links wil be created in F: + + /afs/openafs -> /afs/openafs.org + /afs/.openafs -> /afs/.openafs.org + + =head1 PRIVILEGE REQUIRED + + The issuer must be logged in as the local superuser root. + + =head1 SEE ALSO + + L, + L, + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/fs_setcrypt.pod diff -c /dev/null openafs/doc/man-pages/pod1/fs_setcrypt.pod:1.3.4.4 *** /dev/null Fri Aug 10 00:27:34 2007 --- openafs/doc/man-pages/pod1/fs_setcrypt.pod Sun Aug 5 19:38:43 2007 *************** *** 0 **** --- 1,98 ---- + =head1 NAME + + fs setcrypt - Enables of disables the encryption of AFS file transfers + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-crypt>] > >>> [B<-help>] + + =for html +
+ + =head1 DESCRIPTION + + The B command sets the status of network traffic encryption + for file traffic in the AFS client. This encryption applies to file + traffic going to and coming from the AFS File Server for users with valid + tokens. This command does not control the encryption used for + authentication, which uses Kerberos 5 or klog/kaserver. The complement of + this command is B, which shows the status of encryption on + the client. + + The default encryption status is enabled. + + This is a global setting and applies to all subsequent connections to an + AFS File Server from this Cache Manager. There is no way to enable or + disable encryption for specific connections. + + =head1 CAUTIONS + + AFS uses an encryption scheme called fcrypt, based on but slightly weaker + than DES, and there is currently no way to specify a different encryption + mechanism. Because fcrypt and DES are obsolete, the user must decide how + much to trust the encryption. Consider using a Virtual Private Network at + the IP level if better encryption is needed. + + Encrypting file traffic requires a token. Unauthenticated connections or + connections authorized via IP-based ACLs will not be encrypted even when + encryption is turned on. + + =head1 OPTIONS + + =over 4 + + =item B<-crypt> > + + This is the only option to B. The B<-crypt> option takes + either C or C. C enables encryption. C disables + encryption. Since this is the only option, the C<-crypt> flag may be + omitted. + + C<0> and C<1> or C and C are not supported as replacements + for C and C. + + =item B<-help> + + Prints the online help for this command. All other valid options are + ignored. + + =back + + =head1 OUTPUT + + This command produces no output other than error messages. + + =head1 EXAMPLES + + There are only four ways to invoke B. Either of: + + % fs setcrypt -crypt on + % fs setcrypt on + + will enable encryption for authenticated connections and: + + % fs setcrypt -crypt off + % fs setcrypt off + + will disable encryption. + + =head1 PRIVILEGE REQUIRED + + The issuer must be logged in as the local superuser root. + + =head1 SEE ALSO + + L + + The description of the fcrypt encryption mechanism at + L. + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/klog.pod diff -c openafs/doc/man-pages/pod1/klog.pod:1.4 openafs/doc/man-pages/pod1/klog.pod:1.4.2.1 *** openafs/doc/man-pages/pod1/klog.pod:1.4 Wed Mar 1 00:02:30 2006 --- openafs/doc/man-pages/pod1/klog.pod Fri Jul 27 14:00:25 2007 *************** *** 49,56 **** credential structure already contains a token for the requested cell, the token resulting from this command replaces it. ! Sites that employ standard Kerberos authentication instead of the AFS ! Authentication Server must use the Kerberos version of this command, B, on all client machines. It automatically places the issuer's Kerberos tickets in the file named by the KRBTKFILE environment variable, which the B command defines automatically as F> --- 49,60 ---- credential structure already contains a token for the requested cell, the token resulting from this command replaces it. ! Sites that employ Kerberos authentication instead of the AFS ! Authentication Server should normally use the combination of B and ! B instead of B. ! ! Sites using Kerberos v4 authentication (perhaps with the AFS ! Authentication Server) must use the Kerberos version of this command, B, on all client machines. It automatically places the issuer's Kerberos tickets in the file named by the KRBTKFILE environment variable, which the B command defines automatically as F> Index: openafs/doc/man-pages/pod1/vos.pod diff -c openafs/doc/man-pages/pod1/vos.pod:1.3 openafs/doc/man-pages/pod1/vos.pod:1.3.6.1 *** openafs/doc/man-pages/pod1/vos.pod:1.3 Tue Dec 20 19:41:17 2005 --- openafs/doc/man-pages/pod1/vos.pod Sun Aug 5 19:41:54 2007 *************** *** 55,61 **** =item * ! Commands to create and restore dump files: B and B. =item * --- 55,62 ---- =item * ! Commands to create, size, and restore dump files: B, B, and B. =item * *************** *** 252,257 **** --- 253,259 ---- L, L, L, + L, L, L, L, Index: openafs/doc/man-pages/pod1/vos_size.pod diff -c /dev/null openafs/doc/man-pages/pod1/vos_size.pod:1.1.4.2 *** /dev/null Fri Aug 10 00:27:35 2007 --- openafs/doc/man-pages/pod1/vos_size.pod Sun Aug 5 19:41:55 2007 *************** *** 0 **** --- 1,149 ---- + =head1 NAME + + vos size - Computes the size of a volume dump + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-cell> >] >>> [B<-dump>] + [B<-encrypt>] [B<-help>] [B<-id>] > + [B<-localauth>] [B<-noauth>] + S<<< [B<-partition> >] >>> + S<<< [B<-server> >] >>> + S<<< [B<-time> >] >>> [B<-verbose>] + + =for html +
+ + =head1 DESCRIPTION + + The B command shows the size of a volume's dump for backup + purposes. The size of the dump may differ from the volume size as reported + by B or B. The size is shown in bytes. + + This command is intended for use with backup systems that want to size + volume dumps before performing them (to optimize use of tape resources, + for example). + + =head1 OPTIONS + + =over 4 + + =item B<-cell> > + + The cell in which the volume resides, if it's not in the current cell. + + =item B<-dump> + + Show the size of the volume dump for the specified volume. Currently, this + flag should always be given for B to give useful information. + It is present to allow this command to provide other size estimates in the + future. + + =item B<-encrypt> + + Encrypt the command. + + =item B<-help> + + Prints the online help for this command. All other valid options are + ignored. + + =item B<-id> > + + Specifies either the complete name or volume ID number of the read/write, + read-only, or backup volume to size. + + =item B<-localauth> + + Constructs a server ticket using a key from the local + F file. The B command interpreter presents it + to the Volume Server and Volume Location Server during mutual + authentication. Do not combine this flag with the B<-cell> argument or + B<-noauth> flag. For more details, see L. + + =item B<-noauth> + + Assigns the unprivileged identity anonymous to the issuer. Do not combine + this flag with the B<-localauth> flag. For more details, see L. + + =item B<-partition> > + + Specifies the partition on which the volume resides. Provide the + B<-server> argument along with this one. + + =item B<-server> > + + Specifies the file server machine on which the volume resides. Provide + the B<-partition> argument along with this one. + + =item B<-time> > + + Specifies whether the dump is full or incremental. Omit this argument to + size a full dump. See L for the valid values for this + option. + + =item B<-verbose> + + Show more output about what's going on. + + =back + + =head1 OUTPUT + + When run without B<-verbose>, the output will be: + + Volume: + dump_size: + + where is the name of the volume and is the size of the + dump in bytes. With B<-verbose>, additional status messages will be + printed between those two lines. + + =head1 EXAMPLES + + Sizing a single user volume: + + % vos size user.thoron -dump + Volume: user.thoron + dump_size: 36430 + + or, more verbosely: + + % vos size user.thoron -dump -verbose + Volume: user.thoron + Starting transaction on volume 2003434023... done + Getting size of volume on volume 2003434023... done + Ending transaction on volume 2003434023... done + dump_size: 36430 + + Sizing an incremental dump for the same volume: + + % vos size -id user.thoron -time '05/04/2007 00:00:00' -dump + Volume: user.thoron + dump_size: 21095 + + =back + + =head1 PRIVILEGE REQUIRED + + The issuer must be listed in the F file on the + machine specified with the B<-server> argument or the machine on which the + volume is located if B<-server> was not given. If the B<-localauth> flag + is included, the issuer must instead be logged on to a server machine as + the local superuser C. + + =head1 SEE ALSO + + L, + L, + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version + 1.0. This man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod5/CellAlias.pod diff -c /dev/null openafs/doc/man-pages/pod5/CellAlias.pod:1.3.4.4 *** /dev/null Fri Aug 10 00:27:35 2007 --- openafs/doc/man-pages/pod5/CellAlias.pod Sun Aug 5 19:38:44 2007 *************** *** 0 **** --- 1,55 ---- + =head1 NAME + + CellAlias - Maps cell names to aliases in /afs + + =head1 DESCRIPTION + + The F file is used when the AFS Cache Manager is Dynamic Root + (B<-dynroot>) mode. It creates symbolic links in the dynamic root that + link an alias for a cell (usually a short name) to the full name for the + cell. + + The most common use of this configuration file is to allow short names for + frequently used cell names. Traditionally, such short names would be + created by the local AFS administrator by creating symbolic links in the + C volume. Such symlinks do not appear when Dynamic Root is + enabled because, with Dynamic Root, the Cache Manager does not mount or + look at the C volume. F is a replacement that allows + such short names to be created under the client control. + + If you configure a short name mapping such as C for + C, the mapping of C<.ir> to C<.ir.stanford.edu> for the + read/write version of the C volume for that cell will be + created automatically. There is no need to list that alias separately (and + it is listed separately, B will report an error on startup). + + The contents of the F file should consist of one line of two + whitespace-separated columns per alias. The first column is the real name + of the cell, and the second column is the alias that should be created. + + =head1 EXAMPLES + + The following F file: + + openafs.org openafs + uncc.edu uncc + + results in the following symbolic links: + + /afs/.openafs -> /afs/.openafs.org + /afs/openafs -> /afs/openafs.org + /afs/.uncc -> /afs/.uncc.edu + /afs/uncc -> /afs/uncc.edu + + =head1 SEE ALSO + + L, + L, + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod8/afsd.pod diff -c openafs/doc/man-pages/pod8/afsd.pod:1.6.2.1 openafs/doc/man-pages/pod8/afsd.pod:1.6.2.4 *** openafs/doc/man-pages/pod8/afsd.pod:1.6.2.1 Thu Nov 9 18:58:43 2006 --- openafs/doc/man-pages/pod8/afsd.pod Sun Aug 5 19:19:33 2007 *************** *** 7,29 **** =for html
! B S<<< [B<-blocks> >] >>> ! S<<< [B<-files> >] >>> ! S<<< [B<-rootvol> >] >>> ! S<<< [B<-stat> >] >>> ! [B<-memcache>] S<<< [B<-cachedir> >] >>> ! S<<< [B<-mountdir> >] >>> ! S<<< [B<-daemons> >] >>> ! [B<-nosettime>] [B<-verbose>] [B<-rmtsys>] [B<-debug>] ! S<<< [B<-chunksize> >] >>> ! S<<< [B<-dcache> >] >>> ! S<<< [B<-volumes> >] >>> S<<< [B<-biods> >] >>> ! S<<< [B<-prealloc> >] >>> S<<< [B<-confdir> >] >>> ! S<<< [B<-logfile> >] >>> ! [B<-waitclose>] [B<-shutdown>] [B<-enable_peer_stats>] ! [B<-enable_process_stats>] [B<-help>] =for html
--- 7,36 ---- =for html
! B [B<-afsdb>] [B<-backuptree>] S<<< [B<-biods> >] >>> ! S<<< [B<-blocks> >] >>> ! S<<< [B<-cachedir> >] >>> ! S<<< [B<-chunksize> >] >>> S<<< [B<-confdir> >] >>> ! S<<< [B<-daemons> >] >>> ! S<<< [B<-dcache> >] >>> [B<-debug>] ! [B<-dynroot>] [B<-enable_peer_stats>] [B<-enable_process_stats>] ! [B<-fakestat>] [B<-fakestat-all>] ! S<<< [B<-files> >] >>> ! S<<< [B<-files_per_subdir> > ] >>> ! [B<-help>] S<<< [B<-logfile> >] >>> ! [B<-mem_alloc_sleep>] [B<-memcache>] ! S<<< [B<-mountdir> >] >>> [B<-nomount>] ! [B<-nosettime>] ! S<<< [B<-prealloc> >] >>> ! [B<-rmtsys>] S<<< [B<-rootvol> >] >>> ! [B<-rxbind>] S<<< [B<-rxpck> value for rx_extraPackets ] >>> ! [B<-settime>] [B<-shutdown>] ! S<<< [B<-splitcache> >] >>> ! S<<< [B<-stat> >] >>> [B<-verbose>] ! S<<< [B<-volumes> >] >>> ! [B<-waitclose>] =for html
*************** *** 56,64 **** a cell from this list, or incorrect information about its database server machines, prevents the Cache Manager from accessing files in it. ! The list of database server machines is transferred into the kernel from ! the F file. After initialization, use the B command to change the kernel-resident list without having to reboot. =item * --- 63,73 ---- a cell from this list, or incorrect information about its database server machines, prevents the Cache Manager from accessing files in it. ! By default, the list of database server machines is transferred into the ! kernel from the F file. Alternatively, when the ! B<-afsdb> option is used, the list of database server machines is taken ! from the AFSDB DNS records for each cell. After initialization, use the ! B command to change the kernel-resident list without having to reboot. =item * *************** *** 93,100 **** exists. The second field in the F file is the source for ! this name, and the standard value is the F directory. Use ! the B<-cachedir> argument to override the value in the B file. =item * --- 102,109 ---- exists. The second field in the F file is the source for ! this name. The standard value is F. Use the B<-cachedir> ! argument to override the value in the B file. =item * *************** *** 229,242 **** =item * ! Randomly selects a file server machine in the local cell as the source for ! the correct time. Every five minutes thereafter, the local clock is ! adjusted (if necessary) to match the file server machine's clock. ! ! Use the B<-nosettime> flag to prevent the afsd command from selecting a ! time standard. This is recommended only on file server machines that are ! also acting as clients. File server machines maintain the correct time ! using the Network Time Protocol Daemon instead. =back --- 238,249 ---- =item * ! If the B<-settime> option is specified, then it randomly selects a file ! server machine in the local cell as the source for the correct time. Every ! five minutes thereafter, the local clock is adjusted (if necessary) to ! match the file server machine's clock. This is not enabled by default. It ! is recommended, instead, that the Network Time Protocol Daemon be used to ! synchronize the time. =back *************** *** 286,296 **** =item * ! One I daemon, which sends a probe to the File Server ! every few minutes to check that it is still accessible. It also ! synchronizes the machine's clock with the clock on a randomly-chosen file ! server machine, unless the B<-nosettime> flag is used. There is always one ! server connection daemon. =item * --- 293,303 ---- =item * ! One I daemon, which sends a probe to the File ! Server every few minutes to check that it is still accessible. If the ! B<-settime> option is set, it also synchronizes the machine's clock ! with the clock on a randomly-chosen file server machine. There is ! always one server connection daemon. =item * *************** *** 353,364 **** without an intervening reboot. While most of these issues have been ironed out, stopping and restarting AFS is not recommended unless necessary and rebooting before restarting AFS is still the safest course ! of action. =head1 OPTIONS =over 4 =item B<-blocks> > Specifies the number of kilobyte blocks to be made available for caching --- 360,422 ---- without an intervening reboot. While most of these issues have been ironed out, stopping and restarting AFS is not recommended unless necessary and rebooting before restarting AFS is still the safest course ! of action. This does not apply to Linux; it should be safe to restart the ! AFS client on Linux without rebooting. ! ! In contrast to many client-server applications, not all communication is ! initiated by the client. When the AFS client opens a file, it registers a ! callback with the AFS server. If the file changes, the server notifies the ! client that the file has changed and that all cached copies should be ! discarded. In order to enable full functionality on the AFS client, ! including all command-line utilities, the following UDP ports must be open ! on an firewalls between the client and the server: ! ! fileserver 7000/udp ! cachemanager 7001/udp (OpenAFS client. Arla uses 4711/udp) ! ptserver 7002/udp ! vlserver 7003/udp ! kaserver 7004/udp (not needed with Kerberos v5) ! volserver 7005/udp ! reserved 7006/udp (for future use) ! bosserver 7007/udp ! ! Additionally, for B to work through the firewall you need to allow ! inbound and outbound UDP on ports >1024 (probably 1024s). ! ! Be sure to set the UDP timeouts on the firewall to be at least twenty ! minutes for the best callback performance. =head1 OPTIONS =over 4 + =item B<-afsdb> + + Enable afsdb support. This will use DNS to lookup the AFSDB record and use + that for the database servers for each cell instead of the values in the + F file. This has the advantage of only needing to update one + DNS record to reconfigure the AFS clients for a new database server as + opposed to touching all of the clients, and also allows one to access a + cell without preconfiguring its database servers in F. + + =item B<-backuptree> + + Prefer backup volumes for mountpoints in backup volumes. This option means + that the AFS client will prefer to resolve mount points to backup volumes + when a parent of the current volume is a backup volume. This is similar to + the standard behaviour of preferring read-only volumes over read-write + volumes when the parent volume is a read-only volume. + + =item B<-biods> > + + Sets the number of VM daemons dedicated to performing I/O operations on a + machine running a version of AIX with virtual memory (VM) integration. If + both this argument and the B<-daemons> argument are omitted, the default + is five. If this argument is omitted but the B<-daemons> argument is + provided, the number of VM daemons is set to twice the value of the + B<-daemons> argument. + =item B<-blocks> > Specifies the number of kilobyte blocks to be made available for caching *************** *** 369,412 **** cache, do not combine this argument with the B<-dcache> argument, since doing so can possibly result in a chunk size that is not an exponent of 2. - =item B<-files> > - - Specifies the number of F> files to create in the cache - directory for a disk cache, overriding the default that is calculated as - described in L. Each F> file accommodates a - chunk of data, and can grow to a maximum size of 64 KB by default. Do not - combine this argument with the B<-memcache> argument. - - =item B<-rootvol> > - - Names the read/write volume corresponding to the root directory for the - AFS file tree (which is usually the F directory). This value - overrides the default of the C volume. - - =item B<-stat> > - - Specifies the number of entries to allocate in the machine's memory for - recording status information about the AFS files in the cache. This value - overrides the default of C<300>. - - =item B<-memcache> - - Initializes a memory cache rather than a disk cache. Do not combine this - flag with the B<-files> argument. - =item B<-cachedir> > Names the local disk directory to be used as the cache. This value overrides the default defined in the second field of the F file. ! =item B<-mountdir> > ! Names the local disk directory on which to mount the root of the AFS ! filespace. This value overrides the default defined in the first field of ! the F file. If a value other than the F ! directory is used, the machine cannot access the filespace of cells that ! do use that value. =item B<-daemons> > --- 427,458 ---- cache, do not combine this argument with the B<-dcache> argument, since doing so can possibly result in a chunk size that is not an exponent of 2. =item B<-cachedir> > Names the local disk directory to be used as the cache. This value overrides the default defined in the second field of the F file. ! =item B<-chunksize> > ! Sets the size of each cache chunk. The integer provided, which must be ! from the range C<0> to C<30>, is used as an exponent on the number 2. It ! overrides the default of 16 for a disk cache (2^16 is 64 KB) and 13 for a ! memory cache (2^13 is 8 KB). A value of C<0> or less, or greater than ! C<30>, sets chunk size to the appropriate default. Values less than C<10> ! (which sets chunk size to a 1 KB) are not recommended. Combining this ! argument with the B<-dcache> argument is not recommended because it ! requires that the issuer calculate the cache size that results. ! ! B<-chunksize> is an important option when tuning for performance. Setting ! this option to larger values can increase performance when dealing with ! large files. ! ! =item B<-confdir> > ! ! Names a directory other than the F directory from which to ! fetch the F, F, and F configuration ! files. =item B<-daemons> > *************** *** 421,445 **** and the B<-biods> argument is not. If both arguments are omitted, there are five VM daemons. ! =item B<-nosettime> ! ! Prevents the Cache Manager from synchronizing its clock with the clock on ! a server machine selected at random, by checking the time on the server ! machine every five minutes. Use this flag only on a machine that is ! already using another time synchronization protocol (for example, a server ! machine that is running the B process). ! ! =item B<-verbose> ! ! Generates a detailed trace of the B program's actions on the ! standard output stream. ! ! =item B<-rmtsys> ! Initializes an additional daemon to execute AFS-specific system calls on ! behalf of NFS client machines. Use this flag only if the machine is an ! NFS/AFS translator machine serving users of NFS client machines who ! execute AFS commands. =item B<-debug> --- 467,483 ---- and the B<-biods> argument is not. If both arguments are omitted, there are five VM daemons. ! =item B<-dcache> > ! Sets the number of dcache entries in memory, which are used to store ! information about cache chunks. For a disk cache, this overrides the ! default, which is 50% of the number of F> files (cache chunks). For ! a memory cache, this argument effectively sets the number of cache chunks, ! but its use is not recommended, because it requires the issuer to ! calculate the resulting total cache size (derived by multiplying this ! value by the chunk size). Do not combine this argument with the B<-blocks> ! argument, since doing so can possibly result in a chunk size that is not ! an exponent of 2. =item B<-debug> *************** *** 447,488 **** standard output stream. The information is useful mostly for debugging purposes. ! =item B<-chunksize> > ! Sets the size of each cache chunk. The integer provided, which must be ! from the range C<0> to C<30>, is used as an exponent on the number 2. It ! overrides the default of 16 for a disk cache (2^16 is 64 KB) and 13 for a ! memory cache (2^13 is 8 KB). A value of C<0> or less, or greater than ! C<30>, sets chunk size to the appropriate default. Values less than C<10> ! (which sets chunk size to a 1 KB) are not recommended. Combining this ! argument with the B<-dcache> argument is not recommended because it ! requires that the issuer calculate the cache size that results. ! =item B<-dcache> > ! Sets the number of dcache entries in memory, which are used to store ! information about cache chunks. For a disk cache, this overrides the ! default, which is 50% of the number of F> files (cache ! chunks). For a memory cache, this argument effectively sets the number of ! cache chunks, but its use is not recommended, because it requires the ! issuer to calculate the resulting total cache size (derived by multiplying ! this value by the chunk size). Do not combine this argument with the ! B<-blocks> argument, since doing so can possibly result in a chunk size ! that is not an exponent of 2. ! =item B<-volumes> > ! Specifies the number of memory structures to allocate for storing volume ! location information. The default value is C<50>. ! =item B<-biods> > ! Sets the number of VM daemons dedicated to performing I/O operations on a ! machine running a version of AIX with virtual memory (VM) integration. If ! both this argument and the B<-daemons> argument are omitted, the default ! is five. If this argument is omitted but the B<-daemons> argument is ! provided, the number of VM daemons is set to twice the value of the ! B<-daemons> argument. =item B<-prealloc> > --- 485,605 ---- standard output stream. The information is useful mostly for debugging purposes. ! =item B<-dynroot> ! The standard behaviour of the AFS client without the B<-dynroot> option is ! to mount the root.afs volume from the default cell on the F path. The ! F folder and root.afs volume traditionally shows the folders for ! F and other cells as configured by the AFS cell administrator. ! ! The B<-dynroot> option changes this. Using this option, the AFS client ! does not mount the root.afs volume on F. Instead it uses the ! contents of the F file to populate the listing of cells in ! F. This is known as a DYNamic ROOT. A cell is not contacted until ! the path F> if accessed. This functions similarly to an ! automounter. The main advantage of using B<-dynroot> is that the AFS ! client will start properly even without network access, whereas the client ! not using B<-dynroot> will freeze upon startup if cannot contact the ! default cell specified in F and mount the root.afs ! volume. Dynamic root mode is also sometimes called travelling mode because ! it works well for laptops which don't always have network connectivity. ! ! Two advantages of not using dynroot are that listing F will usually ! be faster because the contents of F are limited to what the AFS ! administrator decides and that symbolic links are traditionally created ! by the AFS administrator to provide a short name for the cell (i.e. ! cellname.domain.com is aliased to cellname). However, with dynroot, the ! local system administrator can limit the default contents of F by ! installing a stripped-down F file, and if dynroot is in effect, ! the F file can be used to provide shortname for common AFS cells ! which provides equivalent functionality to the most commonly used symbolic ! links. ! =item B<-enable_peer_stats> ! Activates the collection of Rx statistics and allocates memory for their ! storage. For each connection with a specific UDP port on another machine, ! a separate record is kept for each type of RPC (FetchFile, GetStatus, and ! so on) sent or received. To display or otherwise access the records, use ! the Rx Monitoring API. ! =item B<-enable_process_stats> ! Activates the collection of Rx statistics and allocates memory for their ! storage. A separate record is kept for each type of RPC (FetchFile, ! GetStatus, and so on) sent or received, aggregated over all connections to ! other machines. To display or otherwise access the records, use the Rx ! Monitoring API. ! =item B<-fakestat> ! Return fake values for stat calls on cross-cell mounts. This option makes ! an C of F much faster since each cell isn't contacted, and ! this and the B<-fakestat-all> options are useful on Mac OS X so that the ! Finder program doesn't try to contact every AFS cell the system knows ! about. ! ! =item B<-fakestat-all> ! ! Return fake values for stat calls on all mounts, not just cross-cell ! mounts. This and the B<-fakestat> options are useful on Mac OS X so that ! the Finder program doesn't hang when browsing AFS directories. ! ! =item B<-files> > ! ! Specifies the number of F> files to create in the cache directory ! for a disk cache, overriding the default that is calculated as described ! in L. Each F> file accommodates a chunk of data, and ! can grow to a maximum size of 64 KB by default. Do not combine this ! argument with the B<-memcache> argument. ! ! =item B<-files_per_subdir> > ! ! Limits the number of cache files in each subdirectory of the cache ! directory. The value of the option should be the base-two log of the ! number of cache files per cache subdirectory (so 10 for 1024 files, 14 for ! 16384 files, and so forth). ! ! =item B<-help> ! ! Prints the online help for this command. All other valid options are ! ignored. ! ! =item B<-logfile> > ! ! This option is obsolete and no longer has any effect. ! ! =item B<-mem_alloc_sleep> ! ! Allows sleeps when allocating a memory cache. ! ! =item B<-memcache> ! ! Initializes a memory cache rather than a disk cache. Do not combine this ! flag with the B<-files> argument. ! ! =item B<-mountdir> > ! ! Names the local disk directory on which to mount the root of the AFS ! filespace. This value overrides the default defined in the first field of ! the F file. If a value other than the F ! directory is used, the machine cannot access the filespace of cells that ! do use that value. ! ! =item B<-nomount> ! ! Do not mount AFS on startup. The afs global mount must be mounted via ! some other means. This is useful on Mac OS X where /afs is sometimes ! mounted in /Network/afs like other network file systems. ! ! =item B<-nosettime> ! ! This is enabled by default. It prevents the Cache Manager from ! synchronizing its clock with the clock on a server machine selected at ! random by checking the time on the server machine every five minutes. ! This is the recommended behavior; instead of the AFS Cache Manager, the ! Network Time Protocol Daemon should be used to synchronize the system ! time. =item B<-prealloc> > *************** *** 490,539 **** Manager's internal use. The default initial value is C<400>, but the Cache Manager dynamically allocates more memory as it needs it. ! =item B<-confdir> > ! Names a directory other than the F directory from which to ! fetch the F, F, and F configuration ! files. ! =item B<-logfile> > ! Is obsolete and has no real effect. It specifies an alternate file in ! which to record a type of trace that the Cache Manager no longer ! generates; the default value is F. ! =item B<-waitclose> ! Has no effect on the operation of the Cache Manager. The behavior it ! affected in previous versions of the Cache Manager, to perform synchronous ! writes to the File Server, is now the default behavior. To perform ! asynchronous writes in certain cases, use the B command. =item B<-shutdown> ! Shuts down the Cache Manager, but not in the most effective possible ! way. Do not use this flag. ! =item B<-enable_peer_stats> ! Activates the collection of Rx statistics and allocates memory for their ! storage. For each connection with a specific UDP port on another machine, ! a separate record is kept for each type of RPC (FetchFile, GetStatus, and ! so on) sent or received. To display or otherwise access the records, use ! the Rx Monitoring API. ! =item B<-enable_process_stats> ! Activates the collection of Rx statistics and allocates memory for their ! storage. A separate record is kept for each type of RPC (FetchFile, ! GetStatus, and so on) sent or received, aggregated over all connections to ! other machines. To display or otherwise access the records, use the Rx ! Monitoring API. ! =item B<-help> ! Prints the online help for this command. All other valid options are ! ignored. =back --- 607,674 ---- Manager's internal use. The default initial value is C<400>, but the Cache Manager dynamically allocates more memory as it needs it. ! =item B<-rmtsys> ! Initializes an additional daemon to execute AFS-specific system calls on ! behalf of NFS client machines. Use this flag only if the machine is an ! NFS/AFS translator machine serving users of NFS client machines who ! execute AFS commands. ! =item B<-rootvol> > ! Names the read/write volume corresponding to the root directory for the ! AFS file tree (which is usually the F directory). This value ! overrides the default of the C volume. This option is ignored if ! B<-dynroot> is given. ! =item B<-rxbind> ! Bind the Rx socket (one interface only). ! ! =item B<-rxpck> > ! ! Set rx_extraPackets to this value. ! ! =item B<-settime> ! ! Enable native AFS time synchronization. This option is the opposite of ! B<-nosettime> and cannot be used with the B<-nosettime> option. =item B<-shutdown> ! Shuts down the Cache Manager. Before calling B with this option, ! unmount the AFS file system with B. ! =item B<-splitcache> > ! This allows the user to set a certain percentage of the AFS cache be ! reserved for read/write content and the rest to be reserved for read-only ! content. The ratio should be written as a fraction. For example, ! C<-splitcache 75/25> devotes 75% of your cache space to read/write content ! and 25% to read-only. ! =item B<-stat> > ! Specifies the number of entries to allocate in the machine's memory for ! recording status information about the AFS files in the cache. This value ! overrides the default of C<300>. ! =item B<-verbose> ! Generates a detailed trace of the B program's actions on the ! standard output stream. ! ! =item B<-volumes> > ! ! Specifies the number of memory structures to allocate for storing volume ! location information. The default value is C<50>. ! ! =item B<-waitclose> ! ! Has no effect on the operation of the Cache Manager. The behavior it ! affected in previous versions of the Cache Manager, to perform synchronous ! writes to the File Server, is now the default behavior. To perform ! asynchronous writes in certain cases, use the B command. =back *************** *** 543,559 **** initialization file, rather than typed at the command shell prompt. For most disk caches, the appropriate form is ! /usr/vice/etc/afsd The following command is appropriate when enabling a machine to act as an NFS/AFS Translator machine serving more than five users. ! /usr/vice/etc/afsd -daemons 4 -rmtsys The following command initializes a memory cache and sets chunk size to 16 KB (2^14). ! /usr/vice/etc/afsd -memcache -chunksize 14 =head1 PRIVILEGE REQUIRED --- 678,694 ---- initialization file, rather than typed at the command shell prompt. For most disk caches, the appropriate form is ! % /usr/vice/etc/afsd The following command is appropriate when enabling a machine to act as an NFS/AFS Translator machine serving more than five users. ! % /usr/vice/etc/afsd -daemons 4 -rmtsys The following command initializes a memory cache and sets chunk size to 16 KB (2^14). ! % /usr/vice/etc/afsd -memcache -chunksize 14 =head1 PRIVILEGE REQUIRED *************** *** 561,566 **** --- 696,702 ---- =head1 SEE ALSO + L, L, L, L *************** *** 569,574 **** IBM Corporation 2000. All Rights Reserved. ! This documentation is covered by the IBM Public License Version 1.0. It was ! converted from HTML to POD by software written by Chas Williams and Russ ! Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. --- 705,710 ---- IBM Corporation 2000. All Rights Reserved. ! This documentation is covered by the IBM Public License Version 1.0. It ! was converted from HTML to POD by software written by Chas Williams and ! Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. Index: openafs/doc/man-pages/pod8/bos_create.pod diff -c openafs/doc/man-pages/pod8/bos_create.pod:1.3 openafs/doc/man-pages/pod8/bos_create.pod:1.3.2.1 *** openafs/doc/man-pages/pod8/bos_create.pod:1.3 Wed Mar 1 00:02:31 2006 --- openafs/doc/man-pages/pod8/bos_create.pod Fri Jul 27 14:07:43 2007 *************** *** 111,116 **** --- 111,124 ---- command execution as part of the B<-cmd> argument to the B command. + =item dafs + + Use this value only for the dafs process, which combines the + File Server, Volume Server, Salvageserver, and Salvager processes in + order to operate as a Demand Attach File Server. If one of the + component processes terminates, the BOS Server shuts down + and restarts the process in the appropriate order. + =item fs Use this value only for the fs process, which combines the File Server, Index: openafs/doc/man-pages/pod8/bos_salvage.pod diff -c openafs/doc/man-pages/pod8/bos_salvage.pod:1.5 openafs/doc/man-pages/pod8/bos_salvage.pod:1.5.2.1 *** openafs/doc/man-pages/pod8/bos_salvage.pod:1.5 Wed Mar 1 00:02:31 2006 --- openafs/doc/man-pages/pod8/bos_salvage.pod Fri Jul 27 14:07:44 2007 *************** *** 14,19 **** --- 14,20 ---- S<<< [B<-parallel> >] >>> S<<< [B<-tmpdir> >] >>> S<<< [B<-orphans> (ignore | remove | attach)] >>> S<<< [B<-cell> >] >>> + S<<< [B<-forceDAFS>] >>> [B<-noauth>] [B<-localauth>] [B<-help>] B S<<< B<-se> > >>> S<<< [B<-part> >] >>> *************** *** 22,27 **** --- 23,29 ---- [<-para> >] S<<< [B<-t> >] >>> S<<< [B<-o> (ignore | remove | attach)] >>> S<<< [B<-c> >] >>> [B<-n>] + S<<< [B<-force>] >>> [B<-l>] [B<-h>] =for html *************** *** 278,283 **** --- 280,290 ---- =back + =item B<-forceDAFS> + + If the fileserver is a Demand Attach File Server, then the B<-forceDAFS> + flag must be provided in order for the B to run. + =item B<-cell> > Names the cell in which to run the command. Do not combine this argument *************** *** 336,341 **** --- 343,349 ---- L, L, L, + L, L, L, L, Index: openafs/doc/man-pages/pod8/uss.pod diff -c openafs/doc/man-pages/pod8/uss.pod:1.2 openafs/doc/man-pages/pod8/uss.pod:1.2.6.1 *** openafs/doc/man-pages/pod8/uss.pod:1.2 Tue Dec 13 14:21:17 2005 --- openafs/doc/man-pages/pod8/uss.pod Fri Jul 27 14:00:25 2007 *************** *** 89,97 **** =item B<-skipauth> ! Bypasses mutual authentication with the AFS Authentication Server, ! allowing a site that uses Kerberos instead of the AFS Authentication ! Server to substitute that form of authentication. =back --- 89,99 ---- =item B<-skipauth> ! Bypasses mutual authentication with the AFS Authentication Server, allowing ! a site that uses Kerberos instead of the AFS Authentication Server to ! substitute that form of authentication. If this option is given, B does ! not create or manipulate Kerberos principals. A Kerberos principal must be ! created separately from the B command. =back Index: openafs/doc/txt/winnotes/afs-changes-since-1.2.txt diff -c openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.72.2.30 openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.72.2.31 *** openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.72.2.30 Tue Jul 10 16:01:28 2007 --- openafs/doc/txt/winnotes/afs-changes-since-1.2.txt Thu Aug 9 18:31:47 2007 *************** *** 1,3 **** --- 1,69 ---- + Since 1.5.21 + + * In the AFS Admin Library, replaced all of the + Ubik_Call(XXX_RPC,...) calls with Ubik_XXX_RPC(...). This + allows parameter checking and proper type conversions to be + performed. This is crucial when passing parameters that are + 64-bit wide on systems in which 'long' is a 32-bit value. + Otherwise, the parameter list on the stack is interpretted + incorrectly and the function not only doesn't succeed but it + might corrupt memory and if lucky crash the application. + + The only program that we care about that uses this library + is the AFS Server Manager. Now it doesn't crash. + + * Fixed smb directory searches for non-wildcard names. The + optimized function should not have set the bulk in progress + flag. This would adversely affect later directory searches + that required a bulk search. + + * Detect infinite recursions (up to 512 stat cache objects + in a chain.) If an infinite recursion is detected, return + an error to stop the CIFS client from querying us forever. + + * Executables executed out of AFS name space can have their + pages swapped out by Windows. Those pages will be reloaded + when they are required. However, if the cache manager no + longer has a callback and all of the file servers with + the volume data are down, then the application will crash + due to the inability to read the required page. + + We now track the down time of each server. If the callback + expires after the server that issued it went down and all + servers are down, we delay the expiration to permit the data + in the cache to be continue to be used by Windows or an + application. + + * The Windows AFS client has always had very poor performance + with regards to directory management. In the case of + directory updates caused by create, rename,and delete operations, + the AFS cache manager will now perform local directory updates + when possible in order to avoid re-reading the directory from + the file server. This will be done in whenever both of the + following conditions are true: + + - the data version on the directory increased by one as a + result of the operation + + - all of the directory buffers necessary to make the change + are present in the cache + + * The error message in the AFS Control Panel describing the + need to be a Windows Administrator has been replaced with + a message describing the need to be in the AFS Admins Group. + + * If the vldb server list is empty when attempting to evaluate + a cell mountpoint it was possible for a crash to occur. This + can only happen if there is an existing mount point and the + is a failure attempting to load the server list from the + CellServDB file or via AFSDB queries. + + * dirty buffers only have their dirty bytes stored to the file + server instead of the entire chunksize + + * the default chunksize has been increased from 128KB to 1MB + + Since 1.5.20 * changed the enum values for cm_serverRef_t state info to use a Index: openafs/doc/txt/winnotes/afs-issues.txt diff -c openafs/doc/txt/winnotes/afs-issues.txt:1.28.2.5 openafs/doc/txt/winnotes/afs-issues.txt:1.28.2.6 *** openafs/doc/txt/winnotes/afs-issues.txt:1.28.2.5 Thu May 17 12:19:03 2007 --- openafs/doc/txt/winnotes/afs-issues.txt Thu Aug 9 18:31:47 2007 *************** *** 1,16 **** ! This file is a rough list of known issues with the 1.5.20 release of OpenAFS on Windows. This list is not complete. There are probably other issues which can be found in the RT database or on the mailing list. (1) File/Directory access is not integrated with windows security (3c) Loopback adapter hack: (i) prevents use of AFS Gateway (ii) requires installation of loopback adapter - (iii) the list of hack adapters is incomplete (VMWare, MS TV/Video, ...) ! (9) Convert to IFS!!!!!! (12) AFS Integrated Logon: (12c) If network is not available must store the username and password --- 1,23 ---- ! This file is a rough list of known issues with the 1.5.22 release of OpenAFS on Windows. This list is not complete. There are probably other issues which can be found in the RT database or on the mailing list. + For all of these issues please review + + http://www.openafs.org/roadmap.html + http://www.secure-endpoints.com/openafs-windows-roadmap.html + (1) File/Directory access is not integrated with windows security (3c) Loopback adapter hack: (i) prevents use of AFS Gateway (ii) requires installation of loopback adapter ! (9) Convert to a native file system implementation built upon: ! - a file system redirector ! - a file system filter ! - a network provider (12) AFS Integrated Logon: (12c) If network is not available must store the username and password