The OpenAFS Gatekeepers are pleased to announce the release of version
1.4 of OpenAFS. This version incorporates literally hundreds of fixes
enhancements and improvements. Many bugs and programming inefficiencies
(some of which have been present since IBM's donation of AFS to the
open source community) have been eliminated, resulting in a much more
stable product. Improvements for Windows users are particularly dramatic.
 
1.4 also represents a significant step forward for Kerberos 5 integration.
This release allows all Kerberos 5 KDCs including Microsoft Active 
Directory to be the source of AFS client authentication.
 
Changes under UNIX (tm) and *nix Operating Systems

Increased Performance and Stability
Addition of pthreading support on servers and threading optimization of
RPC and RX libraries provide increased performance over the 1.2 release.
Cache chunk locking has been refined, and system vnodes on Linux and
MacOS X are now supported. Support for files larger than two Gigabytes
in the AFS filesystem is now available to operating systems providing
native support for large files. Ntp, rlogind, rsh and other unnecessary
and potentially insecure services have been removed.

Increased Server Efficiency in Handling Mobile Clients
Multi-probing has been improved, reducing the time a server needs to
timeout clients no longer accessible on the network. Callback Break
Later functionality has been added, allowing servers to queue callback
breaks for clients that have disappeared from the network until the
client contacts the servers, reducing both server load and the chance of
file corruption.
 
Improved Administration
Audit logs are available for all servers, and named pipe logging
supported, augmenting existing server monitoring and debugging tools.
Groups of groups (aka Supergroups) can now be created on the protection
server facilitating administration of user access, and tools for
Kerberos 5 have been integrated into the AFS software, including aklog.
 
Improved Build and Installation
Function prototypes have been added for improved compile time type
checking, and Kerberos 5 availability (MIT/Heimdal) is automatically 
detected, simplifying the configuration process. Also, the default 
configuration of the installation has been updated to provide better 
performance in modern network environments.


Other New Features
vos copy allows an administrator to create a new volume, and copy the
contents of an existing volume, with one command.  This eliminates the
need to peform a vos dump followed by a vos restore.

vos convertROtoRW lets an administrator convert an existing RO replica
into a new RW site in the event the current RW site goes down.

the -vattachpar option to fileserver causes the fileserver to attach
volumes from multiple vice partitions in parallel, thus improving
fileserver startup time.




 
Changes under Microsoft Windows (2000, XP, and 2003)

Improved Performance
Performance has been enhanced by support for a persistent cache. The
default cache size is now 96 Megabytes with 10,000 cache entries.  The
maximum cache size has been extended to 1.2 Gigabytes. Overall, the 1.4
release is between 30% and 150% faster than the 1.2 release, depending
on the mode of operation.

Improved User Experience
Integration into the Windows environment has been significantly enhanced
with the addition of support for browsing of AFS servers, an AFS context
senstive popup menu, an improved Systray icon, and enhancements to both
the GUI and command line programs.

Increased Security
All of the known security problems present in 1.2.10 have been fixed.
Compatibility with the Cisco IPSec VPN client has been added, and the
AFS Client now communicates with Microsoft's integrated firewall to open
ports as needed, allowing receipt of callback messages from the server
without manual configuration.

Enhanced Integration in Heterogeneous Environments
AFS UNC paths are now supported, eliminating reliance on mapped drive
letters and allowing for true worldwide path usage and cross platform
filesystem links. By default, filenames beginning with a period are no
longer displayed (reducing user confusion when viewing home directories
shared by Unix environments). Also, the AFS Client now works correctly
at sites using cross-realm trusts between a Unix based Kerberos realm
(MIT/Heimdal) and multidomain Windows Forests. Multihomed file servers
are now supported for use in complex network environments, and automatic
failover to available server volumes added providing greater fault
tolerance for large scale installations and mission critical applications.
 
Simplified Installation
Support for AFS records in DNS has been added, so that the locations of
a site's AFS servers no longer need be specified in CellServDB files on
individual machines. This means that users can access new cells without
reconfiguring the client, and that changes in AFS server configurations
can be propogated transparently to clients without touching individual
workstations, and installation no longer requires inclusion of a site
specific server list in a local file.
 
Addition of Freelance Mode
Freelance Mode allows users to start AFS on boot without access to their
home AFS cell. The volume loaded at AFS Client is maintained locally in
the registry without access to a cell. Whenever a user attempts to
contact an AFS path in a previously unknown cell, mountpoints and
symlinks are dynamically created and stored in the registry.
 
Improved Network Support for Mobile Users
Support for network events and power management have been added and
enhanced. A Microsoft Loopback Adapter is now part of the installation,
resulting in improved stability for users of dynamically configured
networking devices, and allowing users to specify which network adapter
to use with AFS. The AFS Client is aware of the current state of the
network connection, and is able to start itself and prompt the user for
tokens as needed. Laptop users can thus now move about freely or change
network interfaces without having to reboot or restart the AFS service,
and the "hangs" associated with brief interruptions in network
connections eliminated.
 
Enhanced Stability
Support for SMB/CIFS messaging has been extended, reducing hangs and
stalls in file transfers. File timestamps are reported entirely in UTC
resulting in improved stability in backup and syncing operations. The
Client Service now checks the versions of DLLs on startup to verify that
the code is from the same version, resulting in fewer problems after
upgrades. When an exception does occur, minidumps are created locally,
and can be created as needed via the command line. Also, although the
AFS client service provides crash reporting, the 1.4 release can also be
configured through an Active Directory policy to report crashes within
the domain for machines running XP and above.

Enhanced Central Administration
An AFS Client Admins group is now created by the AFS installation,
allowing for the first time control over who can alter the configuration
of the AFS Client Service. All configuration data except the contents of
the CellServDB file (which is no longer required for access to sites
supporting AFS service records in DNS) are now stored in the Registry,
and are thus configurable via Active Directory Group Policies. An MSI is
also available for those who wish to deploy AFS or customize existing
installations for their users. Using integrated login, the network
provider can be configured to have different behavior depending on the
domain that the user logs into.
 


Supported Platforms: (! == new)
AIX    4.2, 4.3, 5.1!, 5,2!, 5.3!
HP-UX  11i (pa-risc), 11.22 (pa-risc), 11.23 (ia64)!
Solaris 7, 8, 9, 10!
MacOS X 10.3
Microsoft Windows 2000, XP!, 2003!, 2003 R2!
Linux 2.4 kernel: x86, x86-uml, amd64, ia64, pa-risc!, ppc, ppc64!,
                  s390, s390x,  sparc, sparc64
Linux 2.6 kernel: x86!, x86-uml!, amd64!, ia64!, ppc!, ppc64!,
                  s390x!, sparc64!
OpenBSD (x86) 3.3, 3.4, 3.5, 3.6, 3.7, 3.8
NetBSD (x86; server only) 1.5, 1.6, 2.0, 2.1, 3.0
FreeBSD (x86; server only) 4.7, 5.3, 6.0-beta
SGI Irix 6.5


Individual Contributors:
adridg@sci.kun.nl
aedil@alchar.org
akosut@cs.stanford.edu
alfw@slac.stanford.edu
Andrei.Keis@morganstanley.com
andrej.filipcic@ijs.si
asanka@secure-endpoints.com
banz@umbc.edu
beyond@mmc-startup.com
blade@debian.org
bpcreech@eos.ncsu.edu
brent@graveland.net
cg2v@andrew.cmu.edu
chas@cmf.nrl.navy.mil
cvv@email.zp.ua
d00-tga@d.kth.se
deengert@anl.gov
dhowells@redhat.com
dlc@cs.cmu.edu
dmagda@magda.ca
drh@umich.edu
dtanner@mit.edu
efenyak@gamax.hu
emoy@apple.com
fallsjo@stacken.kth.se
gendalia@iastate.edu
Guillaume.Rousse@inria.fr
haba@pdc.kth.se
hanke@rzg.mpg.de
hans-gunther.borrmann@rz.uni-freiburg.de
hans@MPA-Garching.MPG.DE
hartmans@mit.edu
hollandp@umich.edu
horst@riback.net
hozer@hozed.org
iacobs@exotic4.nipne.ro
ilya@ccmr.cornell.edu
irene.braun@ualberta.ca.
jaltman@secure-endpoints.com
james@abrakus.com
jasonmc@cert.org
jbuehler@hekimian.com
jcurley@andrew.cmu.edu
jeffm@suse.com
Jeffrey.B.Woodward@Dartmouth.EDU,
jeremym@backboneentertainment.com
jhutz@cmu.edu
jmoss@ichips.intel.com
joda@pdc.kth.se
kcr@mit.edu
kekelley@iastate.edu
kenh@cmf.nrl.navy.mil
klas.lindfors@it.su.se
kllin@it.su.se
kolya@mit.edu
kwc@citi.umich.edu
lantzer@umr.edu
leg@andrew.cmu.edu
lha@stacken.kth.se
lyzhang@umich.edu
mack@uni-hohenheim.de
marc@mit.edu
matt@linuxbox.com
mattdm@mattdm.org
mattiasa@e.kth.se
mbacchi@btv.ibm.com
mcmer@gmx.net
mcp@eda.ei.tum.de
mdw@umich.edu
Menke@MPPMU.MPG.DE
Mike.Becher@lrz-muenchen.de
miles@cs.stanford.edu
mitch@ccmr.cornell.edu.
mmokrejs@ribosome.natur.cuni.cz
mnandrews@lbl.gov
mpereira@almaden.ibm.com
nik@zurich.ibm.com
Niklas.Edmundsson@hpc2n.umu.se
nneul@umr.edu
oehmes@de.ibm.com
onime@ictp.trieste.it
paul.weber@hp.com
peb@mppmu.mpg.de
provos@citi.umich.edu
psomogyi@gamax.hu
pterjan@mandriva.com
rainer.schoepf@proteosys.com
Rainer.Toebbicke@cern.ch
rbasch@mit.edu
rees@umich.edu
reuter@rzg.mpg.de
rmitz@cmu.edu
rolf@multi-os-net.de
rolnas@takas.lt
rra@stanford.edu
rsm4@ieee.org
rtb@pclella.cern.ch
salvet@ics.muni.cz
sdw@email.unc.edu
semerad@ss1000.ms.mff.cuni.cz
sgr0@lehigh.edu
shadow@dementia.org
slack@quackmaster.net
ssen@apple.com
stefaan.deroeck@gmail.com
tdamato@odu.edu
thomas.mueller@hrz.tu-chemnitz.de
thomas@cs.wisc.edu
tkeiser@gmail.com
tmaher@watson.org
toddr@rpi.edu
tony@lions.odu.edu
tron@NetBSD.org
tvb@intel.com
warlord@mit.edu
wingc@engin.umich.edu
wollman@khavrinen.lcs.mit.edu
zacheiss@mit.edu
zschimke@mars.asu.edu