Index: openafs/doc/html/AdminGuide/cachmgr.gif Index: openafs/doc/html/AdminGuide/fserver1.gif Index: openafs/doc/html/AdminGuide/fserver2.gif Index: openafs/doc/html/AdminGuide/overview.gif Index: openafs/doc/html/AdminGuide/scout1.gif Index: openafs/doc/html/AdminGuide/scout2.gif Index: openafs/doc/html/AdminGuide/scout3.gif Index: openafs/doc/html/AdminGuide/scout4.gif Index: openafs/doc/html/AdminGuide/vnode.gif Index: openafs/doc/man-pages/README diff -c openafs/doc/man-pages/README:1.4.2.9 openafs/doc/man-pages/README:1.4.2.20 *** openafs/doc/man-pages/README:1.4.2.9 Thu Mar 23 00:51:23 2006 --- openafs/doc/man-pages/README Sun Aug 19 18:27:02 2007 *************** *** 123,129 **** References to functions should be noted like function() with the trailing parens. The POD converters know how to format these sorts of references appropriately. References to other sections in the same page ! should be given as L
. Command and output examples should be indented three spaces. Commands entered by the user should be given on a line beginning with %. If the --- 123,133 ---- References to functions should be noted like function() with the trailing parens. The POD converters know how to format these sorts of references appropriately. References to other sections in the same page ! should be given as L
. Man pages for all other AFS commands or ! file formats referenced in the page should be listed in the SYNOPSIS. ! List each reference on its own line for easier addition of other ! references later, but don't put blank lines between them. Don't forget ! the commas at the end of each line but the last. Command and output examples should be indented three spaces. Commands entered by the user should be given on a line beginning with %. If the *************** *** 181,186 **** --- 185,195 ---- the bug number so that I'm aware of it, as I don't always notice new bugs. + You can test your new POD documentation by running the check-pod script + in this directory with "prove check-pod". (And check other people's + documentation and find any problems that have crept in.) You will need + to have Test::Pod installed. + Known Problems The current man pages have the following known deficiencies. Please *************** *** 189,225 **** * The following installed commands have no man pages: - bos_util copyauth - fs getcalleraccess - fs getcrypt - fs listaliases - fs newalias fs rxstatpeer fs rxstatproc fs setcbaddr - fs setcrypt kseal - pts interactive - pts quit - pts sleep - pts source read_tape restorevol rmtsysd vldb_convert - vos changeloc vos clone vos convertROtoRW vos copy vos shadow - vos size vsys - * The following configuration files have no man pages: - - CellAlias - * klog.krb, pagsh.krb, and tokens.krb need to be listed as alternative names in the NAME line of the non-.krb man pages, links should be installed on man page installation, and the behavior of pagsh.krb --- 198,218 ---- *************** *** 231,245 **** * fs sysname documentation needs to include the possibility of setting multiple sysnames and the resulting behavior. - * The afsd man page is horribly out of date. It doesn't explain - dynroot, many options are missing, and some of the options described - are no longer valid. It also still assumes that -settime is the - default and says that the system must be rebooted after shutdown, - which isn't the case at least on Linux. - * bos listkeys and the KeyFile man page assume that you're using the kaserver. * I'm fairly sure that the fileserver man page no longer documents all of the fileserver options. --- 224,235 ---- * fs sysname documentation needs to include the possibility of setting multiple sysnames and the resulting behavior. * bos listkeys and the KeyFile man page assume that you're using the kaserver. + * bos addkey should be marked deprecated in favor of using asetkey with + a keytab. + * I'm fairly sure that the fileserver man page no longer documents all of the fileserver options. Index: openafs/doc/man-pages/check-pod diff -c /dev/null openafs/doc/man-pages/check-pod:1.1.4.3 *** /dev/null Wed Oct 24 01:57:13 2007 --- openafs/doc/man-pages/check-pod Sun Aug 19 18:27:02 2007 *************** *** 0 **** --- 1,17 ---- + #!/usr/bin/perl + # + # Written by Jason Edgecombe based on the Test::Pod documentation. The + # best way to run it is to run: + # + # prove check-pod + # + # from the doc/man-pages directory, which will show any errors found in + # any of the POD files. + + use strict; + use Test::More; + eval "use Test::Pod 1.00"; + + plan skip_all => "Test::Pod 1.00 required for testing POD" if $@; + my @poddirs = qw( pod1 pod5 pod8 ); + all_pod_files_ok( all_pod_files( @poddirs ) ); Index: openafs/doc/man-pages/pod1/fs.pod diff -c openafs/doc/man-pages/pod1/fs.pod:1.3.2.5 openafs/doc/man-pages/pod1/fs.pod:1.3.2.8 *** openafs/doc/man-pages/pod1/fs.pod:1.3.2.5 Tue Feb 28 18:48:46 2006 --- openafs/doc/man-pages/pod1/fs.pod Fri Aug 17 21:58:24 2007 *************** *** 19,28 **** --- 19,30 ---- machines: L|fs_checkservers(1)>, L|fs_getcellstatus(1)>, + L|fs_getcrypt(1)>, L|fs_getserverprefs(1)>, L|fs_listcells(1)>, L|fs_newcell(1)>, L|fs_setcell(1)>, + L|fs_setcrypt(1)>, L|fs_setserverprefs(1)>, L|fs_sysname(1)>, and L|fs_wscell(1)>. *************** *** 32,37 **** --- 34,40 ---- Commands to administer access control lists (ACLs): L|fs_cleanacl(1)>, L|fs_copyacl(1)>, + L|fs_getcalleraccess(1)>, L|fs_listacl(1)>, and L|fs_setacl(1)>. *************** *** 53,60 **** --- 56,66 ---- Commands to administer the local client cache and related information: L|fs_checkvolumes(1)>, L|fs_flush(1)>, + L|fs_flushall(1)>, L|fs_flushvolume(1)>, L|fs_getcacheparms(1)>, + L|fs_listaliases(1)>, + L|fs_newalias(1)>, and L|fs_setcachesize(1)>. =item * *************** *** 181,199 **** --- 187,210 ---- L, L, L, + L, L, L, L, + L, L, L, + L, L, L, L, + L, L, L, L, L, L, + L, L, L, L, *************** *** 201,206 **** --- 212,218 ---- L, L, L, + L, L, L, L, Index: openafs/doc/man-pages/pod1/fs_flushall.pod diff -c /dev/null openafs/doc/man-pages/pod1/fs_flushall.pod:1.1.4.2 *** /dev/null Wed Oct 24 01:57:13 2007 --- openafs/doc/man-pages/pod1/fs_flushall.pod Fri Aug 17 21:58:25 2007 *************** *** 0 **** --- 1,62 ---- + =head1 NAME + + fs flushall - Force the AFS Cache Manager to discard all data + + =head1 SYNOPSIS + + =for html +
+ + B [B<-help>] + + B [B<-h>] + + =for html +
+ + =head1 DESCRIPTION + + The B command flushes all data from the AFS cache. + + =head1 CAUTIONS + + This command is only available on Windows. + + =head1 OPTIONS + + =over 4 + + =item B<-help> + + Prints the online help for this command. + + =back + + =head1 OUTPUT + + This command has no output. + + =head1 EXAMPLES + + Aside from the help, there is only one way to run B, which is + as follows: + + % fs flushall + % + + =head1 PRIVILEGE REQUIRED + + No special privileges are required for this command. + + =head1 SEE ALSO + + L, + L, + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/fs_getcalleraccess.pod diff -c /dev/null openafs/doc/man-pages/pod1/fs_getcalleraccess.pod:1.1.4.2 *** /dev/null Wed Oct 24 01:57:13 2007 --- openafs/doc/man-pages/pod1/fs_getcalleraccess.pod Fri Aug 17 21:58:25 2007 *************** *** 0 **** --- 1,73 ---- + =head1 NAME + + fs getcalleraccess - Show the current user's access to a file or directory + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-path> >+] >>> [B<-help>] + + B S<<< [B<-p> >] >>> [B<-h>] + + =for html +
+ + =head1 DESCRIPTION + + The B command displays the access that the current + user has to the specified path using the same representation as B. + + =head1 OPTIONS + + =over 4 + + =item B<-help> + + Prints the online help for this command. All other valid options are + ignored. + + =item B<-path> >+ + + The B<-path> option specifies the path on which to operate. B<-path> may + be omitted. If this option isn't given, the default is to act on the + current directory. + + =back + + =head1 OUTPUT + + For each path, B outputs a line like: + + Callers access to is + + where is the path on which it is operating and is an + ACL string in the same format as is returned by B. See + L for more information about AFS ACL strings. + + =head1 EXAMPLES + + The following command shows the current user's access to the path + F, which is read and lookup access. + + % fs getcalleraccess /afs/openafs.org + Callers access to /afs/openafs.org is rl + % + + =head1 PRIVILEGE REQUIRED + + No special privileges are required for this command. + + =head1 SEE ALSO + + L, + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/fs_getcrypt.pod diff -c /dev/null openafs/doc/man-pages/pod1/fs_getcrypt.pod:1.3.2.5 *** /dev/null Wed Oct 24 01:57:13 2007 --- openafs/doc/man-pages/pod1/fs_getcrypt.pod Fri Aug 17 21:48:13 2007 *************** *** 0 **** --- 1,77 ---- + =head1 NAME + + fs getcrypt - Displays the state of encryption for AFS file transfers + + =head1 SYNOPSIS + + =for html +
+ + B [B<-help>] + + =for html +
+ + =head1 DESCRIPTION + + The B command shows the status of network traffic encryption + for file traffic in the AFS client. This encryption applies to file + traffic going to and coming from the AFS server for users with valid + tokens. The complement of this command is B which sets the + status of encryption on the client. + + =head1 CAUTIONS + + AFS uses an encryption scheme called fcrypt, based on but slightly weaker + than DES. Because fcrypt and DES are obsolete, the user must decide how + much to trust the encryption. Consider using a Virtual Private Network at + the IP level if better encryption is needed. + + Encrypting file traffic requires a token. Unauthenticated connections or + connections authorized via IP-based ACLs will not be encrypted even when + encryption is turned on. + + =head1 OPTIONS + + =over 4 + + =item B<-help> + + Prints the online help for this command. All other valid options are + ignored. + + =back + + =head1 OUTPUT + + If encryption is enabled, the output is: + + Security level is currently crypt (data security). + + If encryption if disabled, the output is: + + Security level is currently clear. + + =head1 EXAMPLES + + There is only one way to invoke B: + + % fs getcrypt + + =head1 PRIVILEGE REQUIRED + + No special priviledges are required for this command. + + =head1 SEE ALSO + + L + + The description of the fcrypt encryption mechanism at + L. + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/fs_listaliases.pod diff -c /dev/null openafs/doc/man-pages/pod1/fs_listaliases.pod:1.2.2.4 *** /dev/null Wed Oct 24 01:57:13 2007 --- openafs/doc/man-pages/pod1/fs_listaliases.pod Fri Aug 17 21:48:13 2007 *************** *** 0 **** --- 1,61 ---- + =head1 NAME + + fs listaliases - Displays the current list of aliases for AFS cells + + =head1 SYNOPSIS + + =for html +
+ + B [B<-help>] + + =for html +
+ + =head1 DESCRIPTION + + The B command shows the list of cell aliases currently in + effect, both from F and created using B. Cell + aliases can only be used when the using a Dynamic Root (the B<-dynroot> + option to B). + + =head1 OPTIONS + + =over 4 + + =item B<-help> + + Prints the online help for this command. All other valid options are + ignored. + + =back + + =head1 OUTPUT + + If an alias C exists for the cell C, the output + include the following line: + + Alias openafs for cell openafs.org + + =head1 EXAMPLES + + There is only one way to invoke B: + + % fs listaliases + + =head1 PRIVILEGE REQUIRED + + No special priviledges are required for this command. + + =head1 SEE ALSO + + L, + L, + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/fs_newalias.pod diff -c /dev/null openafs/doc/man-pages/pod1/fs_newalias.pod:1.1.2.2 *** /dev/null Wed Oct 24 01:57:13 2007 --- openafs/doc/man-pages/pod1/fs_newalias.pod Sun Aug 5 19:37:14 2007 *************** *** 0 **** --- 1,96 ---- + =head1 NAME + + fs newalias - Creates a new alias for a cell + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-alias>] > >>> + S<<< [B<-name>] > >>> [B<-help>] + + =for html +
+ + =head1 DESCRIPTION + + The B command is used when the AFS Cache Manager is in + Dynamic Root (B<-dynroot>) mode. It creates a symbolic link in F + from an alias to the full name of the cell. It also creates a symbolic + link from the alias prepended with C<.> to the full name of the cell + prepended with C<.>, the convention for access to the read/write version + of the C volume of that cell. + + This command is used to supplement aliases created via the F + configuration file when B starts. + + Traditionally, these aliases would be created by the local AFS + administrator by creating symbolic links in the C volume. Such + symlinks do not appear when Dynamic Root is enabled because, with Dynamic + Root, the Cache Manager does not mount or look at the C + volume. This alias capability is a replacement that allows such short + names to be created under client control. + + =head1 CAUTIONS + + Aliases created with B are only temporary and will be lost + when the AFS Cache Manager is restarted or the client machine is + rebooted. In order to make the alias permanent, it must be put into the + F file. + + There is no way to remove an alias once created without restarting the + AFS Cache Manager. + + =head1 OPTIONS + + =over 4 + + =item B<-alias> > + + This is the short name to which the user wants to map the real cell name. + + =item B<-name> > + + This is the real cell name. + + =item B<-help> + + Prints the online help for this command. All other valid options are + ignored. + + =back + + =head1 OUTPUT + + This command has no output. + + =head1 EXAMPLES + + There are two ways to call B: + + % fs newalias openafs openafs.org + % fs newalias -alias openafs -name openafs.org + + Both of the above examples create an alias C for the cell + C. Two links wil be created in F: + + /afs/openafs -> /afs/openafs.org + /afs/.openafs -> /afs/.openafs.org + + =head1 PRIVILEGE REQUIRED + + The issuer must be logged in as the local superuser root. + + =head1 SEE ALSO + + L, + L, + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/fs_setcrypt.pod diff -c /dev/null openafs/doc/man-pages/pod1/fs_setcrypt.pod:1.3.2.4 *** /dev/null Wed Oct 24 01:57:13 2007 --- openafs/doc/man-pages/pod1/fs_setcrypt.pod Sun Aug 5 19:37:14 2007 *************** *** 0 **** --- 1,98 ---- + =head1 NAME + + fs setcrypt - Enables of disables the encryption of AFS file transfers + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-crypt>] > >>> [B<-help>] + + =for html +
+ + =head1 DESCRIPTION + + The B command sets the status of network traffic encryption + for file traffic in the AFS client. This encryption applies to file + traffic going to and coming from the AFS File Server for users with valid + tokens. This command does not control the encryption used for + authentication, which uses Kerberos 5 or klog/kaserver. The complement of + this command is B, which shows the status of encryption on + the client. + + The default encryption status is enabled. + + This is a global setting and applies to all subsequent connections to an + AFS File Server from this Cache Manager. There is no way to enable or + disable encryption for specific connections. + + =head1 CAUTIONS + + AFS uses an encryption scheme called fcrypt, based on but slightly weaker + than DES, and there is currently no way to specify a different encryption + mechanism. Because fcrypt and DES are obsolete, the user must decide how + much to trust the encryption. Consider using a Virtual Private Network at + the IP level if better encryption is needed. + + Encrypting file traffic requires a token. Unauthenticated connections or + connections authorized via IP-based ACLs will not be encrypted even when + encryption is turned on. + + =head1 OPTIONS + + =over 4 + + =item B<-crypt> > + + This is the only option to B. The B<-crypt> option takes + either C or C. C enables encryption. C disables + encryption. Since this is the only option, the C<-crypt> flag may be + omitted. + + C<0> and C<1> or C and C are not supported as replacements + for C and C. + + =item B<-help> + + Prints the online help for this command. All other valid options are + ignored. + + =back + + =head1 OUTPUT + + This command produces no output other than error messages. + + =head1 EXAMPLES + + There are only four ways to invoke B. Either of: + + % fs setcrypt -crypt on + % fs setcrypt on + + will enable encryption for authenticated connections and: + + % fs setcrypt -crypt off + % fs setcrypt off + + will disable encryption. + + =head1 PRIVILEGE REQUIRED + + The issuer must be logged in as the local superuser root. + + =head1 SEE ALSO + + L + + The description of the fcrypt encryption mechanism at + L. + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/fs_uuid.pod diff -c /dev/null openafs/doc/man-pages/pod1/fs_uuid.pod:1.1.4.2 *** /dev/null Wed Oct 24 01:57:13 2007 --- openafs/doc/man-pages/pod1/fs_uuid.pod Tue Oct 23 13:04:23 2007 *************** *** 0 **** --- 1,82 ---- + =head1 NAME + + fs uuid - Prints the uuid of the client or generates a new one + + =head1 SYNOPSIS + + =for html +
+ + B [B<-generate>] [B<-help>] + + =for html +
+ + =head1 DESCRIPTION + + B prints the current uuid of an OpenAFS client. It can + optionally force the generation of a new uuid, if needed. The client + uuid is used by the B to differentiate clients with the + same IP address. + + =head1 CAUTIONS + + The B command is only available in OpenAFS versions after + 1.4.5 and 1.5.8. The behavior differs slightly between versions. In + OpenAFS 1.4.5 and later, the B<-generate> option is required and the + uuid for the client machine is never printed. OpenAFS versions 1.5.8 + and later will print the uuid. + + =head1 OPTIONS + + =over 4 + + =item B<-generate> + + Generates a new uuid for the cache manager. This is useful if two + clients share the same uuid. B<-generate> is optional in OpenAFS + versions 1.5.8 and later, but it is required in OpenAFS versions 1.4.5 + and later. + + =item B<-help> + + Prints the online help for this command. All other valid options are + ignored. + + =back + + =head1 OUTPUT + + B prints out the current uuid for the client or the new uuid + if the B<-generate> option is passed to it. + + =head1 EXAMPLES + + There are only two ways to invoke B under 1.5.8 and later: + + % fs uuid + UUID: 8ac66f9308a8e-47d7-80f7-50d0040cddc2 + + % fs uuid -generate + New UUID: 436bd660-1720-429508e470cff38f5c6fb0 + + Here is the only way to invoke B under OpenAFS 1.4.5 and later: + + % fs uuid -generate + New uuid generated. + + + =head1 PRIVILEGE REQUIRED + + The issuer must be logged on as the local superuser C. + + =head1 SEE ALSO + + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/klog.pod diff -c openafs/doc/man-pages/pod1/klog.pod:1.3.2.5 openafs/doc/man-pages/pod1/klog.pod:1.3.2.6 *** openafs/doc/man-pages/pod1/klog.pod:1.3.2.5 Wed Mar 1 00:11:20 2006 --- openafs/doc/man-pages/pod1/klog.pod Fri Jul 27 14:02:03 2007 *************** *** 49,56 **** credential structure already contains a token for the requested cell, the token resulting from this command replaces it. ! Sites that employ standard Kerberos authentication instead of the AFS ! Authentication Server must use the Kerberos version of this command, B, on all client machines. It automatically places the issuer's Kerberos tickets in the file named by the KRBTKFILE environment variable, which the B command defines automatically as F> --- 49,60 ---- credential structure already contains a token for the requested cell, the token resulting from this command replaces it. ! Sites that employ Kerberos authentication instead of the AFS ! Authentication Server should normally use the combination of B and ! B instead of B. ! ! Sites using Kerberos v4 authentication (perhaps with the AFS ! Authentication Server) must use the Kerberos version of this command, B, on all client machines. It automatically places the issuer's Kerberos tickets in the file named by the KRBTKFILE environment variable, which the B command defines automatically as F> Index: openafs/doc/man-pages/pod1/pts.pod diff -c openafs/doc/man-pages/pod1/pts.pod:1.2.2.3 openafs/doc/man-pages/pod1/pts.pod:1.2.2.4 *** openafs/doc/man-pages/pod1/pts.pod:1.2.2.3 Thu Jan 5 13:33:53 2006 --- openafs/doc/man-pages/pod1/pts.pod Fri Aug 17 21:48:14 2007 *************** *** 52,57 **** --- 52,66 ---- =item * + Commands to run commands interactively: B, B, and B. + + =item * + + A command to run commands from a file: B. + + =item * + Commands to obtain help: B and B. =back *************** *** 136,149 **** L, L, L, L, L, L, L, L, L, L, ! L =head1 COPYRIGHT --- 145,162 ---- L, L, L, + L, L, L, L, L, + L, L, L, L, ! L, ! L, ! L =head1 COPYRIGHT Index: openafs/doc/man-pages/pod1/pts_interactive.pod diff -c /dev/null openafs/doc/man-pages/pod1/pts_interactive.pod:1.2.2.2 *** /dev/null Wed Oct 24 01:57:13 2007 --- openafs/doc/man-pages/pod1/pts_interactive.pod Fri Aug 17 22:47:28 2007 *************** *** 0 **** --- 1,119 ---- + =head1 NAME + + pts interactive - Enters interactive mode + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-cell>] > >>> [B<-noauth>] + [B<-force>] + + B S<<< [B<-c>] > >>> [B<-n>] [B<-f>] + + =for html +
+ + =head1 DESCRIPTION + + The B command allows the user to enter an interactive + mode, useful for running bulk commands like creating new users or groups. + + =head1 CAUTIONS + + Prior to OpenAFS 1.4.5 and OpenAFS 1.5.23, the B command + was only available on Unix or Linux and when OpenAFS was compiled with the + supergroups option (disabled by default). As of OpenAFS 1.4.5 and 1.5.23, + it is always available. + + Running bulk B commands may degrade the performance of the Protection + Server while they are run and server resources may not be released + immediately after commands are run. The B command can be used + in interactive mode or with B to give the Protection Server a + change to catch up. + + =head1 OPTIONS + + B only takes the standard B options. + + =over 4 + + =item B<-cell> > + + Names the cell in which to run the command. For more details, see + L. + + =item B<-force> + + Enables the command to continue executing as far as possible when errors + or other problems occur, rather than halting execution at the first error. + This is useful for bulk operations where you would like to continue even + if one of many operations fails. + + =item B<-noauth> + + Assigns the unprivileged identity anonymous to the issuer. For more + details, see L. + + =back + + =head1 OUTPUT + + The output is the same as if each individual command were run from the + command line. + + =head1 EXAMPLES + + Here is an example of a B session: + + % pts interactive + pts> examine admin + Name: admin, id: 1, owner: system:administrators, creator: anonymous, + membership: 2, flags: S----, group quota: 20. + pts> help + pts: Commands are: + adduser add a user to a group + apropos search by help text + chown change ownership of a group + creategroup create a new group + createuser create a new user + delete delete a user or group from database + examine examine an entry + help get help on commands + interactive enter interactive mode + listentries list users/groups in the protection database + listmax list max id + listowned list groups owned by an entry or zero id gets orphaned groups + membership list membership of a user or group + quit exit program + removeuser remove a user from a group + rename rename user or group + setfields set fields for an entry + setmax set max id + sleep pause for a bit + source read commands from file + pts> quit + % + + =head1 PRIVILEGE REQUIRED + + The same privilege is required to run the command in interactive mode as + is required to run the command by itself on the command line. Some + commands such as B require that the user belong to the + system:administrators group, while others do not. + + =head1 SEE ALSO + + L, + L, + L, + L, + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/pts_quit.pod diff -c /dev/null openafs/doc/man-pages/pod1/pts_quit.pod:1.1.4.2 *** /dev/null Wed Oct 24 01:57:13 2007 --- openafs/doc/man-pages/pod1/pts_quit.pod Fri Aug 17 21:48:14 2007 *************** *** 0 **** --- 1,76 ---- + =head1 NAME + + pts quit - Exit from pts interactive mode + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-cell>] > >>> [B<-noauth>] [B<-force>] + + B S<<< [B<-c>] > >>> [B<-n>] [B<-f>] + + =for html +
+ + =head1 DESCRIPTION + + The B command exits from B mode. The command + can be run from the command line or interactively, but on the command line + it does nothing and is therefore of questionable utility. + + =head1 CAUTIONS + + Prior to OpenAFS 1.4.5 and OpenAFS 1.5.23, the B command was + only available on Unix or Linux and when OpenAFS was compiled with the + supergroups option (disabled by default). As of OpenAFS 1.4.5 and 1.5.23, + it is always available. + + =head1 OPTIONS + + Although they have no effect, B takes the following standard + B options: + + =over 4 + + =item B<-cell> > + + Names the cell in which to run the command. For more details, see + L. + + =item B<-force> + + Enables the command to continue executing as far as possible when errors + or other problems occur, rather than halting execution at the first error. + + =item B<-noauth> + + Assigns the unprivileged identity anonymous to the issuer. For more + details, see L. + + =back + + =head1 OUTPUT + + This command produces no output. + + =head1 EXAMPLES + + Here is an example of a B session: + + % pts interactive + pts> quit + % + + =head1 SEE ALSO + + L, + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/pts_sleep.pod diff -c /dev/null openafs/doc/man-pages/pod1/pts_sleep.pod:1.2.2.2 *** /dev/null Wed Oct 24 01:57:13 2007 --- openafs/doc/man-pages/pod1/pts_sleep.pod Fri Aug 17 22:47:28 2007 *************** *** 0 **** --- 1,81 ---- + =head1 NAME + + pts sleep - Pauses for a few seconds + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-delay>] > >>> + S<<< [B<-cell>] > >>> [B<-noauth>] [B<-force>] + + B S<<< [B<-d>] > >>> S<<< [B<-c>] > >>> + [B<-n>] [B<-f>] + + =for html +
+ + =head1 DESCRIPTION + + The B pauses for a specified number of seconds. The command can + be run from the command line or interactively, although from the command + line it's essentially equivalent to the B command. It is intended + for use in interactive mode to pause for a few seconds between batch + commands to allow the Protection Server to catch up. + + =head1 CAUTIONS + + Prior to OpenAFS 1.4.5 and OpenAFS 1.5.23, the B command was + only available on Unix or Linux and when OpenAFS was compiled with the + supergroups option (disabled by default). As of OpenAFS 1.4.5 and 1.5.23, + it is always available. + + =head1 OPTIONS + + Although they have no effect, B takes the following standard + B options: + + =over 4 + + =item B<-cell> > + + Names the cell in which to run the command. For more details, see + L. + + =item B<-force> + + Enables the command to continue executing as far as possible when errors + or other problems occur, rather than halting execution at the first error. + + =item B<-noauth> + + Assigns the unprivileged identity anonymous to the issuer. For more + details, see L. + + =back + + =head1 OUTPUT + + This command produces no output. + + =head1 EXAMPLES + + Here is an example of a B session: + + % pts interactive + pts> sleep 5 + pts> quit + % + + =head1 SEE ALSO + + L, + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/pts_source.pod diff -c /dev/null openafs/doc/man-pages/pod1/pts_source.pod:1.3.2.2 *** /dev/null Wed Oct 24 01:57:13 2007 --- openafs/doc/man-pages/pod1/pts_source.pod Fri Aug 17 22:47:28 2007 *************** *** 0 **** --- 1,90 ---- + =head1 NAME + + pts source - Read pts commands from a file + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-file>] > >>> S<<< [B<-cell>] > >>> + [B<-noauth>] [B<-force>] + + B S<<< [B<-f>] > >>> S<<< [B<-c>] > >>> + [B<-n>] [B<-f>] + + =for html +
+ + =head1 DESCRIPTION + + The B runs commands from a file as if they were typed in B mode. The command can be run from the command line or + interactively. + + =head1 CAUTIONS + + Prior to OpenAFS 1.4.5 and OpenAFS 1.5.23, the B command was + only available on Unix or Linux and when OpenAFS was compiled with the + supergroups option (disabled by default). As of OpenAFS 1.4.5 and 1.5.23, + it is always available. + + =head1 OPTIONS + + B takes the following options: + + =over 4 + + =item B<-cell> > + + Names the cell in which to run the command. For more details, see + L. + + =item B<-file> > + + Specifies the filename from which to read commands. + + =item B<-force> + + Enables the command to continue executing as far as possible when errors + or other problems occur, rather than halting execution at the first error. + This is useful for bulk operations where you would like to continue even + if one of many operations fails. + + =item B<-noauth> + + Assigns the unprivileged identity anonymous to the issuer. For more + details, see L. + + =back + + =head1 OUTPUT + + This command shows the output of each comand in the file as if it were + run normally. + + =head1 EXAMPLES + + Here is an example of using B in a B session: + + % echo examine admin > /tmp/commands.txt + % pts interactive + pts> source /tmp/commands.txt + Name: admin, id: 1, owner: system:administrators, creator: anonymous, + membership: 2, flags: S----, group quota: 20. + pts> quit + % + + =head1 SEE ALSO + + L, + L, + L, + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/vos.pod diff -c openafs/doc/man-pages/pod1/vos.pod:1.3.2.4 openafs/doc/man-pages/pod1/vos.pod:1.3.2.6 *** openafs/doc/man-pages/pod1/vos.pod:1.3.2.4 Thu Jan 5 13:54:17 2006 --- openafs/doc/man-pages/pod1/vos.pod Fri Aug 17 22:38:14 2007 *************** *** 41,47 **** =item * Commands to create, move, and rename volumes: B, B, B, B, and B. =item * --- 41,48 ---- =item * Commands to create, move, and rename volumes: B, B, B, B, B, and B. =item * *************** *** 55,61 **** =item * ! Commands to create and restore dump files: B and B. =item * --- 56,63 ---- =item * ! Commands to create, size, and restore dump files: B, B, and B. =item * *************** *** 235,240 **** --- 237,243 ---- L, L, L, + L, L, L, L, *************** *** 252,257 **** --- 255,261 ---- L, L, L, + L, L, L, L, Index: openafs/doc/man-pages/pod1/vos_backupsys.pod diff -c openafs/doc/man-pages/pod1/vos_backupsys.pod:1.3.2.6 openafs/doc/man-pages/pod1/vos_backupsys.pod:1.3.2.7 *** openafs/doc/man-pages/pod1/vos_backupsys.pod:1.3.2.6 Wed Mar 1 00:11:21 2006 --- openafs/doc/man-pages/pod1/vos_backupsys.pod Fri Aug 17 21:48:14 2007 *************** *** 109,115 **** -prefix '^.*aix' ! =back 4 To display a list of the volumes to be cloned, without actually cloning them, include the B<-dryrun> flag. To display a statement that summarizes --- 109,115 ---- -prefix '^.*aix' ! =back To display a list of the volumes to be cloned, without actually cloning them, include the B<-dryrun> flag. To display a statement that summarizes Index: openafs/doc/man-pages/pod1/vos_changeloc.pod diff -c /dev/null openafs/doc/man-pages/pod1/vos_changeloc.pod:1.1.4.3 *** /dev/null Wed Oct 24 01:57:13 2007 --- openafs/doc/man-pages/pod1/vos_changeloc.pod Sun Aug 19 18:27:03 2007 *************** *** 0 **** --- 1,150 ---- + =head1 NAME + + vos changeloc - Change a volume's entry in the VLDB + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-server>] > >>> + S<<< [B<-partition>] > >>> + S<<< [B<-id>] > >>> + S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] + [B<-verbose>] [B<-encrypt>] [B<-help>] + + B S<<< [B<-s>] > >>> + S<<< [B<-p>] > >>> + S<<< [B<-i>] > >>> + S<<< [B<-c> >] >>> [B<-n>] [B<-l>] [B<-v>] [B<-e>] [B<-h>] + + =for html +
+ + =head1 DESCRIPTION + + The B command changes the location of a volume in the + Volume Location Database (VLDB) without needing to contact the original + file server on which the volume was hosted. This is useful when a file + server has gone down permanently and the data that was stored on that + server has been moved to a new file server with a different name and IP + address (perhaps by mounting the same /vicepX partitions on a different + host). After moving the data and running B, run B and then B against the new server to ensure full + synchronization of the VLDB with the file server. + + In essence, B performs the same operations on the VLDB as + B, but it does NOT move the data from one server's file system + to another. + + =head1 CAUTIONS + + Using B changes the VLDB without modifying the file server + data, so it inherently causes the VLDB to be out of sync with the data on + the servers. It should only be used when recovering from server failure. + If the servers are on-line, B should be used instead. It is + highly recommended that B and B be run after + using the B command to ensure properly synchronization of + the VLDB with the file servers. + + =head1 OPTIONS + + B takes the following options: + + =over 4 + + =item B<-server> > + + Specifies the new server where the VLDB should believe the volume resides. + Provide the machine's IP address or its host name (either fully qualified + or using an unambiguous abbreviation). For details, see L. + + =item B<-partition> > + + Specifies the partition where the VLDB should believe the volume resides. + entries. Provide the B<-server> argument along with this one. Provide the + partition's complete name with preceding slash (for example, C) + or use one of the three acceptable abbreviated forms. For details, see + L. + + =item B<-id> > + + Specifies the name or volume ID number on which to operate. + + =item B<-cell> > + + Names the cell in which to run the command. Do not combine this argument + with the B<-localauth> flag. For more details, see L. + + =item B<-noauth> + + Assigns the unprivileged identity C to the issuer. Do not + combine this flag with the B<-localauth> flag. For more details, see + L. + + =item B<-localauth> + + Constructs a server ticket using a key from the local + F file. The B command interpreter presents it + to the Volume Server and Volume Location Server during mutual + authentication. Do not combine this flag with the B<-cell> argument or + B<-noauth> flag. For more details, see L. + + =item B<-verbose> + + Produces on the standard output stream a detailed trace of the command's + execution. If this argument is omitted, only warnings and error messages + appear. + + =item B<-encrypt> + + Encrypts the commands that are sent to the server. + + =item B<-help> + + Prints the online help for this command. All other valid options are + ignored. + + =back + + =head1 OUTPUT + + B shows a brief message upon completion: + + Changed location to server2 /vicepa for volume user.jdoe + + =head1 EXAMPLES + + The following command changes the location of the C volume to + be F on the file server machine C while being verbose: + + % vos changeloc server2 a user.jdoe -verbose + done + Changed location to server2 /vicepa for volume user.jdoe + + The following command changes the location of the C volume to + be F on C without being verbose: + + % vos changeloc server1 a user.jdoe + Changed location to server1 /vicepa for volume user.jdoe + + =head1 PRIVILEGE REQUIRED + + The issuer must be listed in the F file on each + database server machine. If the B<-localauth> flag is included, the issuer + must instead be logged on to a server machine as the local superuser + C. + + =head1 SEE ALSO + + L, + L, + L, + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod1/vos_offline.pod diff -c /dev/null openafs/doc/man-pages/pod1/vos_offline.pod:1.1.2.2 *** /dev/null Wed Oct 24 01:57:13 2007 --- openafs/doc/man-pages/pod1/vos_offline.pod Tue Jun 12 00:00:18 2007 *************** *** 0 **** --- 1,124 ---- + =head1 NAME + + vos offline - Takes a volume offline + + =head1 SYNOPSIS + + =for html +
+ + B S<<< B<-server> > >>> S<<< B<-partition> > >>> + S<<< B<-id> > >>> S<<< [B<-unbless>] >>> S<<< [B<-cell> >] >>> + S<<< [B<-noauth>] | B<-localauth>] >>> S<<< [B<-verbose>] >>> S<<< [B<-encrypt>] >>> S<<< [B<-help>] >>> + + =for html +
+ + =head1 DESCRIPTION + + The B command takes a volume offline on the + B. + + =head1 CAUTIONS + + Taking a volume offline that has existing + callbacks will result in those callbacks being broken + and clients not being able to access the volume. + + =head1 OPTIONS + + =over 4 + + =item B<-server> > + + Identifies the file server machine where the volume resides. + Provide the machine's IP address or its host name (either fully + qualified or using an unambiguous abbreviation). For details, see + L. + + =item B<-partition> > + + Identifies the partition where the volume resides, on the + file server machine named by the B<-server> argument. Provide the + partition's complete name with preceding slash (for example, C) + or use one of the three acceptable abbreviated forms. For details, see + L. + + =item B<-id> > + + Specifies either the complete name or volume ID number of the volume. + + =item B<-unbless> + + If the volume resides on a fileserver running as a I (Demand + Attach File Server), then the volume may be marked as I or + I. A I server will not bring I volumes + online unless the B<-bless> option to L is specified. + See L for setting a volume to be I. + + =item B<-cell> > + + Names the cell in which to run the command. Do not combine this argument + with the B<-localauth> flag. For more details, see L. + + =item B<-noauth> + + Assigns the unprivileged identity anonymous to the issuer. Do not combine + this flag with the B<-localauth> flag. For more details, see L. + + =item B<-localauth> + + Constructs a server ticket using a key from the local + F file. The B command interpreter presents it + to the Volume Server and Volume Location Server during mutual + authentication. Do not combine this flag with the B<-cell> argument or + B<-noauth> flag. For more details, see L. + + =item B<-verbose> + + Produces on the standard output stream a detailed trace of the command's + execution. If this argument is omitted, only warnings and error messages + appear. + + =item B<-encrypt> + + Encrypts the command so that the operation's results are + not transmitted across the network in clear text. + + =item B<-help> + + Prints the online help for this command. All other valid options are + ignored. + + =back + + =head1 EXAMPLES + + The following example takes an online volume offline: + + % vos offline -server sv7.stateu.edu -partition /vicepb -id root.afs + + The following example takes an online volume offline and marks it + so that a B without B<-bless> will not bring it online: + + % vos offline -server sv7.stateu.edu -partition /vicepb -id root.afs \ + -unbless + + =head1 PRIVILEGE REQUIRED + + The issuer must be listed in the F file on the + machine specified with the B<-server> argument and on each database server + machine. If the B<-localauth> flag is included, the issuer must instead be + logged on to a server machine as the local superuser C. + + =head1 SEE ALSO + + L, + L, + L, + + =head1 COPYRIGHT + + IBM Corporation 2000. All Rights Reserved. + + This man page was created by Steven Jenkins. Index: openafs/doc/man-pages/pod1/vos_online.pod diff -c /dev/null openafs/doc/man-pages/pod1/vos_online.pod:1.1.2.2 *** /dev/null Wed Oct 24 01:57:13 2007 --- openafs/doc/man-pages/pod1/vos_online.pod Tue Jun 12 00:00:18 2007 *************** *** 0 **** --- 1,120 ---- + =head1 NAME + + vos online - Brings a volume online + + =head1 SYNOPSIS + + =for html +
+ + B S<<< B<-server> > >>> S<<< B<-partition> > >>> + S<<< B<-id> > >>> S<<< [B<-bless>] >>> S<<< [B<-cell> >] >>> + S<<< [B<-noauth>] | B<-localauth>] >>> S<<< [B<-verbose>] >>> S<<< [B<-encrypt>] >>> S<<< [B<-help>] >>> + + =for html +
+ + =head1 DESCRIPTION + + The B command brings an offline volume on line with the + B. + + =head1 CAUTIONS + + None. + + =head1 OPTIONS + + =over 4 + + =item B<-server> > + + Identifies the file server machine where the volume resides. + Provide the machine's IP address or its host name (either fully + qualified or using an unambiguous abbreviation). For details, see + L. + + =item B<-partition> > + + Identifies the partition where the volume resides, on the + file server machine named by the B<-server> argument. Provide the + partition's complete name with preceding slash (for example, C) + or use one of the three acceptable abbreviated forms. For details, see + L. + + =item B<-id> > + + Specifies either the complete name or volume ID number of the volume. + + =item B<-bless> + + If the volume resides on a fileserver running as a I (Demand + Attach File Server), then the volume may be marked as I or + I. A I server will not bring I volumes + online unless the B<-bless> option to L is specified. + See L for setting a volume to be I. + + =item B<-cell> > + + Names the cell in which to run the command. Do not combine this argument + with the B<-localauth> flag. For more details, see L. + + =item B<-noauth> + + Assigns the unprivileged identity anonymous to the issuer. Do not combine + this flag with the B<-localauth> flag. For more details, see L. + + =item B<-localauth> + + Constructs a server ticket using a key from the local + F file. The B command interpreter presents it + to the Volume Server and Volume Location Server during mutual + authentication. Do not combine this flag with the B<-cell> argument or + B<-noauth> flag. For more details, see L. + + =item B<-verbose> + + Produces on the standard output stream a detailed trace of the command's + execution. If this argument is omitted, only warnings and error messages + appear. + + =item B<-encrypt> + + Encrypts the command so that the operation's results are + not transmitted across the network in clear text. + + =item B<-help> + + Prints the online help for this command. All other valid options are + ignored. + + =back + + =head1 EXAMPLES + + The following example brings an offline volume online: + + % vos online -server sv7.stateu.edu -partition /vicepb -id root.afs + + The following example brings an offline, unblessed volume online: + + % vos online -server sv7.stateu.edu -partition /vicepb -id root.afs -bless + + =head1 PRIVILEGE REQUIRED + + The issuer must be listed in the F file on the + machine specified with the B<-server> argument and on each database server + machine. If the B<-localauth> flag is included, the issuer must instead be + logged on to a server machine as the local superuser C. + + =head1 SEE ALSO + + L, + L, + L, + + =head1 COPYRIGHT + + IBM Corporation 2000. All Rights Reserved. + + This man page was created by Steven Jenkins. Index: openafs/doc/man-pages/pod1/vos_size.pod diff -c /dev/null openafs/doc/man-pages/pod1/vos_size.pod:1.1.2.3 *** /dev/null Wed Oct 24 01:57:13 2007 --- openafs/doc/man-pages/pod1/vos_size.pod Fri Aug 17 21:48:14 2007 *************** *** 0 **** --- 1,147 ---- + =head1 NAME + + vos size - Computes the size of a volume dump + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-cell> >] >>> [B<-dump>] + [B<-encrypt>] [B<-help>] [B<-id>] > + [B<-localauth>] [B<-noauth>] + S<<< [B<-partition> >] >>> + S<<< [B<-server> >] >>> + S<<< [B<-time> >] >>> [B<-verbose>] + + =for html +
+ + =head1 DESCRIPTION + + The B command shows the size of a volume's dump for backup + purposes. The size of the dump may differ from the volume size as reported + by B or B. The size is shown in bytes. + + This command is intended for use with backup systems that want to size + volume dumps before performing them (to optimize use of tape resources, + for example). + + =head1 OPTIONS + + =over 4 + + =item B<-cell> > + + The cell in which the volume resides, if it's not in the current cell. + + =item B<-dump> + + Show the size of the volume dump for the specified volume. Currently, this + flag should always be given for B to give useful information. + It is present to allow this command to provide other size estimates in the + future. + + =item B<-encrypt> + + Encrypt the command. + + =item B<-help> + + Prints the online help for this command. All other valid options are + ignored. + + =item B<-id> > + + Specifies either the complete name or volume ID number of the read/write, + read-only, or backup volume to size. + + =item B<-localauth> + + Constructs a server ticket using a key from the local + F file. The B command interpreter presents it + to the Volume Server and Volume Location Server during mutual + authentication. Do not combine this flag with the B<-cell> argument or + B<-noauth> flag. For more details, see L. + + =item B<-noauth> + + Assigns the unprivileged identity anonymous to the issuer. Do not combine + this flag with the B<-localauth> flag. For more details, see L. + + =item B<-partition> > + + Specifies the partition on which the volume resides. Provide the + B<-server> argument along with this one. + + =item B<-server> > + + Specifies the file server machine on which the volume resides. Provide + the B<-partition> argument along with this one. + + =item B<-time> > + + Specifies whether the dump is full or incremental. Omit this argument to + size a full dump. See L for the valid values for this + option. + + =item B<-verbose> + + Show more output about what's going on. + + =back + + =head1 OUTPUT + + When run without B<-verbose>, the output will be: + + Volume: + dump_size: + + where is the name of the volume and is the size of the + dump in bytes. With B<-verbose>, additional status messages will be + printed between those two lines. + + =head1 EXAMPLES + + Sizing a single user volume: + + % vos size user.thoron -dump + Volume: user.thoron + dump_size: 36430 + + or, more verbosely: + + % vos size user.thoron -dump -verbose + Volume: user.thoron + Starting transaction on volume 2003434023... done + Getting size of volume on volume 2003434023... done + Ending transaction on volume 2003434023... done + dump_size: 36430 + + Sizing an incremental dump for the same volume: + + % vos size -id user.thoron -time '05/04/2007 00:00:00' -dump + Volume: user.thoron + dump_size: 21095 + + =head1 PRIVILEGE REQUIRED + + The issuer must be listed in the F file on the + machine specified with the B<-server> argument or the machine on which the + volume is located if B<-server> was not given. If the B<-localauth> flag + is included, the issuer must instead be logged on to a server machine as + the local superuser C. + + =head1 SEE ALSO + + L, + L, + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version + 1.0. This man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod5/CellAlias.pod diff -c /dev/null openafs/doc/man-pages/pod5/CellAlias.pod:1.3.2.4 *** /dev/null Wed Oct 24 01:57:13 2007 --- openafs/doc/man-pages/pod5/CellAlias.pod Sun Aug 5 19:37:16 2007 *************** *** 0 **** --- 1,55 ---- + =head1 NAME + + CellAlias - Maps cell names to aliases in /afs + + =head1 DESCRIPTION + + The F file is used when the AFS Cache Manager is Dynamic Root + (B<-dynroot>) mode. It creates symbolic links in the dynamic root that + link an alias for a cell (usually a short name) to the full name for the + cell. + + The most common use of this configuration file is to allow short names for + frequently used cell names. Traditionally, such short names would be + created by the local AFS administrator by creating symbolic links in the + C volume. Such symlinks do not appear when Dynamic Root is + enabled because, with Dynamic Root, the Cache Manager does not mount or + look at the C volume. F is a replacement that allows + such short names to be created under the client control. + + If you configure a short name mapping such as C for + C, the mapping of C<.ir> to C<.ir.stanford.edu> for the + read/write version of the C volume for that cell will be + created automatically. There is no need to list that alias separately (and + it is listed separately, B will report an error on startup). + + The contents of the F file should consist of one line of two + whitespace-separated columns per alias. The first column is the real name + of the cell, and the second column is the alias that should be created. + + =head1 EXAMPLES + + The following F file: + + openafs.org openafs + uncc.edu uncc + + results in the following symbolic links: + + /afs/.openafs -> /afs/.openafs.org + /afs/openafs -> /afs/openafs.org + /afs/.uncc -> /afs/.uncc.edu + /afs/uncc -> /afs/uncc.edu + + =head1 SEE ALSO + + L, + L, + L + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod5/NetInfo.pod diff -c openafs/doc/man-pages/pod5/NetInfo.pod:1.2.2.3 openafs/doc/man-pages/pod5/NetInfo.pod:1.2.2.4 *** openafs/doc/man-pages/pod5/NetInfo.pod:1.2.2.3 Thu Jan 5 13:55:21 2006 --- openafs/doc/man-pages/pod5/NetInfo.pod Tue Jun 19 05:06:27 2007 *************** *** 85,90 **** --- 85,91 ---- =head1 SEE ALSO + L, L, L, L, Index: openafs/doc/man-pages/pod5/NetRestrict.pod diff -c openafs/doc/man-pages/pod5/NetRestrict.pod:1.1.2.2 openafs/doc/man-pages/pod5/NetRestrict.pod:1.1.2.3 *** openafs/doc/man-pages/pod5/NetRestrict.pod:1.1.2.2 Thu Jan 5 13:36:33 2006 --- openafs/doc/man-pages/pod5/NetRestrict.pod Tue Jun 19 05:06:27 2007 *************** *** 7,15 **** There are two F files, one for an AFS client and one for an AFS File Server or database server. The AFS client F file specifies the IP addresses that the client should not register with the ! File Servers it connects to. The server F file specifies what ! interfaces should not be registered with AFS Database Servers or used to ! talk to other database servers. =head2 Client NetRestrict --- 7,15 ---- There are two F files, one for an AFS client and one for an AFS File Server or database server. The AFS client F file specifies the IP addresses that the client should not register with the ! File Servers it connects to. The server F file specifies ! what interfaces should not be registered with AFS Database Servers or used ! to talk to other database servers. =head2 Client NetRestrict *************** *** 79,84 **** --- 79,85 ---- =head1 SEE ALSO + L, L, L, L, Index: openafs/doc/man-pages/pod8/afsd.pod diff -c openafs/doc/man-pages/pod8/afsd.pod:1.5.2.8 openafs/doc/man-pages/pod8/afsd.pod:1.5.2.11 *** openafs/doc/man-pages/pod8/afsd.pod:1.5.2.8 Thu Nov 9 18:57:07 2006 --- openafs/doc/man-pages/pod8/afsd.pod Sun Aug 5 18:12:23 2007 *************** *** 7,29 **** =for html
! B S<<< [B<-blocks> >] >>> ! S<<< [B<-files> >] >>> ! S<<< [B<-rootvol> >] >>> ! S<<< [B<-stat> >] >>> ! [B<-memcache>] S<<< [B<-cachedir> >] >>> ! S<<< [B<-mountdir> >] >>> ! S<<< [B<-daemons> >] >>> ! [B<-nosettime>] [B<-verbose>] [B<-rmtsys>] [B<-debug>] ! S<<< [B<-chunksize> >] >>> ! S<<< [B<-dcache> >] >>> ! S<<< [B<-volumes> >] >>> S<<< [B<-biods> >] >>> ! S<<< [B<-prealloc> >] >>> S<<< [B<-confdir> >] >>> ! S<<< [B<-logfile> >] >>> ! [B<-waitclose>] [B<-shutdown>] [B<-enable_peer_stats>] ! [B<-enable_process_stats>] [B<-help>] =for html
--- 7,36 ---- =for html
! B [B<-afsdb>] [B<-backuptree>] S<<< [B<-biods> >] >>> ! S<<< [B<-blocks> >] >>> ! S<<< [B<-cachedir> >] >>> ! S<<< [B<-chunksize> >] >>> S<<< [B<-confdir> >] >>> ! S<<< [B<-daemons> >] >>> ! S<<< [B<-dcache> >] >>> [B<-debug>] ! [B<-dynroot>] [B<-enable_peer_stats>] [B<-enable_process_stats>] ! [B<-fakestat>] [B<-fakestat-all>] ! S<<< [B<-files> >] >>> ! S<<< [B<-files_per_subdir> > ] >>> ! [B<-help>] S<<< [B<-logfile> >] >>> ! [B<-mem_alloc_sleep>] [B<-memcache>] ! S<<< [B<-mountdir> >] >>> [B<-nomount>] ! [B<-nosettime>] ! S<<< [B<-prealloc> >] >>> ! [B<-rmtsys>] S<<< [B<-rootvol> >] >>> ! [B<-rxbind>] S<<< [B<-rxpck> value for rx_extraPackets ] >>> ! [B<-settime>] [B<-shutdown>] ! S<<< [B<-splitcache> >] >>> ! S<<< [B<-stat> >] >>> [B<-verbose>] ! S<<< [B<-volumes> >] >>> ! [B<-waitclose>] =for html
*************** *** 56,64 **** a cell from this list, or incorrect information about its database server machines, prevents the Cache Manager from accessing files in it. ! The list of database server machines is transferred into the kernel from ! the F file. After initialization, use the B command to change the kernel-resident list without having to reboot. =item * --- 63,73 ---- a cell from this list, or incorrect information about its database server machines, prevents the Cache Manager from accessing files in it. ! By default, the list of database server machines is transferred into the ! kernel from the F file. Alternatively, when the ! B<-afsdb> option is used, the list of database server machines is taken ! from the AFSDB DNS records for each cell. After initialization, use the ! B command to change the kernel-resident list without having to reboot. =item * *************** *** 93,100 **** exists. The second field in the F file is the source for ! this name, and the standard value is the F directory. Use ! the B<-cachedir> argument to override the value in the B file. =item * --- 102,109 ---- exists. The second field in the F file is the source for ! this name. The standard value is F. Use the B<-cachedir> ! argument to override the value in the B file. =item * *************** *** 229,242 **** =item * ! Randomly selects a file server machine in the local cell as the source for ! the correct time. Every five minutes thereafter, the local clock is ! adjusted (if necessary) to match the file server machine's clock. ! ! Use the B<-nosettime> flag to prevent the afsd command from selecting a ! time standard. This is recommended only on file server machines that are ! also acting as clients. File server machines maintain the correct time ! using the Network Time Protocol Daemon instead. =back --- 238,249 ---- =item * ! If the B<-settime> option is specified, then it randomly selects a file ! server machine in the local cell as the source for the correct time. Every ! five minutes thereafter, the local clock is adjusted (if necessary) to ! match the file server machine's clock. This is not enabled by default. It ! is recommended, instead, that the Network Time Protocol Daemon be used to ! synchronize the time. =back *************** *** 286,296 **** =item * ! One I daemon, which sends a probe to the File Server ! every few minutes to check that it is still accessible. It also ! synchronizes the machine's clock with the clock on a randomly-chosen file ! server machine, unless the B<-nosettime> flag is used. There is always one ! server connection daemon. =item * --- 293,303 ---- =item * ! One I daemon, which sends a probe to the File ! Server every few minutes to check that it is still accessible. If the ! B<-settime> option is set, it also synchronizes the machine's clock ! with the clock on a randomly-chosen file server machine. There is ! always one server connection daemon. =item * *************** *** 353,364 **** without an intervening reboot. While most of these issues have been ironed out, stopping and restarting AFS is not recommended unless necessary and rebooting before restarting AFS is still the safest course ! of action. =head1 OPTIONS =over 4 =item B<-blocks> > Specifies the number of kilobyte blocks to be made available for caching --- 360,422 ---- without an intervening reboot. While most of these issues have been ironed out, stopping and restarting AFS is not recommended unless necessary and rebooting before restarting AFS is still the safest course ! of action. This does not apply to Linux; it should be safe to restart the ! AFS client on Linux without rebooting. ! ! In contrast to many client-server applications, not all communication is ! initiated by the client. When the AFS client opens a file, it registers a ! callback with the AFS server. If the file changes, the server notifies the ! client that the file has changed and that all cached copies should be ! discarded. In order to enable full functionality on the AFS client, ! including all command-line utilities, the following UDP ports must be open ! on an firewalls between the client and the server: ! ! fileserver 7000/udp ! cachemanager 7001/udp (OpenAFS client. Arla uses 4711/udp) ! ptserver 7002/udp ! vlserver 7003/udp ! kaserver 7004/udp (not needed with Kerberos v5) ! volserver 7005/udp ! reserved 7006/udp (for future use) ! bosserver 7007/udp ! ! Additionally, for B to work through the firewall you need to allow ! inbound and outbound UDP on ports >1024 (probably 1024s). ! ! Be sure to set the UDP timeouts on the firewall to be at least twenty ! minutes for the best callback performance. =head1 OPTIONS =over 4 + =item B<-afsdb> + + Enable afsdb support. This will use DNS to lookup the AFSDB record and use + that for the database servers for each cell instead of the values in the + F file. This has the advantage of only needing to update one + DNS record to reconfigure the AFS clients for a new database server as + opposed to touching all of the clients, and also allows one to access a + cell without preconfiguring its database servers in F. + + =item B<-backuptree> + + Prefer backup volumes for mountpoints in backup volumes. This option means + that the AFS client will prefer to resolve mount points to backup volumes + when a parent of the current volume is a backup volume. This is similar to + the standard behaviour of preferring read-only volumes over read-write + volumes when the parent volume is a read-only volume. + + =item B<-biods> > + + Sets the number of VM daemons dedicated to performing I/O operations on a + machine running a version of AIX with virtual memory (VM) integration. If + both this argument and the B<-daemons> argument are omitted, the default + is five. If this argument is omitted but the B<-daemons> argument is + provided, the number of VM daemons is set to twice the value of the + B<-daemons> argument. + =item B<-blocks> > Specifies the number of kilobyte blocks to be made available for caching *************** *** 369,412 **** cache, do not combine this argument with the B<-dcache> argument, since doing so can possibly result in a chunk size that is not an exponent of 2. - =item B<-files> > - - Specifies the number of F> files to create in the cache - directory for a disk cache, overriding the default that is calculated as - described in L. Each F> file accommodates a - chunk of data, and can grow to a maximum size of 64 KB by default. Do not - combine this argument with the B<-memcache> argument. - - =item B<-rootvol> > - - Names the read/write volume corresponding to the root directory for the - AFS file tree (which is usually the F directory). This value - overrides the default of the C volume. - - =item B<-stat> > - - Specifies the number of entries to allocate in the machine's memory for - recording status information about the AFS files in the cache. This value - overrides the default of C<300>. - - =item B<-memcache> - - Initializes a memory cache rather than a disk cache. Do not combine this - flag with the B<-files> argument. - =item B<-cachedir> > Names the local disk directory to be used as the cache. This value overrides the default defined in the second field of the F file. ! =item B<-mountdir> > ! Names the local disk directory on which to mount the root of the AFS ! filespace. This value overrides the default defined in the first field of ! the F file. If a value other than the F ! directory is used, the machine cannot access the filespace of cells that ! do use that value. =item B<-daemons> > --- 427,458 ---- cache, do not combine this argument with the B<-dcache> argument, since doing so can possibly result in a chunk size that is not an exponent of 2. =item B<-cachedir> > Names the local disk directory to be used as the cache. This value overrides the default defined in the second field of the F file. ! =item B<-chunksize> > ! Sets the size of each cache chunk. The integer provided, which must be ! from the range C<0> to C<30>, is used as an exponent on the number 2. It ! overrides the default of 16 for a disk cache (2^16 is 64 KB) and 13 for a ! memory cache (2^13 is 8 KB). A value of C<0> or less, or greater than ! C<30>, sets chunk size to the appropriate default. Values less than C<10> ! (which sets chunk size to a 1 KB) are not recommended. Combining this ! argument with the B<-dcache> argument is not recommended because it ! requires that the issuer calculate the cache size that results. ! ! B<-chunksize> is an important option when tuning for performance. Setting ! this option to larger values can increase performance when dealing with ! large files. ! ! =item B<-confdir> > ! ! Names a directory other than the F directory from which to ! fetch the F, F, and F configuration ! files. =item B<-daemons> > *************** *** 421,445 **** and the B<-biods> argument is not. If both arguments are omitted, there are five VM daemons. ! =item B<-nosettime> ! ! Prevents the Cache Manager from synchronizing its clock with the clock on ! a server machine selected at random, by checking the time on the server ! machine every five minutes. Use this flag only on a machine that is ! already using another time synchronization protocol (for example, a server ! machine that is running the B process). ! ! =item B<-verbose> ! ! Generates a detailed trace of the B program's actions on the ! standard output stream. ! ! =item B<-rmtsys> ! Initializes an additional daemon to execute AFS-specific system calls on ! behalf of NFS client machines. Use this flag only if the machine is an ! NFS/AFS translator machine serving users of NFS client machines who ! execute AFS commands. =item B<-debug> --- 467,483 ---- and the B<-biods> argument is not. If both arguments are omitted, there are five VM daemons. ! =item B<-dcache> > ! Sets the number of dcache entries in memory, which are used to store ! information about cache chunks. For a disk cache, this overrides the ! default, which is 50% of the number of F> files (cache chunks). For ! a memory cache, this argument effectively sets the number of cache chunks, ! but its use is not recommended, because it requires the issuer to ! calculate the resulting total cache size (derived by multiplying this ! value by the chunk size). Do not combine this argument with the B<-blocks> ! argument, since doing so can possibly result in a chunk size that is not ! an exponent of 2. =item B<-debug> *************** *** 447,488 **** standard output stream. The information is useful mostly for debugging purposes. ! =item B<-chunksize> > ! Sets the size of each cache chunk. The integer provided, which must be ! from the range C<0> to C<30>, is used as an exponent on the number 2. It ! overrides the default of 16 for a disk cache (2^16 is 64 KB) and 13 for a ! memory cache (2^13 is 8 KB). A value of C<0> or less, or greater than ! C<30>, sets chunk size to the appropriate default. Values less than C<10> ! (which sets chunk size to a 1 KB) are not recommended. Combining this ! argument with the B<-dcache> argument is not recommended because it ! requires that the issuer calculate the cache size that results. ! =item B<-dcache> > ! Sets the number of dcache entries in memory, which are used to store ! information about cache chunks. For a disk cache, this overrides the ! default, which is 50% of the number of F> files (cache ! chunks). For a memory cache, this argument effectively sets the number of ! cache chunks, but its use is not recommended, because it requires the ! issuer to calculate the resulting total cache size (derived by multiplying ! this value by the chunk size). Do not combine this argument with the ! B<-blocks> argument, since doing so can possibly result in a chunk size ! that is not an exponent of 2. ! =item B<-volumes> > ! Specifies the number of memory structures to allocate for storing volume ! location information. The default value is C<50>. ! =item B<-biods> > ! Sets the number of VM daemons dedicated to performing I/O operations on a ! machine running a version of AIX with virtual memory (VM) integration. If ! both this argument and the B<-daemons> argument are omitted, the default ! is five. If this argument is omitted but the B<-daemons> argument is ! provided, the number of VM daemons is set to twice the value of the ! B<-daemons> argument. =item B<-prealloc> > --- 485,605 ---- standard output stream. The information is useful mostly for debugging purposes. ! =item B<-dynroot> ! The standard behaviour of the AFS client without the B<-dynroot> option is ! to mount the root.afs volume from the default cell on the F path. The ! F folder and root.afs volume traditionally shows the folders for ! F and other cells as configured by the AFS cell administrator. ! ! The B<-dynroot> option changes this. Using this option, the AFS client ! does not mount the root.afs volume on F. Instead it uses the ! contents of the F file to populate the listing of cells in ! F. This is known as a DYNamic ROOT. A cell is not contacted until ! the path F> if accessed. This functions similarly to an ! automounter. The main advantage of using B<-dynroot> is that the AFS ! client will start properly even without network access, whereas the client ! not using B<-dynroot> will freeze upon startup if cannot contact the ! default cell specified in F and mount the root.afs ! volume. Dynamic root mode is also sometimes called travelling mode because ! it works well for laptops which don't always have network connectivity. ! ! Two advantages of not using dynroot are that listing F will usually ! be faster because the contents of F are limited to what the AFS ! administrator decides and that symbolic links are traditionally created ! by the AFS administrator to provide a short name for the cell (i.e. ! cellname.domain.com is aliased to cellname). However, with dynroot, the ! local system administrator can limit the default contents of F by ! installing a stripped-down F file, and if dynroot is in effect, ! the F file can be used to provide shortname for common AFS cells ! which provides equivalent functionality to the most commonly used symbolic ! links. ! =item B<-enable_peer_stats> ! Activates the collection of Rx statistics and allocates memory for their ! storage. For each connection with a specific UDP port on another machine, ! a separate record is kept for each type of RPC (FetchFile, GetStatus, and ! so on) sent or received. To display or otherwise access the records, use ! the Rx Monitoring API. ! =item B<-enable_process_stats> ! Activates the collection of Rx statistics and allocates memory for their ! storage. A separate record is kept for each type of RPC (FetchFile, ! GetStatus, and so on) sent or received, aggregated over all connections to ! other machines. To display or otherwise access the records, use the Rx ! Monitoring API. ! =item B<-fakestat> ! Return fake values for stat calls on cross-cell mounts. This option makes ! an C of F much faster since each cell isn't contacted, and ! this and the B<-fakestat-all> options are useful on Mac OS X so that the ! Finder program doesn't try to contact every AFS cell the system knows ! about. ! ! =item B<-fakestat-all> ! ! Return fake values for stat calls on all mounts, not just cross-cell ! mounts. This and the B<-fakestat> options are useful on Mac OS X so that ! the Finder program doesn't hang when browsing AFS directories. ! ! =item B<-files> > ! ! Specifies the number of F> files to create in the cache directory ! for a disk cache, overriding the default that is calculated as described ! in L. Each F> file accommodates a chunk of data, and ! can grow to a maximum size of 64 KB by default. Do not combine this ! argument with the B<-memcache> argument. ! ! =item B<-files_per_subdir> > ! ! Limits the number of cache files in each subdirectory of the cache ! directory. The value of the option should be the base-two log of the ! number of cache files per cache subdirectory (so 10 for 1024 files, 14 for ! 16384 files, and so forth). ! ! =item B<-help> ! ! Prints the online help for this command. All other valid options are ! ignored. ! ! =item B<-logfile> > ! ! This option is obsolete and no longer has any effect. ! ! =item B<-mem_alloc_sleep> ! ! Allows sleeps when allocating a memory cache. ! ! =item B<-memcache> ! ! Initializes a memory cache rather than a disk cache. Do not combine this ! flag with the B<-files> argument. ! ! =item B<-mountdir> > ! ! Names the local disk directory on which to mount the root of the AFS ! filespace. This value overrides the default defined in the first field of ! the F file. If a value other than the F ! directory is used, the machine cannot access the filespace of cells that ! do use that value. ! ! =item B<-nomount> ! ! Do not mount AFS on startup. The afs global mount must be mounted via ! some other means. This is useful on Mac OS X where /afs is sometimes ! mounted in /Network/afs like other network file systems. ! ! =item B<-nosettime> ! ! This is enabled by default. It prevents the Cache Manager from ! synchronizing its clock with the clock on a server machine selected at ! random by checking the time on the server machine every five minutes. ! This is the recommended behavior; instead of the AFS Cache Manager, the ! Network Time Protocol Daemon should be used to synchronize the system ! time. =item B<-prealloc> > *************** *** 490,539 **** Manager's internal use. The default initial value is C<400>, but the Cache Manager dynamically allocates more memory as it needs it. ! =item B<-confdir> > ! Names a directory other than the F directory from which to ! fetch the F, F, and F configuration ! files. ! =item B<-logfile> > ! Is obsolete and has no real effect. It specifies an alternate file in ! which to record a type of trace that the Cache Manager no longer ! generates; the default value is F. ! =item B<-waitclose> ! Has no effect on the operation of the Cache Manager. The behavior it ! affected in previous versions of the Cache Manager, to perform synchronous ! writes to the File Server, is now the default behavior. To perform ! asynchronous writes in certain cases, use the B command. =item B<-shutdown> ! Shuts down the Cache Manager, but not in the most effective possible ! way. Do not use this flag. ! =item B<-enable_peer_stats> ! Activates the collection of Rx statistics and allocates memory for their ! storage. For each connection with a specific UDP port on another machine, ! a separate record is kept for each type of RPC (FetchFile, GetStatus, and ! so on) sent or received. To display or otherwise access the records, use ! the Rx Monitoring API. ! =item B<-enable_process_stats> ! Activates the collection of Rx statistics and allocates memory for their ! storage. A separate record is kept for each type of RPC (FetchFile, ! GetStatus, and so on) sent or received, aggregated over all connections to ! other machines. To display or otherwise access the records, use the Rx ! Monitoring API. ! =item B<-help> ! Prints the online help for this command. All other valid options are ! ignored. =back --- 607,674 ---- Manager's internal use. The default initial value is C<400>, but the Cache Manager dynamically allocates more memory as it needs it. ! =item B<-rmtsys> ! Initializes an additional daemon to execute AFS-specific system calls on ! behalf of NFS client machines. Use this flag only if the machine is an ! NFS/AFS translator machine serving users of NFS client machines who ! execute AFS commands. ! =item B<-rootvol> > ! Names the read/write volume corresponding to the root directory for the ! AFS file tree (which is usually the F directory). This value ! overrides the default of the C volume. This option is ignored if ! B<-dynroot> is given. ! =item B<-rxbind> ! Bind the Rx socket (one interface only). ! ! =item B<-rxpck> > ! ! Set rx_extraPackets to this value. ! ! =item B<-settime> ! ! Enable native AFS time synchronization. This option is the opposite of ! B<-nosettime> and cannot be used with the B<-nosettime> option. =item B<-shutdown> ! Shuts down the Cache Manager. Before calling B with this option, ! unmount the AFS file system with B. ! =item B<-splitcache> > ! This allows the user to set a certain percentage of the AFS cache be ! reserved for read/write content and the rest to be reserved for read-only ! content. The ratio should be written as a fraction. For example, ! C<-splitcache 75/25> devotes 75% of your cache space to read/write content ! and 25% to read-only. ! =item B<-stat> > ! Specifies the number of entries to allocate in the machine's memory for ! recording status information about the AFS files in the cache. This value ! overrides the default of C<300>. ! =item B<-verbose> ! Generates a detailed trace of the B program's actions on the ! standard output stream. ! ! =item B<-volumes> > ! ! Specifies the number of memory structures to allocate for storing volume ! location information. The default value is C<50>. ! ! =item B<-waitclose> ! ! Has no effect on the operation of the Cache Manager. The behavior it ! affected in previous versions of the Cache Manager, to perform synchronous ! writes to the File Server, is now the default behavior. To perform ! asynchronous writes in certain cases, use the B command. =back *************** *** 543,559 **** initialization file, rather than typed at the command shell prompt. For most disk caches, the appropriate form is ! /usr/vice/etc/afsd The following command is appropriate when enabling a machine to act as an NFS/AFS Translator machine serving more than five users. ! /usr/vice/etc/afsd -daemons 4 -rmtsys The following command initializes a memory cache and sets chunk size to 16 KB (2^14). ! /usr/vice/etc/afsd -memcache -chunksize 14 =head1 PRIVILEGE REQUIRED --- 678,694 ---- initialization file, rather than typed at the command shell prompt. For most disk caches, the appropriate form is ! % /usr/vice/etc/afsd The following command is appropriate when enabling a machine to act as an NFS/AFS Translator machine serving more than five users. ! % /usr/vice/etc/afsd -daemons 4 -rmtsys The following command initializes a memory cache and sets chunk size to 16 KB (2^14). ! % /usr/vice/etc/afsd -memcache -chunksize 14 =head1 PRIVILEGE REQUIRED *************** *** 561,566 **** --- 696,702 ---- =head1 SEE ALSO + L, L, L, L *************** *** 569,574 **** IBM Corporation 2000. All Rights Reserved. ! This documentation is covered by the IBM Public License Version 1.0. It was ! converted from HTML to POD by software written by Chas Williams and Russ ! Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. --- 705,710 ---- IBM Corporation 2000. All Rights Reserved. ! This documentation is covered by the IBM Public License Version 1.0. It ! was converted from HTML to POD by software written by Chas Williams and ! Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. Index: openafs/doc/man-pages/pod8/bos_util.pod diff -c /dev/null openafs/doc/man-pages/pod8/bos_util.pod:1.1.4.2 *** /dev/null Wed Oct 24 01:57:13 2007 --- openafs/doc/man-pages/pod8/bos_util.pod Fri Aug 17 21:53:10 2007 *************** *** 0 **** --- 1,118 ---- + =head1 NAME + + bos_util - Manipulate the AFS server Keyfile + + =head1 SYNOPSIS + + =for html +
+ + B add > + + B adddes > + + B delete > + + B list + + =for html +
+ + =head1 DESCRIPTION + + The B command manipulates the AFS server B. It can take + a password from standard input, convert it to a key, and add it to the + F; list the keys in the F; or remove a key from thet + F. It is very similar in function to B, but B + works with keytab files wheras B works with passwords directly. + + B expects one of the following subcommands: + + =over 4 + + =item add > + + Add a key with key version > to the F using a password + from standard input. This command uses the normal AFS password salt + algorithm to generate the key (equivalent to the des-cbc-crc:afs3 enctype + in Kerberos v5). This command is basically equivalent to B. + + =item adddes > + + Add a key with key version > to the B using a password + from standard input. This command does not salt the password when + generating the key (equivalent to the des-cbc-crc:v4 enctype in Kerberos + v5). + + Since this command applies no salt to the password, it can be used as a + last resort for generating a DES key with a salt algorithm that other + utilities don't know how to use by giving this command the pre-salted + password. This can be useful when, for example, using Microsoft Active + Directory as the Kerberos KDC, since Active Directory uses a different + salt algorithm for service principals than most Unix Kerberos + implementations. The best approach, however, is to find a way to generate + a keytab and then use B. + + =item delete > + + Delete the key with the specified key version from the F. This + command is equivalent to B or B. + + =item list + + List the keys in the F. This command is equivalent to B or B. + + =back + + The B command does not use the normal AFS option parsing library + and its subcommands cannot be abbreviated. + + =head1 CAUTIONS + + B is intended for use with a Kerberos v4 environment and + therefore is mostly obsolete. Normally, rather than using this command, + you will want to use B to create a keytab (perhaps with its + B command) and then use B as normal. B only + supports the AFS password salt algorithm and no password salt algorithm + and therefore may not produce the same key from a given password as + Kerberos v5 utilities unless one is careful to use that same salt + algorithm when creating the key in the KDC. + + Creating an AFS key with a known password and then using B or + B to add that key to the F is not recommended. + Human-created passwords are usually not as strong as a random key + generated using a good entropy source, such as with the B<-randkey> option + to the MIT Kerberos v5 B command or the equivalent in other + Kerberos v5 implementations. The security of AFS depends on the strength + of the AFS service key; it should therefore be as random as possible. + + It is imperative that the key version number (kvno) given matches the kvno + on the Kerberos server. If it doesn't, users won't be able to + authenticate. The key generated by B must also match the + internal representation on the Kerberos server including the salt. + + =head1 OPTIONS + + B takes no options. + + =head1 PRIVILEGE REQUIRED + + The issuer must be logged onto a file server machine as the local + superuser C. + + =head1 SEE ALSO + + L, + L, + L, + L, + kadmin(8), + ktutil(8) + + =head1 COPYRIGHT + + Copyright 2007 Jason Edgecombe + + This documentation is covered by the IBM Public License Version 1.0. + This man page was written by Jason Edgecombe for OpenAFS. Index: openafs/doc/man-pages/pod8/fileserver.pod diff -c openafs/doc/man-pages/pod8/fileserver.pod:1.4.2.6 openafs/doc/man-pages/pod8/fileserver.pod:1.4.2.7 *** openafs/doc/man-pages/pod8/fileserver.pod:1.4.2.6 Wed Mar 1 00:11:25 2006 --- openafs/doc/man-pages/pod8/fileserver.pod Mon Jun 11 23:55:39 2007 *************** *** 7,26 **** =for html
! B S<<< [B<-d> >] >>> S<<< [B<-p> >] >>> S<<< [B<-spare> >] >>> S<<< [B<-pctspare> >] >>> S<<< [B<-b> >] >>> S<<< [B<-l> >] >>> S<<< [B<-s> >] >>> S<<< [B<-vc> >] >>> S<<< [B<-w> >] >>> S<<< [B<-cb> >] >>> [B<-banner>] [B<-novbc>] ! S<<< [B<-implicit> >] >>> S<<< [B<-hr> >] >>> [B<-busyat> n >>>] ! S<<< [B<-rxpck> >] >>> ! [B<-rxdbg>] [B<-rxdbge>] S<<< [B<-m> >] >>> [B<-lock>] [B<-L>] [B<-S>] S<<< [B<-k> >] >>> S<<< [B<-realm> >] >>> S<<< [B<-udpsize> >] >>> [B<-enable_peer_stats>] [B<-enable_process_stats>] [B<-help>] =for html --- 7,34 ---- =for html
! B S<<< [B<-auditlog> >] >>> ! S<<< [B<-d> >] >>> ! S<<< [B<-p> >] >>> S<<< [B<-spare> >] >>> S<<< [B<-pctspare> >] >>> S<<< [B<-b> >] >>> S<<< [B<-l> >] >>> S<<< [B<-s> >] >>> S<<< [B<-vc> >] >>> S<<< [B<-w> >] >>> S<<< [B<-cb> >] >>> [B<-banner>] [B<-novbc>] ! S<<< [B<-implicit> >] >>> [B<-readonly>] S<<< [B<-hr> >] >>> [B<-busyat> n >>>] ! [B<-nobusy>] S<<< [B<-rxpck> >] >>> ! [B<-rxdbg>] [B<-rxdbge>] S<<< [B<-rxmaxmtu> >] >>> ! S<<< [B<-rxbind> >] >>> ! S<<< [B<-vattachpar> >] >>> ! S<<< [B<-m> >] >>> [B<-lock>] [B<-L>] [B<-S>] S<<< [B<-k> >] >>> S<<< [B<-realm> >] >>> S<<< [B<-udpsize> >] >>> + S<<< [B<-sendsize> >] >>> + S<<< [B<-abortthreshold> >] >>> + S<<< [B<-auditlog> >] >>> [B<-enable_peer_stats>] [B<-enable_process_stats>] [B<-help>] =for html *************** *** 189,194 **** --- 197,206 ---- =over 4 + =item B<-auditlog> > + + Set and enable auditing. + =item B<-d> > Sets the detail level for the debugging trace written to the Index: openafs/doc/man-pages/pod8/ka-forwarder.pod diff -c /dev/null openafs/doc/man-pages/pod8/ka-forwarder.pod:1.1.12.2 *** /dev/null Wed Oct 24 01:57:13 2007 --- openafs/doc/man-pages/pod8/ka-forwarder.pod Sun Aug 19 18:17:42 2007 *************** *** 0 **** --- 1,85 ---- + =head1 NAME + + ka-forwarder - Forward AFS Authentication Server requests to another server + + =head1 SYNOPSIS + + =for html +
+ + B S<<< [B<-p> >] >>> >[/>] [...] + + =for html +
+ + =head1 DESCRIPTION + + B listens for requests for an AFS Authentication Server and + forwards them to a remove B server. B is a server that + answers AFS Authentication Server protocol requests using a regular + Kerberos KDC and is provided with some Kerberos 5 implementations. + B has to run on the same host as the Kerberos KDC, however, and + AFS clients send all native AFS authentication requests to the AFS + database servers. If you don't want to run your Kerberos KDCs and your + AFS database servers on the same host, run B on the AFS + database servers and point it to B running on the Kerberos KDCs. + + B takes one or more servers to which to forward the + requests. The default port on the remote server to which to forward the + command is 7004, but a different port can be specified by following the + server name with a slash (C) and the port number. If multiple servers + are given, B will send queries to each server in turn in a + round-robin fashion. + + =head1 CAUTIONS + + Due to the way that B distinguishes from client requests and + server responses, any messages from one of the servers to which + B is forwarding will be considered a reply rather than a + command and will not be forwarded. This means that the servers running + B will not be able to use native AFS authentication requests and + rely on B to send the requests to the right server. + + B does not background itself. It should either be run in + the background via the shell, or run via the Basic OverSeer Server (see + L). + + =head1 OPTIONS + + =over 4 + + =item B<-p> > + + By default, B listens to the standard AFS Authentication + Server port (7004). To listen to a different port, specify it with the + B<-p> option. + + =back + + =head1 EXAMPLES + + Forward AFS Authentication Server reqests to the B servers on + kdc1.example.com and kdc2.example.com: + + % ka-forwarder kdc1.example.com kdc2.example.com & + + Note the C<&> to tell the shell to run this command in the background. + + =head1 PRIVILEGE REQUIRED + + B only has to listen to port 7004 and therefore does not + require any special privileges unless a privileged port is specified with + the B<-p> option. + + =head1 SEE ALSO + + L, + fakeka(8), + L + + =head1 COPYRIGHT + + Copyright 2006 Russ Allbery + + This documentation is covered by the IBM Public License Version 1.0. This + man page was written by Russ Allbery for OpenAFS. Index: openafs/doc/man-pages/pod8/pt_util.pod diff -c /dev/null openafs/doc/man-pages/pod8/pt_util.pod:1.1.10.2 *** /dev/null Wed Oct 24 01:57:13 2007 --- openafs/doc/man-pages/pod8/pt_util.pod Mon Aug 20 01:42:37 2007 *************** *** 0 **** --- 1,187 ---- + =head1 NAME + + pt_util - Load or dump a Protection Server database + + =head1 SYNOPSIS + + =for html +
+ + B + S<<< [B<-w>] >>> S<<< [B<-user>] >>> S<<< [B<-group>] >>> + S<<< [B<-members>] >>> S<<< [B<-name>] >>> S<<< [B<-system>] >>> + S<<< [B<-xtra>] >>> S<<< [B<-prdb> >] >>> + S<<< [B<-datafile> >] >>> S<<< [B<-help>] >>> + + =for html +
+ + =head1 DESCRIPTION + + The B command can be used to load or dump the protection + database. It should only be used when B is not running. + + The most likely reason to use it is to initialize the protection database + when bringing up a new cell. The current syntax for this, presented + below, needs improvement. B can also be used when problems are + suspected with the database. It can be used to dump the database or + portions thereof, in several different ways, and to reload it. + + The textual representation of the database has the following form: + For users, + + name flags/quota viceid ownerid creatorid + + For groups, + + name flags/quota viceid ownerid creatorid + a-username a-user-viceid + + The second line is repeated for each member of the group. When reading + the database, membership is not reported unless B<-members> is also + included. + + =head1 OPTIONS + + If you don't specify any options, the only thing you'll learn is the ubik + database epoch and version. + + =over 4 + + =item B<-w> + + Write to the protection database instead of reading. Only the file + arguments make sense in combination with this argument. + + =item B<-user> + + When reading, display users. + + =item B<-group> + + When reading, display groups (but not necessarily members). + + =item B<-members> + + When reading, display groups and also group members. + + =item B<-name> + + When reading, + follow name hashes, instead of id hashes. + This may print different information if the database was corrupted. + Otherwise, it should print exactly the same information, except + in a different order. + + =item B<-system> + + When reading, display system data, or more precisely, do not display + entries with a viced <= -32768 or >= +97537. + + =item B<-xtra> + + When reading, display extra users and groups, or more precisely, do not + display entries that are in the range -32767...+97536 inclusive. + + =item B<-prdb> > + + Specifies the complete pathname of the file in which the Protection + Database resides. Provide the complete name, including the ending + F<.DB0>. + + =item B<-datafile> > + + Specify the file to which to dump (or B<-w> from which to read) textual + database records. + + =back + + =head1 CAUTIONS + + The file dump format does not include supergroup information, so should + not be used if you have and are using groups within groups. + + In all cases, entry timestamps and other information is also not + preserved. + + The epoch and version are reported on standard error. On little-endian + machines, they'll be byte swapped, so may be very random. + + =head1 EXAMPLES + + The following example shows how to initialize the database from scratch. + + Before you do this, make sure B is not running. If you have + multiple database servers, make sure F does not exist on any + server machine. + + Now, type this in EXACTLY, including the leading space on the line + indicated. But do use Control-D at the end, not up-arrow D. + + pt_util -w + admin 128/20 1 -204 -204 + system:administrators 130/20 -204 -204 -204 + admin 1 + ^D + + You will see this: + + # pt_util -w + pt_util: /usr/afs/db/prdb.DB0: Bad UBIK_MAGIC. Is 0 should be 354545 + Ubik Version is: 2.0 + admin 128/20 1 -204 -204 + system:administrators 130/20 -204 -204 -204 + Error while creating system:administrators: Entry for id already exists + admin 1 + pt_util: Ubik Version number changed during execution. + Old Version = 2.0, new version = 33554432.0 + # + + To make a complete copy of the database, + + # pt_util -user -members -datafile /tmp/out + + To load from the complete copy, + + # pt_util -w -datafile /tmp/out + + Don't do this until you read cautions, above. + + =head1 PRIVILEGE REQUIRED + + The issuer must be logged in as the superuser C on a file server + machine to use B. + + =head1 SEE ALSO + + L, + L + + =head1 COPYRIGHT + + The following copyright covers this documentation: + + Copyright (c) 2005 The Regents of the University of Michigan. ALL RIGHTS + RESERVED. + + Permission is granted to use, copy, create derivative works and + redistribute this software and such derivative works for any purpose, so + long as the name of the University of Michigan is not used in any + advertising or publicity pertaining to the use or distribution of this + software without specific, written prior authorization. If the above + copyright notice or any other identification of the University of Michigan + is included in any copy of any portion of this software, then the + disclaimer below must also be included. + + This software is provided as is, without representation from the + University of Michigan as to its fitness for any purpose, and without + warranty by the University of Michigan of any kind, either express or + implied, including without limitation the implied warranties of + merchantability and fitness for a particular purpose. The regents of the + University of Michigan shall not be liable for any damages, including + special, indirect, incidental, or consequential damages, with respect to + any claim arising out of or in connection with the use of the software, + even if it has been or is hereafter advised of the possibility of such + damages. + + =cut Index: openafs/doc/man-pages/pod8/uss.pod diff -c openafs/doc/man-pages/pod8/uss.pod:1.2.2.3 openafs/doc/man-pages/pod8/uss.pod:1.2.2.4 *** openafs/doc/man-pages/pod8/uss.pod:1.2.2.3 Thu Jan 5 13:35:35 2006 --- openafs/doc/man-pages/pod8/uss.pod Fri Jul 27 14:02:06 2007 *************** *** 89,97 **** =item B<-skipauth> ! Bypasses mutual authentication with the AFS Authentication Server, ! allowing a site that uses Kerberos instead of the AFS Authentication ! Server to substitute that form of authentication. =back --- 89,99 ---- =item B<-skipauth> ! Bypasses mutual authentication with the AFS Authentication Server, allowing ! a site that uses Kerberos instead of the AFS Authentication Server to ! substitute that form of authentication. If this option is given, B does ! not create or manipulate Kerberos principals. A Kerberos principal must be ! created separately from the B command. =back