Welcome to the home of OpenAFS

What is AFS?

AFS is a distributed filesystem product, pioneered at Carnegie Mellon University and supported and developed as a product by Transarc Corporation (now IBM Pittsburgh Labs). It offers a client-server architecture for federated file sharing and replicated read-only content distribution, providing location independence, scalability, security, and transparent migration capabilities. AFS is available for a broad range of heterogeneous systems including UNIX, Linux,  MacOS X, and Microsoft Windows

IBM branched the source of the AFS product, and made a copy of the source available for community development and maintenance. They called the release OpenAFS.

OpenAFS Foundation

The OpenAFS Foundation is dedicated to fostering the stability and growth of OpenAFS by providing strategic direction and aiming to raise money to support the development and maintenance of OpenAFS. More information on the Foundation can be found on the OpenAFS Foundation website.

 

Recent OpenAFS News

22-September-2017 - OpenAFS 1.6.21.1 - Maintenance release for Linux

OpenAFS 1.6.21.1 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. It brings support for the latest Linux mainline kernel, 4.13, and a fix for module builds against Linux kernel 4.12 on the S390 platform. Systems not requiring these changes can continue to use the 1.6.21 release.

For more information:

30-August-2017 - OpenAFS 1.8.0 Beta 2 - Second prerelease of new stable branch for UNIX/Linux

OpenAFS 1.8.0 will begin a new stable release branch for UNIX/Linux, bringing more than five years of development work into a stable release for the first time.

For more information:

06-July-2017 - OpenAFS 1.6.21 - Maintenance release for UNIX/Linux

OpenAFS 1.6.21 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. It brings a variety of bug fixes as well as performance and documentation improvements, reduced memory consumption on Linux clients and support for the latest Linux mainline kernel, 4.12.

For more information:

14-April-2017 - OpenAFS 1.6.20.2 - Maintenance release for UNIX/Linux

OpenAFS 1.6.20.2 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. It is focused on client side updates. Besides bringing support for Linux kernels 4.10 and likely the soon to be released 4.11, it mainly makes PAGs work on Solaris 11 and fixes the preference pane on recent macOS.

For more information:

16-December-2016 - OpenAFS 1.6.20.1 - Maintenance release for UNIX/Linux

OpenAFS 1.6.20.1 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. It mainly adds support for macOS 10.12 "Sierra" and the client on Linux systems with mainline kernel 4.9 or distribution kernels with backports from it.

For more information:

30-November-2016 - OpenAFS 1.6.20 - Security release for UNIX/Linux

OpenAFS 1.6.20 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. Versions through 1.6.19 contained a number of security issues of low to medium severity, fixed here.

For more information:

11-November-2016 - OpenAFS 1.6.19 - Maintenance release for UNIX/Linux

OpenAFS 1.6.19 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. Besides other bug fixes and minor improvements, this release includes fixes that prevent cases where a database write could be lost or an old version of the database be used instead of the latest version.

For more information:

4-August-2016 - OpenAFS 1.6.18.3 - Maintenance release for UNIX/Linux

OpenAFS 1.6.18.3 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. It brings support for the client on Linux systems with mainline kernel 4.7 or distribution kernels with backports from it, fixes memory mapped I/O with large files on Solaris clients and adds packaging support for recent OS X releases.

For more information:

19-July-2016 - OpenAFS 1.6.18.2 - Maintenance release for UNIX/Linux

OpenAFS 1.6.18.2 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. It brings support for the client on Linux systems with mainline kernel 4.6 or distribution kernels with backports from it, fixes a regression introduced in release 1.6.18 that could lead to the dentry for the current working directory being erroneously invalidated at least on some kernels, and enables builds on FreeBSD 10.2 and 10.3.

For more information:

22-June-2016 - OpenAFS 1.6.18.1 - Maintenance release for Linux

OpenAFS 1.6.18.1 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. It brings support for the client on Linux systems with mainline kernel 4.5 or distribution kernels with backports from it.

For more information:

5-May-2016 - OpenAFS 1.6.18 - Maintenance release for UNIX/Linux

OpenAFS 1.6.18 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. Significant changes since 1.6.17 include:

For more information:

16-March-2016 - OpenAFS 1.6.17 Security release for UNIX/Linux

OpenAFS 1.6.17 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. Versions through 1.6.16 contained a number of security issues of low to medium severity, fixed here.

Patches for each issue are also individually available.

For more information:

17-December-2015 - OpenAFS 1.6.16 - Maintenance release for UNIX/Linux

OpenAFS 1.6.16 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. It fixes a wide range of bugs, brings a new "vos remaddrs" subcommand to replace the slightly confusing "vos changeaddr -remove" and allows building against newer ncurses libraries.

For more information:

28-October-2015 - OpenAFS 1.6.15 Security release for UNIX/Linux

OpenAFS 1.6.15 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. Versions through 1.6.14 contained a high impact security issue named "Tattletale" which is fixed in this release: The packet paylod of Rx ACK packets is not fully initialized, leaking
plaintext from packets previously processed.

Patches for each issue are also individually available.

For more information:

20 September 2015 - OpenAFS adopts Contributor Covenant as code of conduct

In the interest of fostering a friendly, welcoming environment for contributors, we have introduced the Contributor Covenant as the code of conduct for the OpenAFS Project. A copy is included in the source tree, and can be found via the Contributor Code of Conduct link included on all pages. For additional information, visit contributor-covenant.org

17-September-2015 - OpenAFS 1.6.14.1 - Maintenance release for UNIX/Linux

OpenAFS 1.6.14.1 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. It adds client support for Linux kernel 4.2 . Note that due to changes to internal data structures with this kernel release, the OpenAFS client can no longer reset the link count during path lookups. Since volume root directories must behave like symlinks instead of normal directories in order to satisfy Linux kernel invariants, looking up paths containing more than 40 mount points will fail with ELOOP on such kernels. There are no further changes. Systems not affected by the Linux 4.2 VFS changes can continue to use the OpenAFS 1.6.14 release.

For more information:

13-August-2015 - OpenAFS 1.6.14 - Maintenance release for UNIX/Linux

OpenAFS 1.6.14 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. It is limited to a fix for an issue introduced in release 1.6.13: Prior to the OpenAFS security release 1.6.13, the Volume Location Server (vlserver) RPC VL_ListAttributesN2() supported wildcard volume name lookups via regular expression (regex) pattern matching. This support was completely disabled in 1.6.13 because it was judged to be a security risk due to buffer overruns in the implementation, as well as the possibility of denial of service attacks where certain regular expressions could cause excessive CPU usage in some regex implementations. After 1.6.13 was released, it was discovered that the native OpenAFS 'backup' system uses the VL_ListAttributesN2() regex support to evaluate configured volume sets.

As a result of this issue, OpenAFS 1.6.14 replaces the 1.6.13 changes to VL_ListAttributesN2. 1.6.14 prevents the buffer overruns and reenables the regex support, but restricts it to OpenAFS super-users and -localauth only. This is sufficient to restore the OpenAFS 'backup' system's ability to work correctly with any previously supported volume set. The OpenAFS 'backup' commands are already documented to require super-user authorization, so this restriction is moot for the backup system. i

None of the other security fixes in OpenAFS 1.6.13 are known to have any issues, and are still included unchanged in OpenAFS 1.6.14.

For more information:

29-July-2015 - OpenAFS 1.6.13 - Security release for UNIX/Linux

OpenAFS 1.6.13 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. Versions through 1.6.12 contained a number of security issues, fixed here. Patches for each issue are also individually available.

For more information:

14-April-2015 - OpenAFS 1.6.11.1 - Maintenance release for UNIX/Linux

OpenAFS 1.6.11.1 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. This point release is limited to a few client side changes:

Systems not requiring one of those changes can continue to use the 1.6.11 release.

For more information:

12-June-2014 - OpenAFS Security Advisory 2014-002

OpenAFS fileservers version 1.6.8 for all UNIX/Linux platforms. Earlier releases are not affected. An attacker with the ability to connect to an OpenAFS fileserver can trigger the use of uninitialized memory, crashing the server. This vulnerability is being tracked as CVE-2014-4044.

12-June-2014 - OpenAFS 1.6.9 - Security release for UNIX/Linux fileservers

OpenAFS 1.6.9 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. This release includes the fix for Security Advisory 2014-002. Sites running OpenAFS 1.6.8 fileservers should to update them to 1.6.9. Other systems can continue to use the 1.6.8 release.

For more information:

13-May-2014 - OpenAFS 1.7.31 - Native File System client for Microsoft Windows

OpenAFS 1.7.31 is the next a series of OpenAFS clients for the Microsoft Windows platform that is implemented as a native file system.  Significant changes since 1.7.30:

All users of previous 1.7 releases should upgrade.

The 1.7 series is for Microsoft Windows only.

9-April-2014 - OpenAFS Security Advisory 2014-001

OpenAFS servers versions 1.4.8 through 1.6.6 for all platforms. (The first prerelease of 1.6.8, 1.6.8pre1 is also affected. The final release of 1.6.8 will not be affected.) An attacker with the ability to connect to an OpenAFS fileserver can trigger a buffer overflow, crashing the server. This vulnerability is being tracked as CVE-2014-0159.

9-April-2014 - OpenAFS 1.6.7 - Security release for UNIX/Linux servers

OpenAFS 1.6.7 is the next in the current series of OpenAFS stable releases for UNIX/Linux systems. This includes the fix for Security Advisory 2014-001

For more information:

24-July-2013 - SECURITY RELEASES - OpenAFS 1.4.15, 1.6.5 and 1.7.26 available

With the release of OpenAFS security advisories 2013-003 and 2013-004, we have released OpenAFS 1.6 and 1.7 versions with code to address the issues disclosed. Additionally, 1.4.15 has been released to address advisory 2013-003, but not 2013-004. 1.4.15 is expected to be the final release in the 1.4 series.

We recommend all sites update their servers immediately, following the documentation about how to install the new binaries and rekey your servers.

For more information:

4-Mar-2013 - OpenAFS Security Advisory 2013-001

OpenAFS servers versions before 1.6.2 for all platforms.   An attacker with the ability to manipulate AFS directory ACLs may crash the fileserver hosting that volume. In addition, once a corrupt ACL is placed on a fileserver, its existence may crash client utilities manipulating ACLs on that server. This vulnerability is being tracked as CVE-2013-1794.

4-Mar-2013 - OpenAFS Security Advisory 2013-002

OpenAFS servers versions before 1.6.2 for all platforms.   An attacker who can send an IdToName RPC can crash a ptserver. This vulnerability is being tracked as CVE-2013-1795.

25-Apr-2012 - 2012 European AFS and Kerberos Conference & Call for Papers

Announcing the 2012 European AFS and Kerberos Conference taking place at the University of Edinburgh School of Informatics from Tuesday 16th to Thursday 18th October 2012.Full details are available at: http://openafs2012.inf.ed.ac.uk/

The call for abstracts is open and so please feel free to submit your presentation proposals. As always the conference will examine the development outlook for AFS and Kerberos implementations, it will highlight current projects and will offer space to proposals and new ideas. Also, sites will be able to present their AFS and Kerberos activities in site reports. Please submit proposals by email to openafs-conf@inf.ed.ac.uk.

27-Jul-2011 - OpenAFS Newsletter

The latest issue of the monthly OpenAFS newsletter is available at http://www.openafs.org/newsletter/newsletter-2011-07-volume003-issue07.html.

18-Jul-2011 - OpenAFS 1.4.14.1 available

OpenAFS 1.4.14.1 is a patch release for 1.4.14, containing only updates for 1.4.14 on Linux and Solaris. No changes are included for other platforms.

14-Jul-2011 - OpenAFS available for MacOS 10.7 (Lion)

Concurrent with the expected release of MacOS Lion, an initial version of OpenAFS is now available. More details are available on the MacOS page.

23-Feb-2011 - CVE-2011-0431 corrections

OpenAFS 1.4.14 NOT vulnerable    CVE-2011-0431, while correctly describing 1.4.14 as containing the fix for this issue, describes in its summary the release as broken. It is not. We recommend sites upgrade to 1.4.14; However, the impact of the issue is limited to a denial of service attack by a user with the ability to affect a lock of AFS though the client on a host.

23-Feb-2011 - OpenAFS Security Advisory 2011-001

OpenAFS servers versions 1.2.8 - 1.4.12.1, 1.5.0-1.5.74 for all platforms.   An attacker with control of a client, or the ability to forge RX packets, can crash a server of affected hosts. This vulnerability is being tracked as CVE-2011-0430. Currently the advisory erroneously states 1.4.14 is vulnerable.

24-Oct-2009 - Microsoft Windows 7 and Server 2008 R2 now supported

The OpenAFS Elders are pleased to announce that with the release of OpenAFS for Windows version 1.5.66 that Microsoft Windows 7 becomes an officially supported platform. All versions of Windows 7 including "Home Basic", "Home Premium", "Business", and "Ultimate" are supported on both X86 and X86_64 CPU architectures.  Users that are upgrading to Windows 7 from Vista must reinstall OpenAFS after the upgrade.

28-Aug-2009 - MacOS 10.6 Snow Leopard support announced

Concurrent with the release of MacOS 10.6, OpenAFS has released OpenAFS 1.5.62 with 32 and 64 bit kernel and userspace support for Snow Leopard. Additionally, a backport of the necessary support is available and is being distributed with OpenAFS 1.4.11 effective immediately.

28-Aug-2009 - Data Loss in Pre-1.5.62 OpenAFS for Windows Releases

Releases of OpenAFS for Windows prior 1.5.62 may fail to store data to file servers. There are two issues that are addressed in the 1.5.62 release.

  1. Failure to Store Portions of Unaligned Writes
  2. Failure to Store Data to File Servers Lacking Large File Support

9-Jul-2009 - OpenAFS Changes Source Code Version Control System to Git

After more than eighteen months of attempts to migrate source code management away from cvs OpenAFS has finally converted to Git. This change will not have any visible impact on end users. For developers there are major changes in the tools required to work with the OpenAFS source repository and the workflow used to submit contributions to OpenAFS. Along with the conversion to Git, OpenAFS is now using the Gerrit source code review application which makes it significantly easier for developers to review and comment on each other's contributions.

6-Apr-2009 - OpenAFS Security Advisory 2009-002

OpenAFS clients versions 1.0-1.4.8, 1.5.0-1.5.58 for all Linux 2.4-2.6 platforms.   An attacker with control of a fileserver, or the ability to forge RX packets, can crash the cache manager, and hence the kernel, of affected Linux AFS clients. This vulnerability is being tracked as CVE-2009-1250.

6-Apr-2009 - OpenAFS Security Advisory 2009-001

OpenAFS clients versions 1.0-1.4.8, 1.5.0-1.5.58 for all Unix platforms except MacOS 10.4, 10.5.   An attacker with control of a fileserver, or the ability to forge RX packets, can crash the cache manager, and hence the kernel, of any Unix AFS client. It may be possible for an attacker to cause the kernel to execute arbitrary code. This vulnerability is being tracked as CVE-2009-1251.

18-Mar-2009 - OpenAFS Accepted into Google Summer of Code(TM) 2009

Following last year's successful participation in GSoC 2008, OpenAFS has been accepted for a second straight year. Students and OpenAFS experts are encouraged to participate. Student proposals are due April 3. Students and mentors interested in participating in an OpenAFS project should read the OpenAFS Summer of Code page.

17-Mar-2008 - OpenAFS participating in Google Summer of Code

Once again, Google will be doing their Summer of Code. For the first year, OpenAFS will be participating as a mentoring organization. Students interested are encouraged to discuss potential projects on the openafs development list. We have a list of suggested projects online, but we would be happy to discuss any relevant project with you.

20-Dec-2007 - OpenAFS Security Advisory 2007-003

OpenAFS fileserver versions 1.3.50 - 1.4.5, 1.5.0 - 1.5.27.   Fileservers of affected versions can be crashed by a client-triggered race condition. Fixes are available in 1.4.6 and 1.5.28.

OpenAFS Elders Newsletter for November online

The OpenAFS Elders newsletter for November is available now.

OpenAFS Elders Newsletter for August online

The OpenAFS Elders newsletter for August is available now.

19-Apr-2007 - OpenAFS Security Advisory 2007-002

OpenAFS for Windows clients versions 1.3.64 - 1.3.99, 1.4.0 - 1.4.4, 1.5.0 - 1.5.18.   When MIT Kerberos for Windows (any version) is installed a user with the ability to alter the contents of the Kerberos v5 configuration profile can prevent Microsoft Windows from successfully booting.  This issue has been corrected in OpenAFS 1.5.19.

20-Mar-2007 - OpenAFS Security Advisory 2007-001

Unix clients in OpenAFS versions before 1.5.17 and 1.4.4 allow a potential privilege escalation via setuid functionality which can be enabled by the client administration but is enabled by default for the client's local cell. To avoid this issue, 1.5.17 and 1.4.4 have been issued with setuid disabled by default in all cases.

28-Dec-2006 - OpenAFS Elders announce "No More DES" roadmap

AFSv3 was designed and implemented during the late 80s and early 90s when the state of the art in distributed computer authentication and data confidentiality was to use Kerberos 4 and the United States' Data Encryption Standard (DES). Over the last two years the U.S. National Institutes of Standards and Technology (NIST) has withdrawn the DES standard and MIT has announced the end of life of Kerberos 4. In response, the OpenAFS Elders have approved a roadmap to transition from DES to stronger ciphers which includes the deprecation of the OpenAFS kaserver.

6-Dec-2006 - pam-afs-session 1.0 released

pam-afs-session is a PAM module intended for use with a Kerberos v5 PAM module to obtain an AFS PAG and AFS tokens on login. It puts every new session in a PAG regardless of whether it was authenticated with Kerberos and runs a configurable external program to obtain tokens. It supports using Heimdal's libkafs for the AFS interface and falls back to an internal Linux-only implementation if libkafs isn't available.

1-Dec-2006 - Announcing OpenAFS "Works with Windows Vista"

The OpenAFS Elders are pleased to announce that with the release of OpenAFS for Windows version 1.5.12 that Microsoft Windows Vista becomes an officially supported platform. All versions of Vista including "Home Basic", "Home Premium", "Business", and "Ultimate" are supported on both X86 and X86_64 CPU architectures.

31-May-2006 - OpenAFS council of elders meeting minutes from 30 May

The minutes of the most recent OpenAFS Council of Elders meeting are online now.

[Frames]   [No Frames]