[OpenAFS] readonly/readwrite

[Derrick J Brashear]

On Thu, 1 Mar 2001, Nathan Rawling wrote:

> It would definitely help. In my past experience, the /usr/afs/logs
> directory is largely only useful for the salvager logs. On rare occaison
> I've been able to get information out of the kaserver logs that was
> vaguely useful.

We (Carnegie Mellon) use the kaserver logs extensively, since it is
(still) our primary kerberos v4 server. But I think we enabled extra
logging.

> If someone creates/deletes/moves a volume, I'd like to know what principal
> authorized the move. Also, if permission is denied for an operation, I'd
> like to have the opportunity to log it.
> 
> If someone stops/restarts processes through bos, that might be a nice
> thing to log too. 

I think MIT has patches which do most of the above. I'll see about getting
permission to use/include them

> > ADM is nice but needs:
> > -64 bit support
> > -better documentation (it's been claimed that there is none but I promise 
> > you I didn't learn how to set it up by reading the code)
> > -general code cleanup
> 
> With no offense to the authors, I haven't really liked ADM. Probably this
> is the result of my dislike for Scheme. =)

I'm not an author, so I will take no offense. I? don't like scheme much
either, but when I adopted ADM for a project I was doing I found that with
no Lisp background I learned enough scheme to do almost anything I care to
do with ADM in less than a week. 

> I ran into a *lot* of problems when I tried to migrate from kaserver->krb5
> with the ADM server. I eventually ended up running both, which
> occaisonally confused my fileservers but was mostly okay.

We have heimdal kadm5 support in ADM now; I should try making it work with
a straight krb5 kdc when I have the time...

> I definitely agree that improving OpenAFS should take front seat to
> ADM. =)

As do I.

-D