[OpenAFS-announce] OpenAFS 1.4 Release Candidate 1 now available

Jeffrey Altman jaltman@secure-endpoints.com
Sun, 21 Aug 2005 23:58:29 -0400


This is a cryptographically signed message in MIME format.

--------------ms060704050803000108050008
Content-Type: multipart/mixed;
 boundary="------------070305060107000805000406"

This is a multi-part message in MIME format.
--------------070305060107000805000406
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

The OpenAFS Gatekeepers are pleased to announce the availability of
OpenAFS version 1.4 Release Candidate 1.  Source files and currently
available binaries may be accessed via the web at:

    http://dl.openafs.org/dl/openafs/candidate/1.4.0-rc1/

By issuing this release candidate, the Gatekeepers believe that this release
is ready to become the next stable release.   Please assist us by
testing this
release candidate and providing feedback.   Bug reports should be filed
to openafs-bugs@openafs.org.

Draft OpenAFS 1.4 Announcement Text follows:

This version incorporates literally hundreds of fixes enhancements and
improvements. Many bugs and programming inefficiencies (some of which
have been present since IBM's donation of AFS to the open source community)
have been eliminated, resulting in a much more stable product. Improvements
for Windows users are particularly dramatic.
 
1.4 also represents a significant step forward for Kerberos 5 integration.
This release allows all Kerberos 5 KDCs including Microsoft Active
Directory to be the source of AFS client authentication.
 
Changes under UNIX (tm) and *nix Operating Systems

Increased Performance and Stability
Addition of pthreading support on servers and threading optimization of
RPC and RX libraries provide increased performance over the 1.2 release.
Cache chunk locking has been refined, and system vnodes on Linux and
MacOS X are now supported. Support for files larger than two Gigabytes
in the AFS filesystem is now available to operating systems providing
native support for large files. Ntp, rlogind, rsh and other unnecessary
and potentially insecure services have been removed.

Increased Server Efficiency in Handling Mobile Clients
Multi-probing has been improved, reducing the time a server needs to
timeout clients no longer accessible on the network. Callback Break
Later functionality has been added, allowing servers to queue callback
breaks for clients that have disappeared from the network until the
client contacts the servers, reducing both server load and the chance of
file corruption.
 
Improved Administration
Audit logs are available for all servers, and named pipe logging
supported, augmenting existing server monitoring and debugging tools.
Groups of groups (aka Supergroups) can now be created on the protection
server facilitating administration of user access, and tools for
Kerberos 5 have been integrated into the AFS software, including aklog.
 
Improved Build and Installation
Function prototypes have been added for improved compile time type
checking, and Kerberos 5 availability (MIT/Heimdal) is automatically
detected, simplifying the configuration process. Also, the default
configuration of the installation has been updated to provide better
performance in modern network environments.
 
Changes under Microsoft Windows (2000, XP, and 2003)

Improved Performance
Performance has been enhanced by support for a persistent cache. The
default cache size is now 96 Megabytes with 10,000 cache entries.  The
maximum cache size has been extended to 1.2 Gigabytes. Overall, the 1.4
release is between 30% and 150% faster than the 1.2 release, depending
on the mode of operation.

Improved User Experience
Integration into the Windows environment has been significantly enhanced
with the addition of support for browsing of AFS servers, an AFS context
senstive popup menu, an improved Systray icon, and enhancements to both
the GUI and command line programs.

Increased Security
All of the known security problems present in 1.2.10 have been fixed.
Compatibility with the Cisco IPSec VPN client has been added, and the
AFS Client now communicates with Microsoft's integrated firewall to open
ports as needed, allowing receipt of callback messages from the server
without manual configuration.

Enhanced Integration in Heterogeneous Environments
AFS UNC paths are now supported, eliminating reliance on mapped drive
letters and allowing for true worldwide path usage and cross platform
filesystem links. By default, filenames beginning with a period are no
longer displayed (reducing user confusion when viewing home directories
shared by Unix environments). Also, the AFS Client now works correctly
at sites using cross-realm trusts between a Unix based Kerberos realm
(MIT/Heimdal) and multidomain Windows Forests. Multihomed file servers
are now supported for use in complex network environments, and automatic
failover to available server volumes added providing greater fault
tolerance for large scale installations and mission critical applications.
 
Simplified Installation
Support for AFS records in DNS has been added, so that the locations of
a site's AFS servers no longer need be specified in CellServDB files on
individual machines. This means that users can access new cells without
reconfiguring the client, and that changes in AFS server configurations
can be propogated transparently to clients without touching individual
workstations, and installation no longer requires inclusion of a site
specific server list in a local file.
 
Addition of Freelance Mode
Freelance Mode allows users to start AFS on boot without access to their
home AFS cell. The volume loaded at AFS Client is maintained locally in
the registry without access to a cell. Whenever a user attempts to
contact an AFS path in a previously unknown cell, mountpoints and
symlinks are dynamically created and stored in the registry.
 
Improved Network Support for Mobile Users
Support for network events and power management have been added and
enhanced. A Microsoft Loopback Adapter is now part of the installation,
resulting in improved stability for users of dynamically configured
networking devices, and allowing users to specify which network adapter
to use with AFS. The AFS Client is aware of the current state of the
network connection, and is able to start itself and prompt the user for
tokens as needed. Laptop users can thus now move about freely or change
network interfaces without having to reboot or restart the AFS service,
and the "hangs" associated with brief interruptions in network
connections eliminated.
 
Enhanced Stability
Support for SMB/CIFS messaging has been extended, reducing hangs and
stalls in file transfers. File timestamps are reported entirely in UTC
resulting in improved stability in backup and syncing operations. The
Client Service now checks the versions of DLLs on startup to verify that
the code is from the same version, resulting in fewer problems after
upgrades. When an exception does occur, minidumps are created locally,
and can be created as needed via the command line. Also, although the
AFS client service provides crash reporting, the 1.4 release can also be
configured through an Active Directory policy to report crashes within
the domain for machines running XP and above.

Enhanced Central Administration
An AFS Client Admins group is now created by the AFS installation,
allowing for the first time control over who can alter the configuration
of the AFS Client Service. All configuration data except the contents of
the CellServDB file (which is no longer required for access to sites
supporting AFS service records in DNS) are now stored in the Registry,
and are thus configurable via Active Directory Group Policies. An MSI is
also available for those who wish to deploy AFS or customize existing
installations for their users. Using integrated login, the network
provider can be configured to have different behavior depending on the
domain that the user logs into.
 

Supported Platforms: (! == new)
AIX    4.0, 4.1, 4.2, 5.0!, 5.1!, 5,2!
HP-UX  11i (pa-risc), 11.22 (pa-risc), 11.23 (ia64)!
Solaris 7, 8, 9, 10!
MacOS X 10.3
Microsoft Windows 2000, XP!, 2003!, 2003 R2!
Linux 2.4 kernel: x86, x86-uml, amd64, ia64, pa-risc!, ppc, ppc64!,
                  s390, s390x,  sparc, sparc64
Linux 2.6 kernel: x86!, x86-uml!, amd64!, ia64!, ppc!, ppc64!,
                  s390x!, sparc64!
NetBSD (server only)
OpenBSD
FreeBSD
SGI Irix 6.5


Jeffrey Altman
on behalf of the OpenAFS Gatekeepers



--------------070305060107000805000406
Content-Type: text/x-vcard; charset=utf-8;
 name="jaltman.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="jaltman.vcf"

begin:vcard
fn:Jeffrey Altman
n:Altman;Jeffrey
org:Secure Endpoints Inc.
adr:;;255 W 94TH ST PHB;NEW YORK;NY;10025;United States
email;internet:jaltman@secure-endpoints.com
title:President
tel;work:+1 212 769-9018
x-mozilla-html:TRUE
url:http://www.secure-endpoints.com
version:2.1
end:vcard


--------------070305060107000805000406--

--------------ms060704050803000108050008
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJXzCC
AwowggJzoAMCAQICAw7NrTANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE
ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv
bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwNTI3MTc0NzU3WhcNMDYwNTI3MTc0NzU3
WjBzMQ8wDQYDVQQEEwZBbHRtYW4xFTATBgNVBCoTDEplZmZyZXkgRXJpYzEcMBoGA1UEAxMT
SmVmZnJleSBFcmljIEFsdG1hbjErMCkGCSqGSIb3DQEJARYcamFsdG1hbkBzZWN1cmUtZW5k
cG9pbnRzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKjPyrF+rdjOUSK/
bWwZHdx5p1+y6iiCd4vvYEVDxouYFp5C/fZEWm5n45ubBUbMSUI1MAZN6ooEoH09UTj6BXhM
S8B987ls81dKOIUphTF2jOzq8gsFmeA15yHMRAD20LqUWeLyvYk8FCNQw+dsKMMhX+WdsxOm
RY/1jPkJL6oN8kEwoUFkOX9/OfWWh6oFnV6faiEHUKDMFubsb9X0KVD8iIeR7Cxz7i4kXqRX
wMlp2fyoxcDIJrBaTY8nA++g3p34IkWt1a5po6g683nIgSnGpwYIwuJheBqSEZfLYWa+1KdD
6Sn27Ud94GqUvPVG5jC6zVC5EJ2aWuoAu+nNuV8CAwEAAaM5MDcwJwYDVR0RBCAwHoEcamFs
dG1hbkBzZWN1cmUtZW5kcG9pbnRzLmNvbTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUA
A4GBADtvO//tjiAV6VJGtoNtrl34mB5jGyGTiotzw8riB6zz0GvY11bcWDmp6JKif+pVG+8L
IySDosbuva13qu2HwYUxBmWc7CoNd2k9kRlcrfbDUTTrGOZK8qyqNqT3gQZTAa9ZnUI0su9G
y/n2o5bQcaYdqR3htNrpvdLSPOWhILOXMIIDCjCCAnOgAwIBAgIDDs2tMA0GCSqGSIb3DQEB
BAUAMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBM
dGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTAeFw0w
NTA1MjcxNzQ3NTdaFw0wNjA1MjcxNzQ3NTdaMHMxDzANBgNVBAQTBkFsdG1hbjEVMBMGA1UE
KhMMSmVmZnJleSBFcmljMRwwGgYDVQQDExNKZWZmcmV5IEVyaWMgQWx0bWFuMSswKQYJKoZI
hvcNAQkBFhxqYWx0bWFuQHNlY3VyZS1lbmRwb2ludHMuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAqM/KsX6t2M5RIr9tbBkd3HmnX7LqKIJ3i+9gRUPGi5gWnkL99kRa
bmfjm5sFRsxJQjUwBk3qigSgfT1ROPoFeExLwH3zuWzzV0o4hSmFMXaM7OryCwWZ4DXnIcxE
APbQupRZ4vK9iTwUI1DD52wowyFf5Z2zE6ZFj/WM+Qkvqg3yQTChQWQ5f3859ZaHqgWdXp9q
IQdQoMwW5uxv1fQpUPyIh5HsLHPuLiRepFfAyWnZ/KjFwMgmsFpNjycD76DenfgiRa3Vrmmj
qDrzeciBKcanBgjC4mF4GpIRl8thZr7Up0PpKfbtR33gapS89UbmMLrNULkQnZpa6gC76c25
XwIDAQABozkwNzAnBgNVHREEIDAegRxqYWx0bWFuQHNlY3VyZS1lbmRwb2ludHMuY29tMAwG
A1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAO287/+2OIBXpUka2g22uXfiYHmMbIZOK
i3PDyuIHrPPQa9jXVtxYOanokqJ/6lUb7wsjJIOixu69rXeq7YfBhTEGZZzsKg13aT2RGVyt
9sNRNOsY5kryrKo2pPeBBlMBr1mdQjSy70bL+fajltBxph2pHeG02um90tI85aEgs5cwggM/
MIICqKADAgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMM
V2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25z
dWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYD
VQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNv
bmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5
WjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRk
LjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2
vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9
A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEw
EgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnRoYXd0
ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8EBAMCAQYwKQYDVR0R
BCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqGSIb3DQEBBQUAA4GB
AEiM0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQcUCCTcDz9reFhYsPZ
Ohl+hLGZGwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo05RAaWzVN
d+NWIXiC3CEZNd4ksdMdRv9dX2VPMYIDOzCCAzcCAQEwaTBiMQswCQYDVQQGEwJaQTElMCMG
A1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBl
cnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAw7NrTAJBgUrDgMCGgUAoIIBpzAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNTA4MjIwMzU4MjlaMCMGCSqG
SIb3DQEJBDEWBBRiV529k5gSfZLr0+pfOiYaU7KqgzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqG
SIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG
9w0DAgIBKDB4BgkrBgEEAYI3EAQxazBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3
dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJl
ZW1haWwgSXNzdWluZyBDQQIDDs2tMHoGCyqGSIb3DQEJEAILMWugaTBiMQswCQYDVQQGEwJa
QTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhh
d3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAw7NrTANBgkqhkiG9w0BAQEFAASC
AQA7BkytEyuaVMRffDZWk64DT8Emz2H8/5/zyrEr+XenT0AsDA3kok3098+Dqq98aws/8hzo
XdCYU6syS8uOlJNMIYd08DQs4wYtsW+8MjLeGBlecv/jD6QMEPh/9sHXkqXvVEx6QzHwwPwy
qblcDu8m0ONrQ+Cfkbds8MKF3XW2jHKkhKvJltg6KS6dqlNRpzZI9kYTwRNkmnTogKjiZvQZ
AVyLfXEiCNIg1+7UCfxRhZA2yPuln/w80xI9yQxRc42MIDZAv71vY7l6JBE2q8wZhNfLqdEg
/Y5a2/Sw0ZtkohX+GDbtilZqHW74TPsGC64k5MurDXtq9e66Of6VSUMSAAAAAAAA
--------------ms060704050803000108050008--