[OpenAFS-announce] OpenAFS celebrates its 5th birthday by releasing OpenAFS 1.4.0
Jeffrey Altman
openafs-info@openafs.org
Tue, 01 Nov 2005 19:05:36 -0500
This is a cryptographically signed message in MIME format.
--------------ms070905010102000800090305
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
The OpenAFS Gatekeepers are pleased to announce the release of version
1.4.0 of OpenAFS. This version incorporates hundreds of enhancements
and improvements since the 1.2 series. Many bugs and programming
inefficiencies (some of which have been present since IBM's donation
of AFS to the open source community) have been eliminated, resulting
in a much more stable product. Improvements for Windows users are
particularly dramatic.
OpenAFS 1.4.0 also represents a significant step forward for Kerberos 5
integration. This release allows Kerberos 5 KDCs including Microsoft
Active Directory to be the source of AFS client authentication.
Changes under UNIX (tm) and *nix Operating Systems
- --------------------------------------------------
Increased Performance and Stability:
The addition of pthreaded servers and thread optimizations in the
RPC and RX libraries provide increased performance over the 1.2
release. Cache chunk locking has been refined, and native operating
system vnodes on Linux and MacOS X are now supported. Support for files
larger than two Gigabytes in the AFS file system is now available to
operating systems providing native support for large files. ntp,
rlogind, rsh and other unnecessary and potentially insecure services
have been removed.
Increased Server Efficiency in Handling Mobile Clients:
Use of multi-host probing has been improved, reducing the time a
server needs to timeout clients no longer accessible on the network.
Server load is reduced by new functionality allowing servers to queue
callback notifications for unreachable clients until the client contacts
the server.
Improved Administration:
Audit logs are available for all servers augmenting existing server
monitoring and debugging tools. All logs can be output to named pipes
allowing organizations to deploy custom filters. Groups of groups
(a.k.a. Supergroups) can now be created on the protection server
providing additional flexibility in the administration of user access.
The Kerberos 5 authentication tool, aklog, is now distributed as part
of OpenAFS.
Other New Features:
The new "vos copy" command allows an administrator to create a new
volume and copy the contents of an existing volume in one step. This
eliminates the need to perform a "vos dump" followed by a "vos restore".
The "vos convertROtoRW" command allows an administrator to convert an
existing RO replica into a new RW site in the event the current RW site
is down.
The -vattachpar file server option reduces file server startup time by
instructing the file server to attach volumes from multiple vice
partitions in parallel.
Changes under Microsoft Windows (2000, XP, and 2003 - 32-bit editions)
- ----------------------------------------------------------------------
Improved Performance:
Performance has been enhanced by support for a persistent cache. The
default cache size is now 96 Megabytes with 10,000 cache entries. The
maximum cache size has been extended to 1.2 Gigabytes. Overall, the 1.4.0
release is between 30% and 150% faster than the 1.2 release, depending
on the mode of operation.
Improved User Experience:
Integration into the Windows environment has been significantly enhanced
with the addition of support for browsing of AFS servers, an AFS context
sensitive pop up menu, an improved Sys tray tool, and enhancements to both
the GUI and command line programs.
Increased Security:
All of the known security problems present in 1.2.10 have been fixed.
Compatibility with the Cisco IPSec VPN client has been added, and the
AFS Client now communicates with Microsoft's integrated firewall to open
ports as needed, allowing receipt of callback messages from the server
without manual configuration.
Enhanced Integration in Heterogeneous Environments:
AFS UNC paths are now supported, eliminating reliance on mapped drive
letters and allowing for true worldwide path usage and cross platform
file system links. By default, filenames beginning with a period are no
longer displayed (reducing user confusion when viewing home directories
shared by Unix environments). Also, the AFS Client now works correctly
at sites using cross-realm trusts between a Unix based Kerberos realm
(MIT/Heimdal) and multi domain Windows Forests. Multi homed file servers
are now supported for use in complex network environments, and automatic
fail over to available server volumes added providing greater fault
tolerance for large scale installations and mission critical applications.
Simplified Installation:
Support for AFS records in DNS has been added, so that the locations of
a site's AFS servers no longer need be specified in CellServDB files on
individual machines. This means that users can access new cells without
reconfiguring the client, and that changes in AFS server configurations
can be propagated transparently to clients without touching individual
workstations, and installation no longer requires inclusion of a site
specific server list in a local file.
Addition of Freelance Mode:
Freelance Mode allows users to start AFS on boot without access to their
home AFS cell. The volume loaded at AFS Client is maintained locally in
the registry without access to a cell. Whenever a user attempts to
contact an AFS path in a previously unknown cell, mount points and
symlinks are dynamically created and stored in the registry.
Improved Network Support for Mobile Users:
Support for network events and power management have been added and
enhanced. A Microsoft Loopback Adapter is now part of the installation,
resulting in improved stability for users of dynamically configured
networking devices, and allowing users to specify which network adapter
to use with AFS. The AFS Client is aware of the current state of the
network connection, and is able to start itself and prompt the user for
tokens as needed. Laptop users can thus now move about freely or change
network interfaces without having to reboot or restart the AFS service,
and the "hangs" associated with brief interruptions in network
connections eliminated.
Enhanced Stability:
Support for SMB/CIFS messaging has been extended, reducing hangs and
stalls in file transfers. File timestamps are reported entirely in UTC
resulting in improved stability in backup and syncing operations. The
Client Service now checks the versions of DLLs on startup to verify that
the code is from the same version, resulting in fewer problems after
upgrades. When an exception does occur, minidumps are created locally,
and can be created as needed via the command line. Also, although the
AFS client service provides crash reporting, the 1.4 release can also be
configured through an Active Directory policy to report crashes within
the domain for machines running XP and above.
Enhanced Central Administration:
An AFS Client Admins group is now created by the AFS installation,
allowing for the first time control over who can alter the configuration
of the AFS Client Service. All configuration data except the contents of
the CellServDB file (which is no longer required for access to sites
supporting AFS service records in DNS) are now stored in the Registry,
and are thus configurable via Active Directory Group Policies. An MSI is
also available for those who wish to deploy AFS or customize existing
installations for their users. Using integrated login, the network
provider can be configured to have different behavior depending on the
domain that the user logs into.
Supported Platforms: (! == new)
- --------------------------------
AIX 4.2, 4.3, 5.1!, 5,2!, 5.3!
HP-UX 11i (pa-risc), 11.22 (pa-risc), 11.23 (ia64)!
Solaris 7 (sparc,x86), 8 (sparc,x86), 9 (sparc,x86), 10! (sparc,x86,amd64)
MacOS X 10.3 (10.4 will be supported in the 1.4.1 release)
Microsoft Windows 2000, XP! (x86), 2003! (x86), 2003 R2! (x86)
Linux 2.4 kernel: x86, x86-uml, amd64, ia64, pa-risc!, ppc, ppc64!,
s390, s390x, sparc, sparc64
Linux 2.6 kernel: x86!, x86-uml!, amd64!, ia64!, ppc!, ppc64!,
s390x!, sparc64!
OpenBSD (x86) 3.3, 3.4, 3.5, 3.6, 3.7, 3.8
NetBSD (x86; server only) 1.5, 1.6, 2.0, 2.1, 3.0
FreeBSD (x86; server only) 4.7, 5.3, 6.0-beta
SGI Irix 6.5
Downloads:
- ----------
OpenAFS 1.4.0 can be downloaded from the web at:
http://www.openafs.org/release/openafs-1.4.0.html
and via AFS at:
/afs/grand.central.org/software/openafs/1.4.0/
A Note of Thanks
- ----------------
The OpenAFS Gatekeepers wish to thank all of the individuals and
organizations that have contributed to the development of OpenAFS
over the last five years.
Jeffrey Altman
on behalf of the OpenAFS Gatekeepers
--------------ms070905010102000800090305
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJXzCC
AwowggJzoAMCAQICAw7NrTANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE
ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv
bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwNTI3MTc0NzU3WhcNMDYwNTI3MTc0NzU3
WjBzMQ8wDQYDVQQEEwZBbHRtYW4xFTATBgNVBCoTDEplZmZyZXkgRXJpYzEcMBoGA1UEAxMT
SmVmZnJleSBFcmljIEFsdG1hbjErMCkGCSqGSIb3DQEJARYcamFsdG1hbkBzZWN1cmUtZW5k
cG9pbnRzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKjPyrF+rdjOUSK/
bWwZHdx5p1+y6iiCd4vvYEVDxouYFp5C/fZEWm5n45ubBUbMSUI1MAZN6ooEoH09UTj6BXhM
S8B987ls81dKOIUphTF2jOzq8gsFmeA15yHMRAD20LqUWeLyvYk8FCNQw+dsKMMhX+WdsxOm
RY/1jPkJL6oN8kEwoUFkOX9/OfWWh6oFnV6faiEHUKDMFubsb9X0KVD8iIeR7Cxz7i4kXqRX
wMlp2fyoxcDIJrBaTY8nA++g3p34IkWt1a5po6g683nIgSnGpwYIwuJheBqSEZfLYWa+1KdD
6Sn27Ud94GqUvPVG5jC6zVC5EJ2aWuoAu+nNuV8CAwEAAaM5MDcwJwYDVR0RBCAwHoEcamFs
dG1hbkBzZWN1cmUtZW5kcG9pbnRzLmNvbTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUA
A4GBADtvO//tjiAV6VJGtoNtrl34mB5jGyGTiotzw8riB6zz0GvY11bcWDmp6JKif+pVG+8L
IySDosbuva13qu2HwYUxBmWc7CoNd2k9kRlcrfbDUTTrGOZK8qyqNqT3gQZTAa9ZnUI0su9G
y/n2o5bQcaYdqR3htNrpvdLSPOWhILOXMIIDCjCCAnOgAwIBAgIDDs2tMA0GCSqGSIb3DQEB
BAUAMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBM
dGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTAeFw0w
NTA1MjcxNzQ3NTdaFw0wNjA1MjcxNzQ3NTdaMHMxDzANBgNVBAQTBkFsdG1hbjEVMBMGA1UE
KhMMSmVmZnJleSBFcmljMRwwGgYDVQQDExNKZWZmcmV5IEVyaWMgQWx0bWFuMSswKQYJKoZI
hvcNAQkBFhxqYWx0bWFuQHNlY3VyZS1lbmRwb2ludHMuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAqM/KsX6t2M5RIr9tbBkd3HmnX7LqKIJ3i+9gRUPGi5gWnkL99kRa
bmfjm5sFRsxJQjUwBk3qigSgfT1ROPoFeExLwH3zuWzzV0o4hSmFMXaM7OryCwWZ4DXnIcxE
APbQupRZ4vK9iTwUI1DD52wowyFf5Z2zE6ZFj/WM+Qkvqg3yQTChQWQ5f3859ZaHqgWdXp9q
IQdQoMwW5uxv1fQpUPyIh5HsLHPuLiRepFfAyWnZ/KjFwMgmsFpNjycD76DenfgiRa3Vrmmj
qDrzeciBKcanBgjC4mF4GpIRl8thZr7Up0PpKfbtR33gapS89UbmMLrNULkQnZpa6gC76c25
XwIDAQABozkwNzAnBgNVHREEIDAegRxqYWx0bWFuQHNlY3VyZS1lbmRwb2ludHMuY29tMAwG
A1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAO287/+2OIBXpUka2g22uXfiYHmMbIZOK
i3PDyuIHrPPQa9jXVtxYOanokqJ/6lUb7wsjJIOixu69rXeq7YfBhTEGZZzsKg13aT2RGVyt
9sNRNOsY5kryrKo2pPeBBlMBr1mdQjSy70bL+fajltBxph2pHeG02um90tI85aEgs5cwggM/
MIICqKADAgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMM
V2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25z
dWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYD
VQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNv
bmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5
WjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRk
LjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2
vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9
A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEw
EgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnRoYXd0
ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8EBAMCAQYwKQYDVR0R
BCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqGSIb3DQEBBQUAA4GB
AEiM0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQcUCCTcDz9reFhYsPZ
Ohl+hLGZGwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo05RAaWzVN
d+NWIXiC3CEZNd4ksdMdRv9dX2VPMYIDOzCCAzcCAQEwaTBiMQswCQYDVQQGEwJaQTElMCMG
A1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBl
cnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAw7NrTAJBgUrDgMCGgUAoIIBpzAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNTExMDIwMDA1MzZaMCMGCSqG
SIb3DQEJBDEWBBRWqU+C+wJgi9tzJ8a5ddyp4XP3MDBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqG
SIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG
9w0DAgIBKDB4BgkrBgEEAYI3EAQxazBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3
dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJl
ZW1haWwgSXNzdWluZyBDQQIDDs2tMHoGCyqGSIb3DQEJEAILMWugaTBiMQswCQYDVQQGEwJa
QTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhh
d3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAw7NrTANBgkqhkiG9w0BAQEFAASC
AQACxfgbX6KanYlUsqGUsvBFWeFqFG0ZCkhQ0PlIO9veWc86uew9vaNl2x4vGfdhSNHDAeEk
b1v1UIs2H8rILjSQs7oV3uxct1q+PxUACM6buaBULiMNMiYdRwTua48WJCF1cI4rCXJZM3wU
US/uYYyPufsUWRBdI121/C61qc4+tkHLJ5vyk1A9hD+4ownuqJ6+CLuMmhdO4PEeCbH9VYm9
ChDcb15/ug0dd0OELOradTZ4efDGrci0aaqP1Zoe5ecA/6ZQGyCJlecM4flJKS6B2bPAloaO
Q5ak5k8GXaxQ29UkkY65wFZAwgEq8eEUp/kkmLEhR1AKOxPEoXdFy1D8AAAAAAAA
--------------ms070905010102000800090305--