[OpenAFS-devel] Revised NEWS file

Sam Hartman hartmans@mekinok.com
18 Jun 2001 09:49:40 -0400 

--=-=-=


I think this is complete except for discussion of ports.  Comments
before I send this in?


--=-=-=
Content-Disposition: attachment; filename=afs-erata

Openafs News -- history of user Visible changes. 15 June 2001

* Changes since Openafs 1.0

** A client system can now have multiple sysname values for @sys.
 They will be searched  in order when looking up files in AFS.  The
 -newsysname argument to fs sysname can be repeated to set multiple
 sysnames.

** A new system group is created  for new cells (system:ptsviewers
   with id -203).  If this group exists, members of this group can
   examine and read the entire protection database.  They can examine
   all users and groups and can get the membership of any group.


** A new program, pt_util has been added to the distribution.  This
   program allows users to print the contents of the protection
   database or to edit the protection database without running a
   ptserver.  It can be used to set up a new cell without ever running
   in noauth mode.  Run pt_util -h for help.

** The fs setcrypt and fs getcrypt commands have been added.  These
   commands allow the system administrator to require that the client
   encrypt all authenticated traffic between the client workstation
   and AFS.  The encryption used is weak, but is likely better than
   sending unencrypted traffic in most environments.  Some functions,
   such as looking for a volume may not be encrypted, but data
   transfer certainly is.  By default data is not encrypted.  At this
   time no significant experimentation with server performance has
   been conducted.

** If AFS is compiled with  AFS_AFSDB_ENV, then  the -afsdb option can
   be given to afsd on startup.  If this option is used, then new
   cells will be looked up using AFSDB records stored in DNS if they
   are not found in CellServDB.  This means that users can create
   cross-cell mountpoints in directories they control to  access cells
   not in root.afs, and that cells in root.afs need not be in the
   client's CellServDB.


** AFS database servers can be marked as read-only clones.  Surround
   the hostname in square brackets on the bos addhost command and the
   database server will never be elected sync site.  This is useful
   for cells distributed over a wide region.

** The AFS servers now support the -syslog flag.  This flag causes
them to log to syslog rather than to files.  This flag is not
supported on NT.  For all servers besides the salvager, the flag can
also be specified as -syslog=facility, where facility is an integer
facility code from syslog.h.  A -syslogfacility option is provided for
the salvager to accomplish the same goal.

** If AFS is compiled with FAST_RESTART, then the salvager supports
the -dontsalvage flag which causes it to exit without salvaging any
volumes.  If this is configured into  the third command of a fs
process, then the fileserver will start without salvaging.  It will
fail to attach volumes that need salvaging and they can be salvaged
manually.  This provides significantly better server startup
performance at the cost of administrative complexity.

** If BITMAPS_LATER is defined at compilation, then the fileserver
creates bitmaps for free vnodes on demand, allowing faster starts.

** If bosserver finds a BosConfig.new file at startup, it reads this
** file and renames it to BosConfig.  This allows bosserver to be
** reconfigured at next restart.

** The bosserver can be placed in a restricted mode in
which AFS superusers are only granted limited access to the server
host.
The following functionality is disabled when restricted mode is in
use:

bos exec
bos getlog (except for files with no '/'s in their name)*
bos create *
bos delete
bos install
bos uninstall

 specific exceptions are made for functionality that "bos salvage"
uses:

a cron bnode who's name is "salvage-tmp", time is now, and command
begins with
"/usr/afs/bin/salvager" may be created. This bnode deletes itself when
complete, so no special "delete" support is needed. This functionality
may be removed in the future if a "Salvage" RPC is implimented.

The file with the exact path /usr/afs/logs/SalvageLog may be fetched,
since that is how bos salvage [...] -showlog is implimented.

Restricted mode is enabled using a new bos command (bos setrestricted)
or bossever command line switch (bosserver -restricted). Restricted
mode
can be disabled by a) sending the bosserver process a SIGFPE (which
will
then allow restricted operations until the next restart or
setrestricted
command) or b) editing /usr/afs/local/BosConfig (or BosConfig.new),
and
restarting the bosserver.

** The bos UserList of trusted administrators can now contain
cross-realm Kerberos principals.

** udebug now takes --server not --servers.


** Several error messages have been improved to include volume
numbers.



--=-=-=--