[OpenAFS-devel] AFS token logging

[Christos Ricudis]

Dear AFS developers,

We are trying to get some data about AFS token usage on our AFS
setup. Specifically, we would like to log AFS token aquisition and disposal
*on the server side*.

As I understand both from the architecture of AFS/Kerberos, and from looking
at the actual code, it's pretty easy to log token acquisition, but not token
disposal. Information about active tokens is not stored anywhere on the
authentication server, it's just token validity that is checked on the
fileservers. Token disposal is done purely on the client-side, with no
information sent back to the kaserver.

The need for this is two-fold. For one, we would like to have high-level
usage statistics for our AFS environment, for management/planning purposes.
One approach is to log token acquisition (easily done on the kaserver)
and assume the maximum token lifetime. This gives us a granularity of about
25 hours, not too problematic for the order of statistics we want.

The other need is operational - we would like to know who has an active token
in case we need to do unscheduled maintenance on our AFS servers. In this
case, the 25 hour granularity is barely acceptable.

Now, my questions :

1) Is my understanding of the token acquisition/disposal process and its
consequential effects right?

2) In the case we need to modify kaserver to better log token aquisition from
what it is currently logging, is OpenAFS kaserver interoperable with
Transarc AFS 3.6 Patchlevel 2? (can we just replace the Transarc kaserver
with OpenAFS kaserver? Judging from changelogs and the code itself, it's
possible to do so, but we would like a verification)

3) Has any progress in the abovementioned subjects been done recently, or
are there any relevant changes pending for the future?

Thank you very much,

--
ricudis@itc.auth.gr
Christos Ricudis
Systems Administrator
IT Support Center
Aristotles University of Thessaloniki, Greece.