[OpenAFS] Two afs issues with Mac OS X

Prof. Thomas Stricker" <tomstr@inf.ethz.ch Prof. Thomas Stricker" <tomstr@inf.ethz.ch
Sun, 9 Dec 2001 00:38 MET

Dear all,

I installed openafs successfully on my MacOS X Server 10.1.1. which 
left me with two unresolved issues:

1. If I remeber correctly there are two different implementations
   of the kernel module:

   In one implementation the token is valid in the process 
   group (process subtree?) group that go the token.

   In the other the token is valid for all processes with the
   same userid on the machine that got the token.

   I assume openafs for MacOS X is implementing the first model. 
   If I remember correctly the Mach Implementations did the
   same thing, while the Solaris ones stuck to the model with
   validity on the whole workstation.

   This behavior causes problems with MacOS X client/server.
   As far as I know I can only get a token in the terminal window with
   a commandline shell. But so the graphic shell called "Finder", 
   that drives really everything in the Macintosh cannot see my AFS
   token and therefore does not get my AFS access rights. This is sad
   since this restricts AFS use to the commandline mode only.

   Does anybody know a workaround?

2. How do I restrict the AFS world visible in the /afs mount point 
   of my client to a reasonable subset of all afs sites in the

   It is a well known problem that GUI shells and file selection
   interfaces tend to die when they see AFS filessystems instead
   of local ones.

   Some of them go always from root and die when they try to
   "stat" every entry of every directory along the path. Some of them
   die when they encounter an /afs/cs.cmu.edu/users/ directory with 1000
   entries, representing 1000 users (e.g. Unix Framemaker and most
   motiv tools).

   I did manage to specify the local root at ethz.ch as my /afs 
   root, but that view of the world is to narrow for me and I would like
   to have access to my afs accounts at "psc.edu" and cs.cmu.edu as well
   as at ethz.ch. So how do I restrict the afs world to my own little
   view of the world.

   I did try to edit the number of sites in the CellServDB file
   of my clients, but then the entire world was visible again...
   Did my client check a CellServDB of my home cell as well? Or
   how did my client add the whole world to the /afs mount point.   
If you have an answer to one of my two problems, please let me know!

Best regards 
Thomas M. Stricker
Lab for Computer Systemes
ETH Zuerich 

PS: I am an AFS user for a long long time... since I spent 1989-1996 at CMU.