[OpenAFS] Two afs issues with Mac OS X
Prof. Thomas Stricker" <tomstr@inf.ethz.ch
Prof. Thomas Stricker" <tomstr@inf.ethz.ch
Sun, 9 Dec 2001 00:38 MET
Dear all,
I installed openafs successfully on my MacOS X Server 10.1.1. which
left me with two unresolved issues:
1. If I remeber correctly there are two different implementations
of the kernel module:
In one implementation the token is valid in the process
group (process subtree?) group that go the token.
In the other the token is valid for all processes with the
same userid on the machine that got the token.
I assume openafs for MacOS X is implementing the first model.
If I remember correctly the Mach Implementations did the
same thing, while the Solaris ones stuck to the model with
validity on the whole workstation.
This behavior causes problems with MacOS X client/server.
As far as I know I can only get a token in the terminal window with
a commandline shell. But so the graphic shell called "Finder",
that drives really everything in the Macintosh cannot see my AFS
token and therefore does not get my AFS access rights. This is sad
since this restricts AFS use to the commandline mode only.
Does anybody know a workaround?
2. How do I restrict the AFS world visible in the /afs mount point
of my client to a reasonable subset of all afs sites in the
world.
It is a well known problem that GUI shells and file selection
interfaces tend to die when they see AFS filessystems instead
of local ones.
Some of them go always from root and die when they try to
"stat" every entry of every directory along the path. Some of them
die when they encounter an /afs/cs.cmu.edu/users/ directory with 1000
entries, representing 1000 users (e.g. Unix Framemaker and most
motiv tools).
I did manage to specify the local root at ethz.ch as my /afs
root, but that view of the world is to narrow for me and I would like
to have access to my afs accounts at "psc.edu" and cs.cmu.edu as well
as at ethz.ch. So how do I restrict the afs world to my own little
view of the world.
I did try to edit the number of sites in the CellServDB file
of my clients, but then the entire world was visible again...
Did my client check a CellServDB of my home cell as well? Or
how did my client add the whole world to the /afs mount point.
If you have an answer to one of my two problems, please let me know!
Best regards
Thomas M. Stricker
Lab for Computer Systemes
ETH Zuerich
PS: I am an AFS user for a long long time... since I spent 1989-1996 at CMU.