[OpenAFS] Re: OpenAFS-info digest, Vol 1 #882 - 12 msgs
Chris Snyder
csnyder@mvpsoft.com
Wed, 30 Oct 2002 13:55:23 -0500
openafs-info-request@openafs.org wrote:
> Send OpenAFS-info mailing list submissions to
> openafs-info@openafs.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.openafs.org/mailman/listinfo/openafs-info
> or, via email, send a message with subject or body 'help' to
> openafs-info-request@openafs.org
>
> You can reach the person managing the list at
> openafs-info-admin@openafs.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OpenAFS-info digest..."
>
>
> Today's Topics:
>
> 1. Re: afsd dying on win2k (Rodney M Dyer)
> 2. Re: afsd dying on win2k (Ken Hornstein)
> 3. Re: cache performance (Lester Barrows)
> 4. Re: afsd dying on win2k (Derrick J Brashear)
> 5. Re: cache performance (Nathan Neulinger)
> 6. Re: cache performance (Warren.Yenson@morganstanley.com)
> 7. Re: cache performance (Nathan Neulinger)
> 8. Re: cache performance (Derrick J Brashear)
> 9. Re:
entication weirdness (Charles Clancy)
> 10. Re: Re: Kerberos V and xscreensaver/xlock (Charles Clancy)
> 11. Re: Authentication weirdness (Tino Schwarze)
> 12. Re: Re: Kerberos V and xscreensaver/xlock (Christian Pfaffel)
>
> --__--__--
>
> Message: 1
> Date: Tue, 29 Oct 2002 19:32:28 -0500
> To: Derrick J Brashear <shadow@dementia.org>
> From: Rodney M Dyer <rmdyer@uncc.edu>
> Subject: Re: [OpenAFS] afsd dying on win2k
> Cc: openafs-info@openafs.org
>
> At 11:57 AM 10/29/2002 -0500, you wrote:
>
>>On Tue, 29 Oct 2002, Rodney M Dyer wrote:
>>
>>
>>> From the looks of it, I don't think anything is going to be done about
>>
>>the
>>
>>>problem since no one on the OpenAFS group cares anything about
>>>Windoz...
>>
>>I don't think that's clear, but I can tell you I certainly don't have the
>>time to care.
>
>
> Just on the side, my colleagues and I think it's funny that you say
> this. Are you paid as an OpenAFS help desk person? You seem to have
> enough time to respond to just about everything that hits this list. Do
> you ever have time for anything else? ;)
>
> I can only hope my sting was "mostly harmless", but it was intended to draw
> out comments on just what is going on in the group relative to Windows
> support. Yes, I am VERY appreciative of the support I'm getting out of
> this list. On at least a couple of occasions I've gotten good help. I'm
> sorry if I offended anyone. Believe me, the last time we had to get a very
> small problem debugged in the Transarc client, it ended up costing us a few
> thousand dollars to get fixed.
>
> I'm glad to hear from Mr. Phil Moore at Morgan Stanley. I'm glad to hear
> that someone is pony'ing up for support. But, is the version that Morgan
> Stanley using available as open source? Can anyone get a copy of it? Is
> it a forked version of OpenAFS? What is different about it? How much
> would it cost us?
>
> We've been in a real push now for over a year to get a single-sign-on
> system developed between our Windows/UNIX/Mac machines. Using Kerberos V
> as the authentication mechanism and AFS as the filesystem, we've managed to
> glue everything together as a working unit. It all works great except now
> we are having trouble weaning ourselves away from the kaserver. Seems the
> Transarc/OpenAFS "klog.exe" can't be forwarded to the "fakeka"
> daemon. This wouldn't be a problem except that it is a real annoyance for
> our users to "kinit" then "aklog" at the command line by hand. And, we're
> having problems with "aklog" behind a NAT router for some reason I can't
> fathom (yes, we've tried addressless tickets).
>
> BTW, for anyone who cares, if you setup cross-realm authentication for an
> AD domain to a Kerberos V realm, you may have trouble with AD domain file
> share access. This seems to be caused by a bug/feature/design flaw in the
> Kerberos V replay packet detection. Microsoft and MIT are currently
> working the issue out. We still need AD domain shares because we store
> files and databases there that AFS cannot support because it doesn't have
> complete record locking capability.
>
> Rodney
>
>
>> I know a couple of people who probably care, but I'm not
>>going to out them; They're welcome to comment themselves or not, and I
>>have no idea if they can, or have the time, to look into this.
>>
>>I don't suppose anyone has an actual recipe for reproducing this, or is
>>this one of those deals where someone should pray that their network is
>>the same as yours?
>>
>>(Yes, now I'm being sarcastic. How about attaching a hub and a machine
>>with tcpdump next to a dying client and seeing what's going on as close to
>>when it dies as possible?)
>>
>>
>>
>>
>>_______________________________________________
>>OpenAFS-info mailing list
>>OpenAFS-info@openafs.org
>>https://lists.openafs.org/mailman/listinfo/openafs-info
>
>
>
> --__--__--
>
> Message: 2
> To: openafs-info@openafs.org
> Subject: Re: [OpenAFS] afsd dying on win2k
> Date: Tue, 29 Oct 2002 20:35:49 -0500
> From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
>
>>We've been in a real push now for over a year to get a single-sign-on
>>system developed between our Windows/UNIX/Mac machines. Using Kerberos V
>>as the authentication mechanism and AFS as the filesystem, we've managed to
>>glue everything together as a working unit. It all works great except now
>>we are having trouble weaning ourselves away from the kaserver. Seems the
>>Transarc/OpenAFS "klog.exe" can't be forwarded to the "fakeka"
>>daemon. This wouldn't be a problem except that it is a real annoyance for
>>our users to "kinit" then "aklog" at the command line by hand.
>
>
> Rodney, it seems to me like it would be trivial to have kinit call aklog
> after it's gotten you a TGT. Didn't you even consider trying that? And
> have you heard the phrase, "If you're not part of the solution, you're
> part of the problem?"
>
>
>>And, we're
>>having problems with "aklog" behind a NAT router for some reason I can't
>>fathom (yes, we've tried addressless tickets).
>
>
> I suspect the problem is related to the fact that some versions of the
> 524 library wouldn't accept an addressless v5 TGT.
>
> --Ken
>
> --__--__--
>
> Message: 3
> From: Lester Barrows <barrows@email.arc.nasa.gov>
> Organization: Asani Solutions, LLC
> To: openafs-info@openafs.org
> Subject: Re: [OpenAFS] cache performance
> Date: Tue, 29 Oct 2002 20:06:33 -0700
>
> Whenever a file is accessed on the client, I believe it contacts the cach=
> e=20
> manager to ensure that it hasn't changed. Perhaps the cache manager, rath=
> er=20
> than the file server, would be the most authoritative place to collect th=
> is=20
> information.
>
> Regards,
> Lester Barrows
>
> On Tuesday 29 October 2002 03:08 pm, Nathan Neulinger wrote:
>
>>What sort of additional logging are you looking for in the file server?
>>
>>Also, how do you plan on handling the "if it's already in the cache, th=
>
> e
>
>>file server probably won't see a request" issue?
>>
>>Adding more logging is relatively easy to do, just come up with a list.
>>
>>-- Nathan
>
>
>
> --__--__--
>
> Message: 4
> Date: Tue, 29 Oct 2002 22:19:53 -0500 (EST)
> From: Derrick J Brashear <shadow@dementia.org>
> To: openafs-info@openafs.org
> Subject: Re: [OpenAFS] afsd dying on win2k
>
> On Tue, 29 Oct 2002, Rodney M Dyer wrote:
>
>
>>>I don't think that's clear, but I can tell you I certainly don't have the
>>>time to care.
>>
>>Just on the side, my colleagues and I think it's funny that you say
>>this. Are you paid as an OpenAFS help desk person?
>
>
> I have 2 jobs, some percent of one of them is devoted to OpenAFS issues
> and the other is also OpenAFS related.
>
>
>>You seem to have
>>enough time to respond to just about everything that hits this list. Do
>>you ever have time for anything else? ;)
>
>
> Some.
>
>
>>I can only hope my sting was "mostly harmless", but it was intended to draw
>>out comments on just what is going on in the group relative to Windows
>>support.
>
>
> A lot, but not coherently organized. Perhaps that is part of the problem.
>
>
>>that someone is pony'ing up for support. But, is the version that Morgan
>>Stanley using available as open source? Can anyone get a copy of it? Is
>>it a forked version of OpenAFS? What is different about it? How much
>>would it cost us?
>
>
> It's not (apparently) forked OpenAFS, we got patches from Morgan Stanley
> for the real OpenAFS windows client (the incident is still open in the
> openafs-bugs queue)
>
>
>>glue everything together as a working unit. It all works great except now
>>we are having trouble weaning ourselves away from the kaserver. Seems the
>>Transarc/OpenAFS "klog.exe" can't be forwarded to the "fakeka"
>>daemon. This wouldn't be a problem except that it is a real annoyance for
>>our users to "kinit" then "aklog" at the command line by hand. And, we're
>>having problems with "aklog" behind a NAT router for some reason I can't
>>fathom (yes, we've tried addressless tickets).
>
>
> I suppose replacing kinit with one that does aklog is right out? We
> (OpenAFS) are going to have to deal with this in the near future to
> support the Kerberos 5 bridge proposal support which is actually expected
> to be useful (though not mandatory) in 1.2.8.
>
>
>
>
>
> --__--__--
>
> Message: 5
> Subject: Re: [OpenAFS] cache performance
> From: Nathan Neulinger <nneul@umr.edu>
> Cc: openafs-info@openafs.org
> Organization: University of Missouri - Rolla
> Date: 29 Oct 2002 21:23:15 -0600
>
> The cache manager is part of the client. So, yes, it is contacted.
>
> As long as a callback is still present with the server, there shouldn't
> be any communication with the file server.
>
> So, one possible solution would be a cache manager debug set (fs setset)
> that had a very minimal amount of logging generated - to where you could
> reasonably run fstrace regularly on clients. i.e. not a full bore -
> every access, just file opens.
>
> -- Nathan
>
> On Tue, 2002-10-29 at 21:06, Lester Barrows wrote:
>
>>Whenever a file is accessed on the client, I believe it contacts the cache
>>manager to ensure that it hasn't changed. Perhaps the cache manager, rather
>>than the file server, would be the most authoritative place to collect this
>>information.
>>
>>Regards,
>>Lester Barrows
>>
>>On Tuesday 29 October 2002 03:08 pm, Nathan Neulinger wrote:
>>
>>>What sort of additional logging are you looking for in the file server?
>>>
>>>Also, how do you plan on handling the "if it's already in the cache, the
>>>file server probably won't see a request" issue?
>>>
>>>Adding more logging is relatively easy to do, just come up with a list.
>>>
>>>-- Nathan
>>
>>_______________________________________________
>>OpenAFS-info mailing list
>>OpenAFS-info@openafs.org
>>https://lists.openafs.org/mailman/listinfo/openafs-info
>