OpenAFS for Windows IFS Re: [OpenAFS] Aklog can't get tokens

[Jeffrey Altman]

This is a cryptographically signed message in MIME format.

--------------ms070100040306070206090007
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Jeffrey Altman wrote:

> The IFS will not allow the use of /afs.  The IFS will continue to allow
> the use of \\AFS\cellname\... just as the current SMB implementation does.

What an IFS will bring to OpenAFS on Windows is:

  * no need to use NTLM authentication of SMB connections.  This current
    requirement is what is causing problems for sites which are
    attempting to authenticate with a non-Windows Kerberos principal
    mapped to a Windows Domain account which is part of a multi-domain
    forest.  (ASU.EDU and some unnamed large west coast university are
    currently struggling with this one.)

  * performance gains.  I expect a 40% improvement in read/write
    performance once the SMB-to-RX translator is removed.

  * improved ease of use.  Currently there are many configuration issues
    which cause problems for the OpenAFS client because of the need to
    run the SMB server on an instance of the Microsoft Loopback Adapter.
    - support for NETBIOS over TCP/IP must be active
    - File and Printer Services must be installed

  * conflicts with Offine Folders.  some individuals have reported
    problems with pioctl() failures which appear to be conflicts
    with the Offline Folders feature of the Windows SMB client.

On the other hand what we will lose is:

  * Offline Folders.  some organizations use Offline Folders with
    AFS.  Since Offline Folders is built into the Windows SMB client
    switching to an IFS will remove the ability to use offline folders
    with AFS.

I expect to develop the IFS in such a fashion that you will be able
to install one or the other depending on your preference.  However,
developing the IFS is more than a year away.  My current priority
for development is:

  * Rearchitect the thread management to allow for clean shutdowns
    [1st Qtr 2005]

  * Redesign the Cache Manager to provide for persistent cache state
    between service sessions.  [1st Qtr 2005]

  * Implement the existing remote debugging callback interface within
    the Cache Manager.  [1st Qtr 2005]

  * Implement Windows Distributed File System referrals [1st Qtr 2005]

  * Design and implement strong data confidentiality and integrity
    protection based on GSS-API Kerberos 5 mechanism.  (rxgk)
    [prototype 2nd Qtr 2005]

  * Design and implement new user interface tools: [2nd Qtr 2005]
    - Integrate AFS and KFW SysTray tools utilizing a common framework
      application for both.
    - New AFS Control Panel tool for end-user configuration
    - New AFS Administration tool for Client Service configuration

  * Native 64-bit system support (Itanium and AMD64) [2nd Qtr 2005]

  * Implement new command line tool to map drive letters to afs paths

  * Implement SMB/CIFS Unicode support.  This will remove character-set
    and name length restrictions.  Implementation is a pre-requisite for
    completing the SMB/CIFS Remote Administration Protocol.

    This is a significant piece of work estimated at approximately
    four months.  It is extremely important though as it is the one
    bit of functionality which is getting in the way of seemless
    support for Windows Roaming Profiles.  Roaming Profiles are
    currently restricted to the characters which are represented in
    the local machine's 8-bit OEM Code Page.  If a profile contains
    any filenames with characters not represented in the OEM Code Page,
    a failure will occur when writing the file back to AFS on logout.

    [I would like to see this happen before the end of the year but
    it is entirely dependent on available funding being obtained.]

  * Implement SMB/CIFS support for files larger than 2GB

  * Finish implementing the SMB/CIFS Remote Administration Protocol which
    provides integration with the Windows Explorer Shell.

  * Design and implement a Disconnected Mode (Off-line folder)
    functionality [possibly covered by U.S. Patent 6,125,388]

  * Design and implement a mechanism for the storage of DOS and Extended
    Attributes within the AFS file system.  (potentially model on OS/2
    FAT extensions)

  * Implement SMB/CIFS Digital Signature support

  * Design and Implement a mini-port Installable File System
    [In all likelihood I would not expect to see this for two years]

  * Integrate the AFS Client with Windows File Access Security model

Jeffrey Altman



--------------ms070100040306070206090007
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJPzCC
AvowggJjoAMCAQICAwxk8TANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE
ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv
bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQwNTI3MTc1ODU4WhcNMDUwNTI3MTc1ODU4
WjBrMQ8wDQYDVQQEEwZBbHRtYW4xFTATBgNVBCoTDEplZmZyZXkgRXJpYzEcMBoGA1UEAxMT
SmVmZnJleSBFcmljIEFsdG1hbjEjMCEGCSqGSIb3DQEJARYUamFsdG1hbkBjb2x1bWJpYS5l
ZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc3JqO5AsZrozd+mJ2mPuCTYo2
+nJ9Qq6jtUYtp7YTMW4d2Q6GLhNaHb1l9m74SxuY4f5vP6JtZjr6p9+LCCxD0w0NVLKRgUDp
z+tKFitbkJe9BSCxCURRvY3vdWA71gSCUvZAN3346hHb4oGVqgdpmfFJXYAHWpC46wiL72N9
WxySzY17/0eU0c8+r9dNoLpPQeL43O66O80jCl1qnXMaXaakZPsfm+5W90MYXhpQ1WIQpv02
lBn3BH5YE8xwbsNrw5AF4v7pjMuW85GI6FrDmfbpJX473Rpl5rmv3TpXkJ+7UsIIO1puyS8r
1o7kjDZ5EUYJxxglTGR6XL/RNzqHAgMBAAGjMTAvMB8GA1UdEQQYMBaBFGphbHRtYW5AY29s
dW1iaWEuZWR1MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAZYeVFCMP0iV+UVa0
eFoXkzMVl61CNAVY2YQ9/QQazO3G4qNiif35ArrnjPRDRj5M7WTeOCFqPVuvCttyJRiDKsEe
L4Yah22mRA3mR7x52j2FquPYZ9qCr1IhrNGzsMk+gopX5G0fTHZb6+uDu5SeMPNNcIznGA7M
CMpXAJ2PcKgwggL6MIICY6ADAgECAgMMZPEwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMC
WkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1Ro
YXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA0MDUyNzE3NTg1OFoXDTA1
MDUyNzE3NTg1OFowazEPMA0GA1UEBBMGQWx0bWFuMRUwEwYDVQQqEwxKZWZmcmV5IEVyaWMx
HDAaBgNVBAMTE0plZmZyZXkgRXJpYyBBbHRtYW4xIzAhBgkqhkiG9w0BCQEWFGphbHRtYW5A
Y29sdW1iaWEuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NyajuQLGa6M
3fpidpj7gk2KNvpyfUKuo7VGLae2EzFuHdkOhi4TWh29ZfZu+EsbmOH+bz+ibWY6+qffiwgs
Q9MNDVSykYFA6c/rShYrW5CXvQUgsQlEUb2N73VgO9YEglL2QDd9+OoR2+KBlaoHaZnxSV2A
B1qQuOsIi+9jfVscks2Ne/9HlNHPPq/XTaC6T0Hi+NzuujvNIwpdap1zGl2mpGT7H5vuVvdD
GF4aUNViEKb9NpQZ9wR+WBPMcG7Da8OQBeL+6YzLlvORiOhaw5n26SV+O90aZea5r906V5Cf
u1LCCDtabskvK9aO5Iw2eRFGCccYJUxkely/0Tc6hwIDAQABozEwLzAfBgNVHREEGDAWgRRq
YWx0bWFuQGNvbHVtYmlhLmVkdTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBAGWH
lRQjD9IlflFWtHhaF5MzFZetQjQFWNmEPf0EGsztxuKjYon9+QK654z0Q0Y+TO1k3jghaj1b
rwrbciUYgyrBHi+GGodtpkQN5ke8edo9harj2Gfagq9SIazRs7DJPoKKV+RtH0x2W+vrg7uU
njDzTXCM5xgOzAjKVwCdj3CoMIIDPzCCAqigAwIBAgIBDTANBgkqhkiG9w0BAQUFADCB0TEL
MAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du
MRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
ZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENB
MSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTAzMDcx
NzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0
ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVl
bWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEpjxVc1X7TrnK
mVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU5VAKMNcCY1osiRVwjt3J8CuFWqo/
cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTXp6a7n2XRxSpUhQ9IBH+nttE8
YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0fBDwwOjA4
oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVBlcnNvbmFsRnJlZW1haWxDQS5j
cmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwy
LTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oLLswNo2asZw9/r6y+whehQ5aUnX9MIbj4
Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSeJVCUYsfbJ3FXJY3dqZw5jowg
T2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHTHUb/XV9lTzGCAzswggM3AgEB
MGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0
ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMMZPEw
CQYFKw4DAhoFAKCCAacwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx
DxcNMDUwMTExMDUzMzE4WjAjBgkqhkiG9w0BCQQxFgQU+2hwcbIyz9G/d7Z4beqeQdkqvnEw
UgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN
AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgweAYJKwYBBAGCNxAEMWswaTBiMQswCQYD
VQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UE
AxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAwxk8TB6BgsqhkiG9w0B
CRACCzFroGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQ
dHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENB
AgMMZPEwDQYJKoZIhvcNAQEBBQAEggEAesDTjzyokc7jm6dS7KvYMemPevBzKJgKUVMtVM9v
Xj4hSvawvmyVnRtY0p40LNC89Q0qxdArQoago9zoSqp0JiiFb8NmhUDEd+yrGr/3ljFpQBAM
odgtYEDdSsXsifEseqA4aaEtDIpOvSrBTmDy/Yy673fkKf7huKi6eVsFa0+ztJ6CFJuVXxUA
zrkuN2xoHoxoAZjv+kUpmdpjp3IpY9+9YmjFjJbjFWRqaQ0ZZRnXWGpNUX2ALH+O47uW7kgL
5Wf6dm+u2J5S1Xsd30pcfWGyrMdvl7Lp4K+rJWa+WOD33JHcbO5h4PV1nkRdjGEpSIhO/uTO
3FF6kmgploX3XgAAAAAAAA==
--------------ms070100040306070206090007--