From owner-freebsd-afs@FreeBSD.ORG Mon Jun 20 16:58:53 2011 Return-Path: Delivered-To: freebsd-afs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 44410106566C for ; Mon, 20 Jun 2011 16:58:53 +0000 (UTC) (envelope-from kaduk@mit.edu) Received: from dmz-mailsec-scanner-4.mit.edu (DMZ-MAILSEC-SCANNER-4.MIT.EDU [18.9.25.15]) by mx1.freebsd.org (Postfix) with ESMTP id E7E518FC1C for ; Mon, 20 Jun 2011 16:58:52 +0000 (UTC) X-AuditID: 1209190f-b7b0eae000000a42-bd-4dff78cb5e4e Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id 4E.0F.02626.BC87FFD4; Mon, 20 Jun 2011 12:43:55 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id p5KGhoNg003189; Mon, 20 Jun 2011 12:43:50 -0400 Received: from multics.mit.edu (MULTICS.MIT.EDU [18.187.1.73]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id p5KGhn9K017153 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 20 Jun 2011 12:43:49 -0400 (EDT) Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id p5KGhmqm022679; Mon, 20 Jun 2011 12:43:48 -0400 (EDT) Date: Mon, 20 Jun 2011 12:43:48 -0400 (EDT) From: Benjamin Kaduk To: freebsd-afs@freebsd.org In-Reply-To: Message-ID: References: User-Agent: Alpine 1.10 (GSO 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrGIsWRmVeSWpSXmKPExsUixG6nrnu64r+vQWuvvMXyN7OZLPoOzWZ0 YPKY8Wk+SwBjFJdNSmpOZllqkb5dAlfG9FkdbAUXhSu+HLzP2sC4h7+LkZNDQsBEoqXvEiOE LSZx4d56ti5GLg4hgX2MEie+9DBCOBsYJS4sewGVOcAksXP1NBYIp4FR4vjebcwg/SwC2hLT Wm+zg9hsAioSM99sZAOxRQSkJSa+XgS2g1lAXeLlgxNgk4QF5jJKTGl7DZbgFHCRWPJnDVgD r4CDRG/3e7C4kMA6Rokzp3lBbFEBHYnV+6ewQNQISpyc+YQFYqilxL+1v1gnMArOQpKahSS1 gJFpFaNsSm6Vbm5iZk5xarJucXJiXl5qka6JXm5miV5qSukmRlCQckry72D8dlDpEKMAB6MS D29P6X9fIdbEsuLK3EOMkhxMSqK8fCAhvqT8lMqMxOKM+KLSnNTiQ4wSHMxKIrzxj//5CvGm JFZWpRblw6SkOViUxHnLvYHaBNITS1KzU1MLUotgsjIcHEoSvH9LgLKCRanpqRVpmTklCGkm Dk6Q4TxAw72AUS3EW1yQmFucmQ6RP8Woy7F9wctDjEIsefl5qVLivGogRQIgRRmleXBzYMnl FaM40FvCvM4gVTzAxAQ36RXQEiagJf9fgXxQXJKIkJJqYKyrVFILudW0Urw47vajR7sqX9z+ KcTh0XSLJX7JlsObDrhUapned9/Ud3dy+bq+09HPzl1at1R+a3V0mNCboP4+xsI5OyUTlE1C nzjFPZ9+/t5Jd8HSoha7e6KXLs0OceG42bD2DqvaeoW4reWTZr+xKHjf1jNzIgsrZxi7hsm5 k1p3n9wTeqDEUpyRaKjFXFScCADizFm3CQMAAA== Cc: Robert Watson Subject: Re: AFS port now committed (was: Re: OpenAFS 1.6.0pre3 available (was Re: [OpenAFS-announce] OpenAFS 1.6.0 release candidate 2 available (fwd))) X-BeenThere: freebsd-afs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: The Andrew File System and FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jun 2011 16:58:53 -0000 On Sun, 29 May 2011, Robert Watson wrote: > > > An FYI to those following OpenAFS on FreeBSD: there's now a committed port > for it, net/openafs, which seems to work quite well for me here. There are a > bunch of loose ends Benjamin and others are chasing, including: The port has just been updated to the 1.6.0pre6 version. Unfortunately, this one does need a few patches (but they are in upstream git as of the past half hour), to make the installation more uniform for amd64 vs. i386, and prevent a panic at unmount. > > - The port doesn't yet automatically create /afs and /usr/vice/cache > (possibly > the latter should be /var/openafs/cache?). > I still need to do this ... "coming soon". > - The kernel module build for the client requires some help finding > opt_global.h, fixable by moving to bsd.kmod.mk I think? > hrs@ has kindly contributed some code which uses config(8) to generate opt_global.h, eliminating the need for a full kernel object tree -- only kernel (and world?) sources and a kernel configuration file (default: GENERIC) are needed. I have also persuaded bsd.kmod.mk to build a libafs.ko in my development tree, but that needs cleanup and testing before it gets released into the wild. > - The client currently uses a memory cache, not the vnode cache (on-disk > cache) due to locking issues which Derrick believes should be solvable in a > pretty straight forward manner given a bit of time. > > - FreeBSD doesn't have PAG support, although a MAC Framework module could > probably provide it fairly easily. > > - The AFS pages on the FreeBSD wiki require some refinement; the client one > seems generally to Just Work for me, but the server has quite a bit of > tweaking to do. In particular, the port doesn't install pre-generated > databases, requiring some prodding around with pts, etc. It sounds like > this should be fixed at some point? These remain on the TODO list. -Ben > > And, of course, there are a bunch of things I'm looking forward to seeing in > future OpenAFS versions, such as TCP support, GSSAPI support, and > confidentiality/integrity for pre- or non-kerberos access to AFS by a client. > > (In the slightly longer term, I'd also really like to see support for x509 > client certs, etc, rather than having to use Kerberos. I am quite happy with > kerberos for user-centric access, but for machine-centric access, certs make > more sense, I think). > > Robert >