Index: openafs/doc/man-pages/pod1/aklog.pod diff -c /dev/null openafs/doc/man-pages/pod1/aklog.pod:1.1.2.3 *** /dev/null Thu Aug 3 00:50:56 2006 --- openafs/doc/man-pages/pod1/aklog.pod Mon Jul 31 13:49:31 2006 *************** *** 0 **** --- 1,252 ---- + =head1 NAME + + aklog - Obtain tokens for authentication to AFS + + =head1 SYNOPSIS + + =for html +
+ + B [B<-d>] [B<-hosts>] [B<-zsubs>] [B<-noprdb>] [B<-noauth>] [B<-linked>] + [B<-force>] [B<-524>] [B<-setpag>] + S<<< [[B<-cell> | B<-c>] > [B<-k> >]]+ >>> + + B [B<-d>] [B<-hosts>] [B<-zsubs>] [B<-noprdb>] [B<-noauth>] [B<-linked>] + [B<-force>] [B<-524>] [B<-setpag>] [B<-path> | B<-p>] >+ + + =for html +
+ + =head1 DESCRIPTION + + The B program authenticates to a cell in AFS by obtaining AFS + tokens. If B is invoked with no command-line arguments, it will + obtain tokens for the workstation's local cell. It may be invoked with an + arbitrary number of cells and pathnames to obtain tokens for multiple + cells. B knows how to expand cell name abbreviations, so cells can + be referred to by enough letters to make the cell name unique among the + cells the workstation knows about. + + B obtains tokens by obtaining a Kerberos service ticket for the AFS + service and then storing it as a token. By default, it obtains that + ticket from the realm corresponding to that cell (the upcase version of + the cell name), but a different realm for a particular cell can be + specified with B<-k>. B<-k> cannot be used in B<-path> mode (see below). + + =head1 OPTIONS + + =over 4 + + =item B<-524> + + Normally, B generates native K5 tokens. This flag tells B + to instead use the krb524 translation service to generate K4 or rxkad2b + tokens, which may be necessary for AFS cells that don't support native K5 + tokens. Support for native K5 tokens were added in OpenAFS 1.2.8. + + =item B<-cell> >, B<-c> > + + This flag tells B that the next argument is the name of a cell to + authenticate to. It normally isn't necessary; B normally + determines whether an argument is a cell or a path name based on whether + it contains C or is C<.> or C<..>. The cell may be followed by B<-k> + to specify the corresponding Kerberos realm. + + =item B<-d> + + Turns on printing of debugging information. This option is not intended + for general users. + + =item B<-force> + + Normally, aklog will not replace tokens with new tokens that appear to be + identical. If this flag is given, it will skip that check. + + =item B<-hosts> + + Prints all the server addresses which may act as a single point of + failure in accessing the specified directory path. Each element of the + path is examined, and as new volumes are traversed, if they are not + replicated, the server's IP address containing the volume will be + displayed. The output is of the form: + + host: + + This option is only useful in combination with paths as arguments rather + than cells. + + =item B<-k> > + + This flag is valid only immediately after the name of the cell. It tells + B to use that Kerberos realm when authenticating to the preceding + cell. By default, B will use the realm (per the local Kerberos + configuration) of the first database server in the cell, so this flag + normally won't be necessary. + + =item B<-linked> + + If the AFS cell is linked to a DCE cell, get tokens for both. + + =item B<-noauth> + + Don't actually authenticate, just do everything else B does up to + setting tokens. + + =item B<-noprdb> + + Ordinarily, B looks up the AFS ID corresponding to the name of the + person invoking the command, and if the user doesn't exist and the cell is + a foreign one, attempts automatic registration of the user with the remote + cell. Specifying this flag turns off this functionality. This may be + desirable if the protection database is unavailable for some reason and + tokens are desired anyway, or if one wants to disable user registration. + + =item B<-path> >, B<-p> > + + This flag tells B that the next argument is a path in AFS. + B will walk that path and obtain tokens for every cell needed to + access all of the directories. Normally, this flag isn't necessary; + B assumes an argument is a path if it contains C or is C<.> or + C<..>. + + =item B<-setpag> + + When setting tokens, attempt to put the parent process in a new PAG. This + is usually used as part of the login process but can be used any time to + create a new AFS authentication context. + + =item B<-zsubs> + + Prints out the Zephyr subscription information to get alerts regarding all + of the file servers required to access a particular path. The output is + of the form: + + zsub: + + where is the instance of a class C Zephyr subscription. + + =back + + =head1 FILES + + =over 4 + + =item F<~/.xlog> + + If this file exists in the user's home directory, it should contain a list + of AFS cells to which to authenticate, one per line. If B is + invoked without any options, it will attempt to obtain tokens in every + cell listed in this file if it exists, rather than only obtaining tokens + for the local cell. + + =back + + =head1 EXIT CODES + + The exit status of B will be one of the following: + + =over 3 + + =item 0 + + Success -- No error occurred. + + =item 1 + + Usage -- Bad command syntax; accompanied by a usage message. + + =item 2 + + Something failed -- More than one cell or pathname was given on the + command line and at least one failure occurred. A more specific error + status is returned when only one directive is given. + + =item 3 + + AFS -- Unable to get AFS configuration or unable to get information about + a specific cell. + + =item 4 + + Kerberos -- Unable to get tickets for authentication. + + =item 5 + + Token -- Unable to get tokens. + + =item 6 + + Bad pathname -- The path given was not a directory or lstat(2) failed on + some component of the pathname. + + =item 7 + + Miscellaneous -- An internal failure occurred. For example, B + returns this if it runs out of memory. + + =back + + =head1 EXAMPLES + + To get tokens for the local cell: + + % aklog + + To get tokens for the C cell: + + % aklog athena.mit.edu + + or + + % aklog athena + + The latter will work if you local cache manager already knows about the + C cell. + + To get tokens adequate to read F: + + % aklog /afs/athena.mit.edu/user/p/potato + + To get tokens for C that is in a test Kerberos realm: + + % aklog testcell.mit.edu -k TESTREALM.MIT.EDU + + =head1 SEE ALSO + + kinit(1), tokens(1), unlog(1) + + =head1 AUTHOR + + Manpage originally written by Emanuel Jay Berkenbilt (MIT-Project + Athena). Extensively modified by Russ Allbery . + + =head1 COPYRIGHT + + Original manpage is copyright 1990, 1991 Massachusetts Institute of + Technology. All rights reserved. + + Copyright 2006 Russ Allbery . + + Export of this software from the United States of America may require + a specific license from the United States Government. It is the + responsibility of any person or organization contemplating export to + obtain such a license before exporting. + + WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute + this software and its documentation for any purpose and without fee is + hereby granted, provided that the above copyright notice appear in all + copies and that both that copyright notice and this permission notice + appear in supporting documentation, and that the name of M.I.T. not be + used in advertising or publicity pertaining to distribution of the + software without specific, written prior permission. Furthermore if you + modify this software you must label your software as modified software and + not distribute it in such a fashion that it might be confused with the + original MIT software. M.I.T. makes no representations about the + suitability of this software for any purpose. It is provided "as is" + without express or implied warranty. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED + WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF + MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + + =cut Index: openafs/doc/txt/winnotes/afs-changes-since-1.2.txt diff -c openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.13.2.68 openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.13.2.69 *** openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.13.2.68 Mon Jul 3 13:12:31 2006 --- openafs/doc/txt/winnotes/afs-changes-since-1.2.txt Fri Jul 28 12:30:53 2006 *************** *** 1,3 **** --- 1,13 ---- + Since 1.4.2-beta2: + * Corrections to the Integrated Logon functionality that permits + Kerberos 5 TGTs to be communicated into the user session. The + transfer is now more secure and succeeds when the user does not + have read permission to the %SystemRoot%\TEMP directory. + + * NSIS installer updated to version 2.18 + + * WiX installer updated to version 2.0.4221.0 + Since 1.4.2-beta1: * move headers, libraries, and samples from OpenAFS\Client to OpenAFS\SDK *************** *** 29,35 **** * Allow Freelance Scache entries to be recycled ! Since 1.4.1d: * A deadlock was detected when performing "fs flushall" if the file server reports VNOVNODE. The scp->createBufferLock is --- 39,45 ---- * Allow Freelance Scache entries to be recycled ! Since 1.4.1d: 1.4.2-beta1 released 14 June 2006 * A deadlock was detected when performing "fs flushall" if the file server reports VNOVNODE. The scp->createBufferLock is Index: openafs/doc/txt/winnotes/afs-issues.txt diff -c openafs/doc/txt/winnotes/afs-issues.txt:1.8.2.19 openafs/doc/txt/winnotes/afs-issues.txt:1.8.2.20 *** openafs/doc/txt/winnotes/afs-issues.txt:1.8.2.19 Sat Oct 22 02:03:24 2005 --- openafs/doc/txt/winnotes/afs-issues.txt Fri Jul 28 12:30:53 2006 *************** *** 1,4 **** ! This file is a rough list of known issues with the 1.4.0050 release of OpenAFS on Windows. This list is not complete. There are probably other issues which can be found in the RT database or on the mailing list. --- 1,4 ---- ! This file is a rough list of known issues with the 1.4.1xxx release of OpenAFS on Windows. This list is not complete. There are probably other issues which can be found in the RT database or on the mailing list. *************** *** 34,42 **** be automatically prompted for different cells (12) AFS Integrated Logon: - (12b) If using Kerberos, need to figure out a means of passing credentials - into the user space until such time as I finish the new credential - cache service. (12c) If network is not available must store the username and password somewhere until such time as the network starts. --- 34,39 ---- *************** *** 75,81 **** (22) CIFS Remote Administration Protocol implementation is incomplete. Notifications are not made to requestors when the view of a file or folder changes due to token acquisition; token expiration; or ! token destruction (23) Remove submount creation as a side effect of AFS drive mapping. --- 72,78 ---- (22) CIFS Remote Administration Protocol implementation is incomplete. Notifications are not made to requestors when the view of a file or folder changes due to token acquisition; token expiration; or ! token destruction. (23) Remove submount creation as a side effect of AFS drive mapping. *************** *** 94,101 **** or by the new AFS Client Service Administration tool when executed by an authorized user. - (24) No support for byte range locking (or locking at all) - ------------------------------------------------------------------------- List of unfunded projects: --- 91,96 ----