AFS
for Multiplatforms
Patch 29 README
First Edition (September 2018)
and to all subsequent releases and modifications until otherwise indicated in new editions.
This document has the following sections:
For UNIX(R) systems, you use the same procedure
to install
a patch distribution as to upgrade from a previous release. See the
upgrade
instructions in the AFS Release Notes.
For Windows(R) systems, patches can
be installed
directly
to the base 3.6 product or over any previous patches. The AFS for
Windows
installation program displays a series of dialog boxes that lead you
through
the installation process. Follow the directions in each dialog box and
select the appropriate options.
| rs_aix53 | IBM
RS/6000/pSeries running AIX 5.3 , AIX 5.3A, AIX 5.3D, AIX 5.3H and AIX 53S with:
|
| rs_aix61 | IBM
RS/6000/pSeries running AIX 6.1 TL5, AIX 6.1 TL6, AIX 6.1 TL7, AIX 6.1 TL8 and AIX 6.1 TL9 with :
|
| rs_aix71 | IBM
RS/6000/pSeries running AIX 7.1, AIX 7.1 TL3, AIX 7.1 TL4 and AIX 7.1 TL5 with :
|
| rs_aix72 | IBM
RS/6000/pSeries running AIX 7.2 TL1 and AIX 7.2 TL2 with :
|
In addition to the following notes, the product notes for all system types in the AFS Release Notes distributed with the GA release of AFS 3.6 also apply to this patch release.
This delta makes the -minhour restriction applicable to all users
including the ADMIN.
This delta also solves a kaserver hang, caused when changing password of a
non-existent user.
(Noted at Patch 19)
AFS lets system administrators to specifically allow or deny setuid binaries from local cell. The SETUID variable in AFS startup script needs to be set appropriately with values "ALLOW" or "DENY". If this variable is left unset then AFS will exhibit the default behaviour.
(Noted at Patch 16)
AFS supports a maximum volume size of 20
GB for AIX, Solaris, Windows and Linux.
(Noted at Patch 15)
A new built-in group, "system:ptsviewers" has been introduced in
the ptserver. Members of this group are allowed to perform the
following
actions without having administrative privileges if they belong to this
group:
pts examine
pts membership
pts listowned
Note: The new group uses the group ID -203. If this group ID is already present in the ptserver database, this feature will be disabled and a warning message will be added to ptserver log. This is to ensure backward compatibility.
(Noted at Patch 9)
There is a cryptographic weakness in Kerberos 4 (used by AFS) that
allows an attacker to impersonate any principal in a realm if he knows
the shared cross-realm key between the local realm and a remote realm.
This is described in the vulnerability:
MITKRB5-SA-2003-004
IBM AFS does not support Cross Realm Authentication. AFS Cross Realm Authentication has been disabled in the kaserver by default. There is no fix for this vulnerability except to disable cross realm authentication.
The kaserver can be started with the option "-crossrealm" to enable AFS Cross Realm Authentication. However, this will expose the cell to the above vulnerability.
(Noted at Patch 8)
An option called '-nojumbo' on the server and '-rxnojumbo' on the
client, has been added, to disable the use of AFS Rx jumbograms. This
option
can be useful when network is problematic or there are lots of resends
in the network.
For Unix AFS Server, this option can be added to fileserver or volserver through BosConfig file, before starting bosserver. Alternatively, the 'rxtune' command can be used to set rxi_nSendFrags to 1 for disabling jumbograms. However, this will take effect only for new connections.
For Unix AFS Clients, this option is specified as an argument to afsd in afs.rc script, while starting AFS client. On windows, this is controlled through registry key called 'RxNoJumbo'. User has to create a DWORD value for RxNojumbo in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters. If RxNoJumbo is set to 1, then Jumbograms are disabled. If it is set to 0, then Jumbograms are enabled. If no registry key is specified, Jumbograms are disabled.
(Noted at Patch 8)
A vulnerability in the RX connection exists, wherein a malicious
program can intercept or sniff packets between an authenticated client
and server by getting its host IP updated into the connection
structures
on the peer. The malicious client program can send modified
content
to the server. This problem has been corrected.
(Noted at Patch 6)
butc with showprogress
option works correctly while
restoring volumes greater than 4GB.
(Noted at Patch 6)
A client panic that resulted from calls made to specific AFS RPCs
has been corrected.
(Noted at Patch 5)
The butc, backup, and buserver
binaries must
be at the same patch level on all machines that use the AFS backup
utility.
(Noted at Patch 2)
On UNIX systems, AFS messages are now logged via syslog. Previously,
AFS messages were logged to /dev/console. When /dev/console
was unavailable, the process that was trying to write to it waited
until
it became available again; it was not possible to stop the process.
(Noted at Patch 1)
In addition to the following notes, the product notes for AIX in the AFS Release Notes distributed with the GA release of AFS 3.6 (build level afs3.6 2.0) also apply to this patch release.
Added -X option to fileserver to change the default fileserver parameters to a higher values.
(Noted at Patch 29)
To support 64-bit TSM client, we are providing new set of AFS binaries butc64 and backup64. These binaries are provided in the '/usr/afsws/etc' directory along with the 32 bit butc and backup binaries.
(Noted at Patch 29)
To improve the performance bottleneck and reduce the number of ubik calls to the PTSERVER, we have implemented the new feature called PTS caching in the fileserver. This feature will cache the AFS user information such as user id, its groups and CPS data. This user information will be cached and will be active for 8 hours.
(Noted at Patch 28)
In AFS, klog binary was using Kerberos 4 authentication mechanism to get the AFS user credentials. From this patch, we have made the k5log binary as klog binary by default which will use the K5 mechanism for getting the AFS user credentials. The Kerberos 4 authentication will be provided by k4log binary.
(Noted at Patch 28)
We have added the MD5 based inode number support mechanism on AIX platform. This will help in minimizing the inode collisions.
To enable or disable or to check the status of MD5 enabled inode support, use "fs md5inum" command as below
Usage: fs md5inum [-enable] [-disable] [-status] [-help].
Where: -enable Enable md5inum
-disable Disable md5inum
-status Status of md5inum
(Noted at Patch 28)
Added XLARGE option in rc.afs file for afsd to start with following parameters.
XLARGE="-stat 125000 -daemons 12 -volumes 1536 -chunksize 20 -files 150000 -dcache 75000
(Noted at Patch 28)
Added new feature of Vice Partition Virtualization using which we can dynamically move the vice partitions from one fileserver to another fileserver while client applications are actively accessing data on volumes on these vice partitions.This makes the migration of vice partitions very quick without restarting the file servers and also without terminating the client jobs. Client just gets a busy message until the migration is completed.
Two new commands "vos detachpart" and "vos attachpart" are added to achieve Vice Partition Virtualization.
(Noted at Patch 25)
Added support of Kerberos 5 Protocol in IBM AFS for handling authentication
(Noted at patch 24)
AFS fileserver now supports files greater than 2GB :
AFS fileserver now supports files
greater than 2GB on AIX(5.3 and above) platform. This would help creating
files > 2GB on this fileserver, using any AFS or OpenAFS Clients which
support large
file.
The AFS Fileserver on AIX is inode based fileserver, which internally is based
on the JFS local filesystem, which itself doesn’t support large file by
default. Large file support has to be enabled on
vicep* ( JFS )
partitions, to make file server capable of large files support.
The maximum file size would be slightly less than 64 GB. This
limitation is not because of AFS Fileserver design, but because of the maximum
limit imposed by JFS file system itself. This fileserver is
capable of serving
traditional ( small file support ) vicep* partitions, along with the new (
Large file enabled ) vicep* partition.
Pre-requisite :
Before starting AFS on
the fileserver machine set the file size limit as unlimited.
Follow the steps given
below for starting AFS on a fileserver machine.
1] Set filesize to
unlimited
# ulimit -f unlimited
2] Start AFS
Run the initialization script --> /etc/rc.afs
(Noted at Patch 20)
AFS client
now supports files greater than 2 GB :
AFS client now can access files greater than 2GB residing on any large file
enabled fileserver (IBM AFS or OpenAFS). Supported on AIX(5.3 and above)
only.
For creating large files, the system or user limit should be appropriately
set to larger values for file sizes. Set ulimit -f as unlimited before
starting AFS client.
For storing large files, the AFS Volume hosting the file should be under
large file enabled file server and it should reside on large file enabled
partition.
The applications which would be using large files must be able to handle large file correctly. The application needs to be compiled with certain specific flags to be able to handle large files. The rest of the client features are as it was prior to this change, except few limitations noted below.
Limitation :-
NFS-AFS translator is not supported on any AIX platform for >2GB files.
(Noted at Patch 20)
Added NFS-AFS translator setup comments for AIX in rc.afs.
(Noted at
Patch 19)
AFS client on AIX used to take considerable amount of time for startup. It was loading many kernel symbols which are not required at all.
This change loads only the required symbols at the startup, thus reducing start time for AFS client on AIX. This change applies only to 64 bit kernels.
(Noted at Patch 19)
On AIX, AFS supports TSM 5.4.
(Noted at Patch 17)
On AIX, AFS supports TSM 5.2 and 5.3.
(Noted at Patch 15)
On AIX, AFS will not support TSM 4.2
(Noted at Patch 8)
On AIX 4.3.3, AFS has seen frequent problems of jfs returning ENOMEM error for certain filesystem operations. This was due to design limitation with initial versions of AIX and typically happens when many files of size > 32K are copied or used simultaneously in the system. This has been fixed in AIX APAR 13763.
Solution involves installation of the mentioned AIX APAR and remounting fileserver partition /vicepxx and cache partition /usr/vice/cache, with option '-o mind'.
(Noted at Patch 8)
On AIX, AFS supports TSM 5.1 and TSM 5.2. Note that there is only one butc binary which can be used with both TSM 5.1 and TSM 5.2. To run butc on AIX, it is essential to have following package installed in the system.
tivoli.tsm.client.api.aix43.32bit
(Noted at Patch 7 and 8)
Due to a limitation in AIX 4.3.3, using CTRL-C does not cause the butc program to exit. To avoid this problem, an environment variable called 'AIXTHREAD_SCOPE' needs to be set to S, before executing butc. Note that, butc should always be run with root privileges on the Tape Coordinator machine.
(Noted at Patch 5)
The curpag binary is a small program that prints the pags for the current user session.
On AIX, when the user authenticates through kerberos, the KRBTKFILE environment variable is not set. If this environment variable is not set, the kerberos tokens are not displayed with the tokens.krb command.
The value of KRBTKFILE variable is of the following format: /tmp/tktp$PAG where $PAG are the pags associated with the current session. The curpag binary prints $PAG. To set the KRBTKFILE environment variable, issue the following command: $ setenv KRBTKFILE /tmp/tktp`/usr/vice/etc/curpag`.
The "curpag" binary is distributed with AFS on AIX 4.3 and 5.1 distributions and is in the /usr/vice/etc directory.
(Noted at Patch 4)
By default, garbage collection of tokens is disabled for AIX systems.
To turn on garbage collection, run /usr/afsws/etc/gcpags,
a
toggle
switch that enables and disables garbage collection. To verify whether
garbage collection is enabled, run kdump -gcpags.
If afs_gcpags=1
garbage collection is enabled; if afs_gcpags=2
garbage
collection
is disabled. For AIX 4.x systems, garbage collection works only if afs_gcpags_procsize
has one of the following values: 256, 384, 416, 448.
For AIX 5.1, garbage collection will work irrespective of the value of afs_gcpags_procsize, which will always be 0.
(Noted at Patches 2 and 3)
In addition to the following notes, the product notes for AIX in
the AFS Release Notes distributed with the GA
release of AFS
3.6
(build level afs3.6 2.0) also apply to this patch
release.
This patch onwards we are supporting AIX 7.2 TL2. The bins to be used for AIX 7.2 are as follows :
AIX 7.2 TL2 need to use rs_aix72.tar.gz.
(Noted at patch 29)
This patch onwards we are also supporting AIX 7.1 TL5. The bins to be used for AIX 7.1
are as follows :
AIX 7.1 Base, AIX7.1 TL3, AIX7.1 TL4 and AIX7.1 TL5 need to use rs_aix71.tar.gz.
(Noted at patch 29)
This patch onwards we are supporting AIX 7.2 TL1. The bins to be used for AIX 7.2 are as follows :
AIX 7.2 TL1 need to use rs_aix72.tar.gz.
APAR IV97964 is required on AIX7.2 TL1 as pre-requisite before running the AFS.
(Noted at patch 28)
This patch onwards we are also supporting AIX 7.1 TL4. The bins to be used for AIX 7.1
are as follows :
AIX 7.1 Base, AIX7.1 TL3 and AIX7.1 TL4 need to use rs_aix71.tar.gz.
(Noted at patch 27)
This patch onwards we are also supporting AIX 6.1 TL8 and TL9.The bins to be used for AIX 6.1 are as follows :
AIX 6.1 - TL2 / TL3 and TL4 need to use rs_aix61.TL2.tar.gz.
AIX 6.1 - TL5 / TL6 / TL7 / TL8 and TL9 need to use rs_aix61.TL5.tar.gz.
(Noted at patch 26)
This patch onwards we are also supporting AIX 7.1 TL3. The bins to be used for AIX 7.1
are as follows :
AIX 7.1 Base and AIX7.1 TL3 need to use rs_aix71.tar.gz.
(Noted at patch 25)
This patch onwards we are also supporting AIX 6.1 TL7. The bins to be used for AIX 6.1
are as follows :
AIX 6.1 TL5 and AIX 6.1 TL6 and AIX 6.1 TL7 need to use rs_aix61.TL5.tar.gz.
(Noted at patch 24)
This patch onwards we are also supporting AIX 7.1 Base. The bins to be used for AIX 7.1 Base
is as follows :
AIX 7.1 Base need to use rs_aix71.tar.gz.
(Noted at patch 23)
This patch onwards we are also supporting AIX 6.1 TL5 and TL6. The bins to be used for AIX 6.1
are as follows :
AIX 6.1 TL5 and AIX 6.1 TL6 need to use rs_aix61.TL5.tar.gz.
(Noted at patch 22)
This patch onwards
we are supporting upto AIX 61 TL3. The bins to be used on different AIX 6.1
is as follows :
AIX 6.1 Base and AIX 6.1 TL1 need
to use rs_aix61.TL1.tar.gz.
AIX 6.1 TL2, AIX 6.1 TL3 and AIX 6.1 TL4 need
to use rs_aix61.TL2.tar.gz.
(Noted at patch 19)
(AIX 5.2 Only) For AFS to work properly on AIX 5.2 systems, it is required that APAR IY38963 is applied to AIX. Corresponding defect no. is 381080. This APAR is available at: https://techsupport.services.ibm.com/server/fixes
(Noted at Patch 7)
If AIX version 5.x is installed, edit the /usr/lib/security/methods.cfg
file instead of the /etc/security/login.cfg file as
documented
in IBM AFS Quick Beginnings.
The change affects Step 3 in the section titled Enabling AFS Login on AIX Systems in each of two chapters in IBM AFS Quick Beginnings: Installing the First AFS Machine and Installing Additional Client Machines. The corrected text follows.
Create or edit the DCE and AFS stanzas in the /usr/lib/security/methods.cfg file on the local disk:
Edit the stanzas as follows:
If you use the AFS Authentication Server (kaserver
process):
DCE:If you use a Kerberos implementation of AFS authentication:
program = /usr/vice/etc/afs_dynamic_auth
options = authonly
DCE:
program = /usr/vice/etc/afs_dynamic_kerbauth
options = authonly
If you use the AFS Authentication Server (kaserver
process):
AFS:If you use a Kerberos implementation of AFS authentication:
program = /usr/vice/etc/afs_dynamic_auth
options = authonly
AFS:(Noted at Patch 3)
program = /usr/vice/etc/afs_dynamic_kerbauth
options = authonly
AIX 5.x supports two types of local filesystems: JFS and JFS2.
Due to a change in the internal implementation of PAG based tokens
in AIX 5.x, the command "id --G" can no longer be used to identify PAG
based tokens. Therefore, the "tokens" command has been modified to
additionally
display the "type" of token being displayed, that is to say, PAG based
token or UID based token.
For UID based tokens, the output of the tokens command looks like:
# tokensFor PAG based tokens, the output of the tokens command looks like:
Tokens held by the Cache Manager (UID Based Tokens) :
User's (AFS ID 1024) tokens for afs@jupiter.in.ibm.com
[Expires Apr 11 10:43]
--End of list--
# tokens(Noted at Patch 3)
Tokens held by the Cache Manager (PAG Based Tokens) :
User's (AFS ID 1024) tokens for afs@jupiter.in.ibm.com
[Expires Apr 11 10:43]
--End of list--
In addition to the following notes, the product notes for HP-UX in
the AFS Release Notes distributed with the GA
release of AFS
3.6
(build level afs3.6 2.50) also apply to this patch
release.
Adding patches to your HP-UX system is a requirement for continued
AFS support. If the patches are not installed, then AFS cannot be
started.
Install the patches listed if they are not already installed on the AFS
machine.
For HP-UX 11i, apply the following patches:
(Noted at Patch 5 and 9)
On HP-UX 11i, if the salvager were run on a partition that was greater
than 4GB in size, it would delete the volumes in that partition. This
was
a virtual deletion, as only volume headers were deleted, but no actual
data was deleted. AFS 3.6 Patch 5 includes a fix for HP-UX 11i.
(Noted at Patch 5)
HP-UX 11i supports two types of local file systems: HFS and VxFS.
(Noted at Patch 4)
Most product notes for AFS 3.6 GA release still apply
The following note supersedes the first note in the section of the AFS Release Notes entitled Requirements and Limitations for Linux Systems. However, all other notes for Linux in the AFS Release Notes still apply to this patch.
This code change fixes a security problem in Linux Client. It checks the erroneous return codes sent by the fileserver to AFS Linux client which may result into a denial of service attack.
AFS may
pass an error code obtained from the fileserver
directly to the Linux kernel, using a Linux mechanism that merges error codes
and pointers into a single value. However, this
mechanism is unable
to distinguish certain
error codes from pointers. When AFS returns a code
of this type to the kernel, the kernel
treats it as a pointer and attempts to dereference it. This causes a kernel
panic, and results
in a
denial of service attack.
( Noted at patch 19 )
AFS now supports butc with TSM on Linux ( RHEL 4 and 5 ).
( Noted at patch 18 )
Integrated logging update for RHEL 4
To enable
integrated login on Linux RHEL 4 keep the
below line as first line in file /etc/pam.d/system-auth .
auth
sufficient /lib/security/pam_afs.so
try_first_pass ignore_root
(Noted at Patch 14)
(Noted at Patch 12)
By default AFS servers are configured to restart automatically every
Sunday at 4:00 am. The daily cron job restart time is 4:01 am
and
the logrotate restart at this time may cause the AFS server to fail to
restart. To resolve this problem the daily cron job time
needs to be changed.
To change daily cron job time:
Edit the file /etc/crontab and set a
different
restart
time.
Example: If we want to reschedule the daily cron job at 1
minute
past midnight, edit file /etc/crontab to replace the line
02 4 * * * root run-parts
/etc/cron.daily
...with...
01 0 * * * root run-parts /etc/cron.daily
Communication
between AFS server and client is restricted by the default firewall
configuration
on RHEL
3.0 . The firewall
configuration needs to be changed to allow traffic to flow between AFS
server and client.
· 7001:udp if the machine is configured as AFS
client.
· 7000:udp, 7005:udp if the machine is configured as
fileserver
· 7002:udp, 7003:udp, 7004:udp if the machine is configured
as
database server
.
7007:udp for the
bosserver process
· 7008:udp if machine is used as an update server
.
7020:udp if the machine
is a backup coordinator
.
7021:udp if the machine
is a backup buserver
.
7025:udp-7032:udp if the
machine a backup tape controller
NOTE: All ports used by AFS can be found using 'ports' as
a
search term on the AFS Product Support page.
Link to the AFS Product
Support web page:
http://www.ibm.com/software/stormgmt/afs/support.
With patch 8, the requirement to patch the kernel has been removed. It is no longer required for installing AFS onto RedHat 8.0 or RedHat 9.0. New procedure requires user to follow steps mentioned below in addition to Standard AFS installation, before starting AFS:
(Noted at Patch 8)
In earlier AFS patch releases, the distribution of AFS installables
for RedHat Linux 7.x, 8.0 and 9.0, were included in one single package
called i386_linux24.tar.gz. However, with patch 8,
separate
packages
of AFS installables are provided for different RedHat versions.
For RedHat 7.x, RedHat Enterprise Linux AS/ES 2.1, AFS
distribution
package to be used is, i386_linux24.rh7.tar.gz.
For RedHat 8.0, AFS distribution package to be used is, i386_linux24.rh8.tar.gz.
For RedHat 9.0, AFS distribution package to be used is, i386_linux24.rh9.tar.gz.
(Noted at Patch 8 and 9)
The ext3 file system is not supported
AFS does not support the ext3 filesystem which is available in RedHat Linux.
(Noted at Patch 5)
Support for Solaris 10 Update 6
Solaris 10 Update 6 supported from this patch onwards.
These bins don't work on Solaris 10 Base and Update 2.
(Noted at Patch 19)
TSM 6.1 support on Solaris
On Solaris,
AFS supports TSM 6.1.
(Noted at Patch 19)
Support for Solaris 10 Update 4
This patch is not applicable to Solaris 10 base version. Solaris 10 must be updated with recommended patches in Update-4 for AFS to work.
(Noted at Patch 17)
NFS-AFS Translator
NFS-AFS Translator is not supported on Solaris 10 Update-4.
(Noted at Patch 17)
TSM 5.4 support on Solaris 10
On Solaris 10, AFS supports TSM 5.4. TSM 5.4 Client on Solaris has some known issues, so its latest patches should be used.
(Noted at Patch 17)
NFS-AFS Translator
NFS-AFS Translator is not supported on Solaris 10 Update-2.
(Noted at Patch 15)
TSM 5.2 and 5.3 support on Solaris 10
On Solaris 10, AFS supports TSM 5.2 and 5.3.
(Noted at Patch 15)
Unmounting afs on
Solaris
This patch fixes a defect, which caused a non-root user to panic AFS on
Solaris, by trying to unmount /afs.
NFS-AFS Translator
NFS-AFS Translator is supported on Solaris 10.
(Noted at Patch 13)
TSM 5.2 with butc is supported on Solaris 10.
(Noted at Patch 13)
There has been some necessary changes made to AFS startup procedure
on Solaris, so it is essential to upgrade AFS startup script, afs.rc.
(Noted at Patch 8)
Tivoli Storage Manager (TSM) Support on Solaris
butc binary distributed with AFS 3.6 now
supports TSM5.1
and TSM5.2. There is only one butc binary which can be used with both
TSM
5.1 and TSM 5.2. On Solaris 9, butc is supported for TSM 5.1.5 and TSM
5.2.
(Noted at Patch 8)
Support for Solaris 9
AFS 3.6 (build 2.43 and higher) supports the 32-bit or 64-bit version
of Solaris 9. As part of replacing the standard fsck
program on
an AFS File Server machine that runs Solaris 9, you have to make two
changes
in the /sbin/mountall script as indicated in "SunSoft
Patch
109576-10
for Solaris 8 /sbin/mountall changes" section of this readme.
(Noted at Patch 6)
Support for Solaris 8
AFS 3.6 (build 2.6 and higher) supports the 32-bit or 64-bit version
of Solaris 8.
(Noted at Patch 2)
SunSoft Patch 105516-05 for Solaris 2.6 replaces the /sbin/mountall script
Refer to the product notes for Solaris in the AFS Version 3.6
Release Notes. The note concerning installing SunSoft Patch
10654
for
Solaris 7 also applies to this SunSoft patch.
(Noted at Patch 2)
SunSoft Patch 109576-01 for Solaris 8 /sbin/mountall changes
As part of replacing the standard fsck program on
an AFS
File Server machine that runs Solaris, you make two changes in the /sbin/mountall
script. The instructions for editing the /sbin/mountall
script
are
in IBM AFS Quick Beginnings.
If you use Solaris 8 and apply SunSoft Patch 109576-01, the /sbin/mountall script is replaced and a new /usr/lib/fs/ufs/fsckall script is added. If you apply the patch on an existing File Server machine, the changes you already made in the /sbin/mountall script are overwritten.
case "$2" in
ufs) foptions="-o p"
;;
afs) foptions="-o p"
;;
s5) foptions="-y -t /var/tmp$$ -D"
;;
*) foptions="-y"
;;
cp /usr/lib/fs/ufs/fsckall /usr/lib/fs/afs/fsckall
Original:
for fsckdev in $*; doModified:
/usr/sbin/fsck -m -F ufs $fsckdev >/dev/null 2>&1
for fsckdev in $*; do
/usr/sbin/fsck -m -F afs $fsckdev >/dev/null 2>&1
This code change fixes the Windows client crashes because of locking problems. When two or more threads start acting on a global variables which maintain critical data then it crashes.
Locks are taken at various critical sections in the windows client code to avoid it from crashing.
(Noted at Patch 19)
You can now install AFS for Windows components on a Windows Vista machine. Only AFS Client is supported on Windows Vista.
Following things should be noted :
This installable currently supports only AFS Client on Microsoft Windows Vista.
Only Local Administrator can start and stop the services on Microsoft Windows Vista.
Users belonging to the administrator group cannot work as a Local administrator and perform operations like install/configure/Start AFS.
It is suggested to Local Administrators to make sure that AFS will start automatically when computer restarts. For this, on the "Advanced" tab of the AFS Client GUI, check the box, "Start the AFS Client service whenever the computer restarts". This is necessary because, ONLY LOCAL administrator CAN start/stop any service on Microsoft Windows Vista as described earlier.
Installation Steps on Windows Vista:
Log in as a Local administrator.
Unpack the zip file mentioned above.
Start setup.exe contained in the zip file.
While selecting the components to be installed, please UNCHECK the "AFS Server" & "Control Center" components.
Follow the remaining steps for Installation.
Restart the machine.
Once machine is up, configure the AFS Client.
Known Issues:
- Current AFS client does not support creation of "My Briefcase" type of files on Windows Vista.
(Noted at Patch 17)
Please note that volume ids should not be specified values greater
than "2147483648". There is a limitation of afs on Windows and the
salvager
will not be able to handle volumes, having volume ids beyond this
value.
Starting AFS 3.6 Patch 9, AFS is not supported on Windows NT. Hence,
AFS sysname for Windows platform has been changed from i386_nt40 to
i386_win2k.
Links to i386_nt40 directory needs to be modified to point to
i386_win2k
for @sys to work properly.
(Noted at Patch 9)
AFS for Windows on Windows Server 2003
You can now install AFS for Windows components on a Windows Server
2003 machine.
(Noted at Patch 9)
NetBIOS Settings required for Windows 2000 SP3
On Windows 2000 Professional systems with SP3, AFS Client reaches
an internal NetBIOS command limit, under certain cases. This is mainly
due to some additional Security requests added in SP3. You
need
to
add the following values in the registry, under the key
HKLM/System/CurrentControlSet/Services/TransarcAFSDaemon/Parameters:
MaxMpxRequests
DWORD 50
MaxVCPerServer
DWORD 100
This will also fix the same problem reported on Windows XP Professional with SP1.
(Noted at Patch 7)
AFS for Windows on Windows XP
You can now install AFS for Windows components on a Windows XP machine.
Only Windows XP Professional edition is currently supported.
(Noted at Patch 6)
AFS installation for Windows is upgraded to InstallShield Professional 6.31
AFS installation for Windows is upgraded from InstallShield 5.1
Professional to InstallShield Professional 6.31.
The following items should be noted:
(Noted at Patch 6 and 7)
In this patch, pthread.dll is renamed to afspthread.dll. Any scripts
or application using AFS's pthread.dll must be modified to call the
renamed
library.
(Noted at Patch 4)
Backup on a file
The device path must be specified as \\.\tapedevice. For example, if the tape device is TAPE0, the dump path must be specified as \\.\TAPE0.
Common guidelines
Due to file format differences between UNIX and Windows, the dump files are not cross compatible. Dump files created on a Windows machine can only be restored on a Windows machine.
(Noted at Patch 4)
You can now install AFS for Windows components on a Windows 2000
machine. Windows 2000 Professional, Server, and Advanced Server
editions
are supported. Windows 2000 DataCenter Server edition and the use of
TerminalServer
services are not supported at this time.
There must be enough contiguous free disk space on the Windows 2000 machine to accommodate the size of the cache. For example, if you have 30 MB of free disk space on your machine and you intend to set a 20 MB cache, the cache configuration can possibly fail unless 20 MB of the available free space is contiguous.
(Noted at Patch 1)
A memory-mapped file is now used for the AFS Client trace log, allowing
it to be viewed after a system failure. In addition, the log can now be
viewed remotely and descriptive text is displayed instead of error
codes.
(Noted at Patch 1)
You can now install AFS for Windows components on a Windows NT machine
with Service Pack 6.
(Noted at Patch 1)
The AFS for Windows installation tool does not allow a user to install
AFS components that have different version numbers. If you have more
than
one AFS for Windows component installed on your machine, you cannot
update
one component without updating all of the other components as well.
(Noted at Patch 1)
This section describes the defects fixed in Patch 29. They are sorted into the following categories.
Server Defects Corrected in Patch 29
UNIX Client Defects Corrected in Patch 29
Other Defects Corrected in Patch 29
This delta fixes time related and multiple dump deletion issues in 64-bit TSM backup binaries.
This delta fixes the performance bottleneck of 64-bit butc and backup binaries.
This delta adds the initialization of localLock mutex that was causing the crash of volserver during 'vos zap -f' command.
This delta adds '-X' option to fileserver to change the default fileserver parameters to a higher values.
This delta adds support for SIGTSTP and SIGHUP in the buserver.
This delta fixes memory leak in buserver.
This delta fixes the OPENAFS-SA-2017-001.
This delta prevents creation of unwanted .vl files while using 'showmount' and 'nowrite' option of salvager.
This fix avoids fileserver to return 'VPV_VBUSY' infinitely caused by double initialization of VPV counter.
This delta logs the VPV counter and state information during FetchData, FetchStatus and StoreData calls.
This delta adds log message to print FID, host and FID length in InlineBulkStatus.
This delta adds the new StoreACL RPC to fix the store ACL compability with AuriStor OpenAFS clients.
This delta fixes the kdump MD5 kernel parameter exporting issue on AIX 7.2 platform.
This delta adds the feature for readonly (rofs) cache manager.
This delta avoids marking of fileserver DOWN during the restart.
This delta adds 'cstatd' option in kdump to help debug fetch status issues.
This delta avoids printing of negative volume ids.
This delta fixes the krb5 integrated login issue on AIX 7.2 platform.
This delta updates klog to refresh krb5 TGT while authenticating user.
This delta fixes the clock field of UUID to match check_sysid and vlclient outputs..
This delta fixes the negative AuxSize and prints well formated volinfo details.
This delta adds changes for installing 64-bit butc and backup binaries.
This delta fixes volume's access count issue without zip option of volinfo.
This section describes the defects fixed in Patch 28. They are sorted into the following categories.
Server Defects Corrected in Patch 28
UNIX Client Defects Corrected in Patch 28
Other Defects Corrected in Patch 28
This delta handles the negative transaction IDs of ubik beacons.
This delta fixes the fileserver hang when number of IP interfaces are more than five.
This delta adds the PTS caching feature in AFS to cache the user IDs.
This delta fixes the system crash when handling the different device ids for vice partition.
This delta adds the PTS caching feature in AFS to cache the user CPS data.
This delta handles VPV race condition during vos detach operation.
This delta ports the AFS on AIX7.2 platform. AIX APAR IV97964 is required as pre-requisite on the system before starting AFS.
This delta logs the time for FetchData and FetchStatus RPC if it takes more than five seconds.
This delta adds the MD5 based Inode number support in AFS.
This delta adds a retry mechanism to re-fetch the volume entry for the server down error case.
This delta adds the XLARGE default option in rc.afs startup script.
This delta adds an extra check when we detect the multiple copies of volume.
This delta resolves the aklog and k5log termination problem when it is executed in screen sessions.
This delta resolves the TGT and service ticket issue when cell or realm name is provided using @ syntax.
This delta resolves handling of unit error codes in kerberos 4 authentication
This delta makes the k5log binary as klog. The Kerberos 4 authentication will be provided by k4log.
This delta fixes the "backup dump" command for invalid volume entries.
This delta cleanly handles the volinfo failure conditions.
This section describes the defects fixed in Patch 27. They are sorted into the following categories.
Server Defects Corrected in Patch 27
UNIX Client Defects Corrected in Patch 27
Other Defects Corrected in Patch 27
This delta removes the bottlenecks of filserver-ptserver interaction.
This delta increases the default buserver lwp threads to 12 and also provides the option to change these lwp threads at run time.
This delta fixes buserver startup failure when -servers option is given.
This delta improves the backup performance by changing config file locking mechanism.
This delta adds logs in the Filelog when we write 64 MB of data in single write. This delta also add various BCB logs to Filelog.
This delta adds a new signal SIGALRM to put the fileserver directly at loglevel 3125.
This delta adds support to allow more than 32 alternate interfaces, it also adds the debug logs to provide the information about host interfaces.
This delta generates debug binaries for bosserver and buserver.
This delta installs pthreaded volserver as the default volserver in AFS dest binaries.
This delta fixes the fileserver issue where fileserver did not respond to the request of particular client, when client IP address is changed under specific conditions.
This delta fixes ptserver issue preventing foreign users to create arbitrary groups.
This delta fixes the fileserver issue of incorrect handling of NetInfo/NetRestrict files to set the list of server interfaces.
This delta avoids the hang when msync is called for data greater than cache size.
This delta avoids hang during close operation by releasing a lock before flushing pages.
This delta fixes information leakage within client memory.
This delta adds new options to the backup dumpinfo command to list the dumps faster.
This delta adds new options to backup deletedump command to improve performance.
This section describes the defects fixed in Patch 26. They are sorted into the following categories.
Server Defects Corrected in Patch 26
UNIX Client Defects Corrected in Patch 26
Other Defects Corrected in Patch 26
This delta adds the clone support in buserver.
This delta adds the FID to the log message in FetchData_RXStyle and fixes the incorrect printing of wlen.
This delta resolves the deadlock due to the global afs lock on AIX.
This delta allows larger ticket/token sizes to support MIT Kerberos and Windows Active Directory KDCs.
This delta resolves the deadlock due to the extended afs user lock held in validate_pag on AIX.
This delta handles the UBADHOST and UNHOSTS ubik error codes.
This delta adds support in aklog_dynamic_auth to fallback to “afs” service principal and to create an UID based credential cache file.
This delta resolves the deadlock in gcpags while validating the user PAGs on AIX.
This delta adds new k5log binary for Kerberos 5 based authentication.
This delta fixes the endian bug in md4 and md5 functions used by rxkad when encryption types other than des-cbc-crc are used for the AFS service principal.
The delta enhances the user id support up to 2G in the AFS prdb_check utility.
This delta prints the last access time information for the LastAccessDate field in the “volinfo –zip” command.
This delta cleans up the dead code in TSM backup command.
This delta fixes the security vulnerability (named "Tattletale") in RX acknowledge packet and is tracked as OPENAFS-SA-2015-007 and CVE-2015-7762 and CVE-2015-7763.
This delta handles the K5 key version number checks in the AFS backup commands.
This section describes the defects fixed in Patch 25. They are sorted into the following categories.
Server Defects Corrected in Patch 25
UNIX Client Defects Corrected in Patch 25
Windows Client Defects Corrected in Patch 25
Other Defects Corrected in Patch 25
This delta adds the code to close stale file-handles that were preventing unmount of vice partitions during Vice Partition Virtualization mode.
The new AFS servers in our cell are much larger machines and they have more virtualized SAN systems housing the AFS vice partition data. We might have two or more AFS fileservers sharing the entire data storage of a single SAN for their vice partitions. So by making use of this feature, we can dynamically move the vice partitions from one fileserver to another fileserver while the client applications are actively accessing data of volumes on these vice partitions. Moving all vice partitions from one file server to another is achieved by adding two new commands to "vos",
$ vos detach -h
Usage: vos detachpart -fromserver <machine name of server from where to detach> -partition <partition names to be moved> [-cell <cell name>] [-noauth] [-localauth] [-verbose][-timeout <timeout in seconds>] [-help]
$ vos attach -h
Usage: vos attachpart -fromserver <machine name of server from where to detach> -toserver <machine name of server where to attach> -partition <partition names to be moved>[-cell <cell name>] [-noauth] [-localauth] [-verbose] [-timeout <timeout in seconds>] [-help]
Command reference: Link to the developerWorks article http://www.ibm.com/developerworks/aix/library/au-aix-vice-partition-virtualization/index.html?ca=drs-
This delta adds support for multiple cache sub-dirs inside /usr/vice/cache , every sub-dir has by default 2048 cache files, now we can change it by afsd command line option "-files_per_subdir".
The -clone option was added to the bos addhost command in a previous release, but the bosserver wrote new server entries incorrectly when it was used. This delta fixes the server side handling of bos addhost with the -clone option so that the new clone servers are added with correct formatting in /usr/afs/etc/CellServDB. It properly passes array of clones in DB server.
This delta adds support for moving single or subset of partition from one fileserver to another. Please refrain from using the "Subset Option" until you hear from AFS Support. Under certain conditions, using this option can cause the fileserver machine to take a system dump.
This delta adds the future support for volserver using the pthread library for thread support instead of the AFS lwp library. The lwp volserver is still being distributed as default binary.
This delta fixes the cbd tool (that scans callback.dump file) to prevent from running down the invalid CB and FE entries.
This delta fixes the freeing of un-initialized memory while decoding krb5 based tickets.
This delta adds support for the "afs" service principal in aklog in addition to the "afs/
This delta adds support for additional encryption types for the AFS service principal stored in a new file /usr/afs/etc/rxkad.keytab. Documentation for transitioning to the new key types will be provided in the future. Clients must transition to Kerberos 5 based tokens obtained via kinit/aklog to use the new service principal and key.
This delta adds AIX client support for the inlinebulkstatus RPC. This allows a client to receive individual error codes for each file and directory for which it is requesting stat information instead of a per RPC return code. This improves performance in the case that a user has authority to stat only a subset of the files and directories in the call.
This delta fixes the crash in AFS client kernel extension while performing the operations on large files (more than 2Gb) in AIX VMS kernel service (vms_create).
This delta adds the error checks in AFS code for the AIX vms kernal service calls.
This section describes the defects fixed in Patch 24. They are sorted into the following categories.
Server Defects Corrected in Patch 24
UNIX Client Defects Corrected in Patch 24
Windows Client Defects Corrected in Patch 24
Other Defects Corrected in Patch 24
Recently certain vulnerabilities has been identified in Kerberos 4 Protocol, kaserver, IBM AFS authentication server which is an implementation of Kerberos 4 Protocol, was getting marked as non-compliant as per latest ITCS rules. This delta adds support of Kerberos 5 Protocol in IBM AFS for authentication. IBM AFS Servers now support IBM Network Authentication Service (IBM NAS) as Key Distribution Center (KDC) on supported AIX versions.
Administrators can specify the supported number of callback entries in fileserver by passing value in argument “-cb” between 10000 to 1048576 (1 million).
This delta simulates the LPAR Mobility code to allow the fileserver to enter and exit VBUSY mode.
This delta adds the option -zip to the volinfo command similar to the vos listvol -zip on AIX. We added 3 additional fields to the end of the output line: (numeric owner id) (access date) (aux volume size).
This delta provides support to resize UDP send and receive buffers to address the performance issue.
This delta adds ubik clone support. Ubik clones cannot become master so this feature can be used to prevent a ubik server with the lowest IP from becoming master for a ubik database.
This fix incorporates the OpenAFS Security Advisory 2013-001 where an attacker with the ability to manipulate AFS directory ACLs may crash the fileserver hosting that volume.
This fix incorporates the OpenAFS Security Advisory 2013-0002 where an attacker can crash an OpenAFS ptserver by sending an IdToName RPC with a large payload.
This delta adds InlineBulkStatus RPC support to improve performance when obtaining status information in directories for users with “lookup” only access.
This delta increase the dcache parameter up to 10000 from 2000 when it is not mentioned with afsd on unix.
This delta adds ability in IBM AFS Clients to get AFS tokens based on Kerberos 5 tickets on all supported UNIX platforms. For backward compatibility, users can still get AFS tokens based on Kerberos 4 protocol (from kaserver), however, this support is deprecated now.
To capture afsd kernel logs, user can enable system log on the client machine running afsd as . # afsd -kernLogLevel (An integer between 0 to 5)
This delta adds command line tool, aklog, for getting AFS tokens in Kerberos5 environment.
This delta adds Kerberos 5 support to IBM AFS Windows GUI application, afscreds, used for getting AFS tokens.
This section describes the defects fixed in Patch 23. They are sorted into the following categories.
Server Defects Corrected in Patch 23
UNIX Client Defects Corrected in Patch 23
Windows Client Defects Corrected in Patch 23
Other Defects Corrected in Patch 23
This delta fixes crashing of ptserver on AIX when OLSON timezone is enabled.
This delta adds support to salvager to handle volume ids greater than 2GB.
This APAR adds additional logging to volserver to debug the cases where volserver becomes unresponsive.
This APAR adds LPAR partition mobility application support in AFS fileserver.
This delta adds a log message in BulkStatus call to print AFS FID, IP and AFS UID of the client.
This APAR is added to handle the failure condition when the file crosses 64GB JFS file size boundary.
This delta is to correctly reflect the vos examine -ext statistics for clients belonging to a different network.
This APAR adds a new log file "SecLog" to the AFS fileserver which captures the permission denied errors for unauthorized users. This log file can be used to identify unauthorized access to AFS.
This APAR adds a new log file "AdmLog" for AFS kaserver which logs attempts to acquire AFS tokens by any user who has administrative privilege.
This delta adds the support for AIX 7.1.
This section describes the defects fixed in Patch 22. They are sorted into the following categories.
Server Defects Corrected in Patch 22
UNIX Client Defects Corrected in Patch 22
Windows Client Defects Corrected in Patch 22
Other Defects Corrected in Patch 22
This delta rotates the BackupLog file on buserver restart.
This delta adds new vos commands "vos setownerinfo" and "vos getownerinfo" to store the Volume Owner information in the volume headers. These commands can be used to identify the owner of a volume during disaster recovery. Also,“volinfo” debugging tool is modified to display the owner information of the volumes.
The AFS Authentication Server now uses 16-bits to store the user's past password key information instead of 8-bits as earlier. This gives the authentication server better ability to check for reused password and help reduce the likelihood of users getting the "password reused" errors when changing their AFS password.After installing the new kaserver, a user's password history will basically be reset to null, so the history will start from scratch. AFS can now maintain a history of 10 password keys.
This delta adds a new option “resettimehost” to “fs checkserver” command to reset the Time Host of that client. The time host will be assigned a new value later when the CheckServerDaemon will run.
This APAR modifies the vos examine command to also display the last access time of the volume.
This section describes the defects fixed in Patch 21. They are sorted into the following categories.
Server Defects Corrected in Patch 21
UNIX Client Defects Corrected in Patch 21
Windows Client Defects Corrected in Patch 21
Other Defects Corrected in Patch 21
This APAR fixes a bug with largefile enabled AFS UNIX Client which was causing blocks of nulls in a file, when an existing file gets opened in ‘write’ mode.
This section describes the defects fixed in Patch 20. They are sorted into the following categories.
Server Defects Corrected in Patch 20
UNIX Client Defects Corrected in Patch 20
Windows Client Defects Corrected in Patch 20
Other Defects Corrected in Patch 20
Updated the log messages in GetTime() call to show host Ip and viceID of a bad client.
This section describes the defects fixed in Patch 19. They are sorted into the following categories.
Server Defects Corrected in Patch 19
UNIX Client Defects Corrected in Patch 19
Windows Client Defects Corrected in Patch 19
Other Defects Corrected in Patch 19
This delta updates file count information as soon as the files get added/deleted in the volume.
This delta makes the -minhour restriction applicable to all users including the ADMIN.
This delta also solves a kaserver hang, caused when changing password of a non-existent user.
Added NFS-AFS translator setup comments for AIX in rc.afs.
This delta decreases the load time of the AFS client on AIX.
This delta fixes a security risk in Linux client that could lead to a client crash and may lead to a denial of service attack.
This APAR fixes the locking issues in windows client that lead to frequent crashes.
This section describes the defects fixed in Patch 18. They are sorted into the following categories.
Server Defects Corrected in Patch 18
UNIX Client Defects Corrected in Patch 18
Windows Client Defects Corrected in Patch 18
Other Defects Corrected in Patch 18
This APAR modifies the heap segment of all the AFS servers on AIX to accommodate the higher load and runtime for several days.
IZ19462
This delta fixes the volume inode corruption, which may cause fileserver crash at the time when large number of volumes are moved from one fileserver to another.
This APAR adds a feature in butc, which can be used to allow restoration of volumes from a specified TSM Server, even if that volume was backed-up to any other TSM server, and later moved to this TSM Server. This APAR overrides the Server name obtained from the backed-up volume information, and avoids it to switch back to the server where it was backed-up.
This APAR fixes the inconsistency of the Authentication database when admin account is deleted.
This APAR allows admin to forcefully put a check on user’s password being reused. This is done by adding a new flag option “checkreuse” in “kas setfield” command.
This APAR restricts a user to change his/her password only once after admin changes it, within a specified minimum limit. This limit can be set using “minhour” option in the Kaserver.
This delta adds the TSM support in AFS butc in Linux ( RHEL 4 and 5 ).
This delta fixes several issues regarding Authentication failures in AIX.
This APAR generated the appropriate error messages if there are any preoccupied ports which are being used by AFS Client.
This delta fixes the display of appropriate user name who has logged in the Vista machine, on the Afscreds window.
This section describes the defects fixed in Patch 17. They are sorted into the following categories.
Server Defects Corrected in Patch 17
UNIX Client Defects Corrected in Patch 17
Windows Client Defects Corrected in Patch 17
Other Defects Corrected in Patch 17
APAR IZ07486
This APAR fixes the AIX client crash because of Rx-Connection structure getting corrupted.
- APAR IZ06540
Solaris 10 Update 4 added support for multiple IP stacks in the kernel, which restricted the AFS client to access the IP information from Solaris Kernel using non-public ILL Structures.
This APAR fixes the AFS client to get the IP information correctly from Solaris kernel.
This APAR is not applicable to Solaris 10 base version, it might result in a system crash. Solaris 10 must be updated with recommended patches in Update-4 for AFS to work.
- APAR IZ09655
This APAR adds the support of TSM native API to BUTC utility. Henceforth BUTC will not be using XBSA API’s provided by TSM installable.
- APAR ID71096
This delta fixes the bug on Linux platform due to which ‘volinfo’ command, when used with ‘-saveinodes’ option would give segmentation violation error.
This section describes the defects fixed in Patch 16. They are sorted into the following categories.
Server Defects Corrected in Patch 16
UNIX Client Defects Corrected in Patch 16
Windows Client Defects Corrected in Patch 16
Other Defects Corrected in Patch 16
APAR IY95805
This APAR enables the salvager in AIX, to allocate up to 2GB of data during execution, by increasing the data segment size of salvager binary from 256 MB to 2 GB.
APAR IY99918
This APAR fixes the hang, which occurs when two or more threads try to do a bulk stat on the same directory entry.
- APAR IZ00041
This APAR fixes the race condition and client crash, which could occur at the time of un-mapping a file.
- APAR IY99004
This APAR fixes a problem in AIX, in which rxk_input() is modified to pass the MAC header pointer in udp_input1(). Also, call to m_pullup() is removed, which was splitting mbuf into two mbufs, and causing trouble for above layers like UDP.
- APAR IY95408
In this APAR, changes are made to the CheckServers daemon, to prevent calls to AFS servers that it can not reach.
This section describes the defects fixed in Patch 15. They are sorted into the following categories.
Server Defects Corrected in Patch 15
UNIX Client Defects Corrected in Patch 15
Windows Client Defects Corrected in Patch 15
Other Defects Corrected in Patch 15
APAR IY87646
This APAR fixes the problem of AFS utilities like vos, being unable to create large files in non AFS space, on Linux Platform.
- APAR IY89668
This APAR fixes the problem on AIX, where root file system is getting corrupted due to AFS, if it is of type JFS2 instead of JFS.
- Defect 71085
This fix resolves the hang of “fuser” command, when run by root user on AIX.
This section describes the defects fixed in Patch 14. They are sorted into the following categories.
Server Defects Corrected in Patch 14
UNIX Client Defects Corrected in Patch 14
Windows Client Defects Corrected in Patch 14
Other Defects Corrected in Patch 14
UNIX Client Defects Corrected in Patch 14
This APAR fixes a problem of hangs because of “pagsh” command issued by non-root user.
This APAR fixes the problem of windows server configuration wizard
failing to configure server because of primary interface being down.
This section describes the defects fixed in Patch 13. They are sorted into the following categories.
Server Defects Corrected in Patch 13
UNIX Client Defects Corrected in Patch 13
Windows Client Defects Corrected in Patch 13
Other Defects Corrected in Patch 13
APAR IY71053
This APAR makes AFS fsck work on Solaris 10.
APAR IY76945
This APAR makes the ”M” feature working fine for NetRestrict file, which restricts the interface from registering in cache manager.
APAR IY77101
This APAR adds "–reuse"
option to the kaserver so that
kaserver can be
configured as to
how many principal passwords it should
store as history
in kaserver database. This option should be specified on all the kaserver instances in a cell.
UNIX Client Defects Corrected in Patch 13
The APAR fixes the problem of Solaris client crashing due to deadlock caused by not properly grabbing the curproc->p_crlock lock.
APAR IY72749
The APAR fixes the problem of afs integrated login failing on some clients because of network going down.
APAR IY77107
The APAR fixes the problem of AFS configuration wizard failing on some windows installations.
Other Defects Corrected in Patch 13
This APAR fixes a problem in "vos " command, the problem occurred when orphaned backup volumes were encountered during "syncvldb" operations.
This APAR fixes to make -nodns work with –zip option in "vos" command.
This section describes the defects fixed in Patch 12. They are sorted into the following categories.
Server Defects Corrected in Patch 12
UNIX Client Defects Corrected in Patch 12
Windows Client Defects Corrected in Patch 12
Other Defects Corrected in Patch 12
APAR IY66579
This APAR adds “-zip” flag to “vos listvol”, which gives extended information about the volume in a single line. This new flag provides the information given by "vos listvol -extended" in a single line, and gives result faster than "vos listvol -extended".
This APAR adds a transaction identifier to the fileserver log messages. The transaction identifier is useful for tracking transactions on a fileserver. The transaction identifier is not dumped to the fileserver log unless the loglevel exceeds 1000. The transaction identifier feature is supported for fileservers that use pthreads for implementing light-weight processes.
UNIX Client Defects Corrected in Patch 12
This APAR has changed the afs.rc file for Linux to accept AFSD_OPTIONS from /etc/sysconfig/afs instead of OPTIONS.
APAR IY69219
This APAR addresses the issue of windows client authentication attempt not being logged on windows.
The APAR fixes the problem of windows and ssh client logins not being logged in AuthLog.
Other Defects Corrected in Patch 12NFS-AFS Translator works on AIX 5.3.
This section describes the defects fixed in Patch 11. They are sorted into the following categories.
Server Defects Corrected in Patch 11
UNIX Client Defects Corrected in Patch 11
Windows Client Defects Corrected in Patch 11
Other Defects Corrected in Patch 11
UNIX Client Defects Corrected in Patch 10
UNIX Client Defects Corrected in Patch 9.1
UNIX Client Defects Corrected in Patch 9
This APAR makes pts listowned work for the special pts:sysviewers
groups.
This APAR fixes an assert in ubik_ClientInit due to race condition
where a lock is taken on a destroyed mutex.
(AIX) This APAR fixes an AFS client hang caused by creation of two
vcache entries in the cache manager for the same FID.
This APAR fixes the client panic in GetVolSlots due to inadequate
file limits to write in VolumeItems file.
This APAR fixes an assert in close, which is called on a failed
open call.
This APAR fixes the problem of Kernel panic while calling bcopy
panic by handling memory allocation properly.
This APAR fixes the corruption problem, while trying to copy file
from windows local file system to AFS space.
UNIX Client Defects Corrected in Patch 8
This APAR fixes the problem of volserver or salvager
crash on a machine having a long device name (more than 32 chars) for
/vicepxx
partitions, due to limited length of string used for device name.
This APAR fixes a defect that might lead to the corruption of the
fileserver's host chain which in turn might result in a fileserver
crash.
This APAR fixes the bos addkey coredump problem, on newer versions
of AIX.
(Solaris 9) This APAR fixes the ls hang on the nfs client
running Solaris 9 using the AFS-NFS translator.
(HP-UX only) This APAR fixes the defect wherein starting the AFS
client results in a panic if the HP-UX patch PHNE_28089 is installed on
the system.
(Solaris only) This APAR fixes the defect wherein starting the AFS
client results in a panic if the Solaris patch 108528-20 is installed
on
the system.
This APAR fixes the defect where 'ls -l' on a directory containing
huge number of files, used to take a very long time, due to a bug in
the
AFS bulkstat.
This APAR resolves a deadlock between memcache and RX implementation.
This APAR corrects the wrong error message by windows client, for
the case where client and server clock times were skewed (> 15
mins).
This APAR fixes afsd_service crash problems at startup/shutdown
when the network is disconnected.
This APAR fixes the defect where AFS Client failed to start, because
AFS Control Center Icon appears in control panel, instead of AFS Client
Icon, when AFS is installed in Japanese language.
This APAR fixes the problem of random AFS Client crash on Windows.
This APAR fixes a problem in where lock out time specified in uss
template file was not being interpreted correctly by uss add command.
This APAR fixes a defect wherein the commands "klog.krb" and
"tokens.krb"
(and possibly other commands) did not work properly for UIDs greater
than
65535.
UNIX Client Defects Corrected in Patch 7
This APAR fixes a ubik bug which may cause database servers to crash
under certain circumstances. This problem is more prevalent in on HP-UX
11i.
(Windows Only) Salvager may crash Windows AFS Servers if there are
volumes with invalid (high) volume ids. This APAR corrects this problem.
(HP-UX Only) This APAR fixes a problem which causes system slowdown
or crash because vcaches, belonging to mapped files and executable,
can't
be recycled immediately due to the HP-UX VMM holding a reference on
these
vcaches.
(Linux 2.4.X Only) This APAR corrects a problem where 64-bit file
locking commands (F_GETLK64, F_SETLK64 and F_SETLKW64) did not work
properly
on Linux 2.4.
This APAR fixes the problem on Windows systems wherein vos restore
would fail for high volume ids.
This APAR fixes the problem where NetBIOS Command reaches its limit
in Windows 2000 SP3. Please refer to Product
Notes for Windows, for more details.
This APAR fixes the problem on Windows systems wherein vos dump
<vol> | vos restore <vol> would result in
crash.
This APAR fixes a problem in which backup volinfo command returns
with a wrong error message if the length of the volume name exceeded 25
characters.
UNIX Client Defects Corrected in Patch 6
Fileserver was reported to have crashing with "Assertion fail."
at function GetClient, for a condition representing bad state of
connection,
which is not really an assert situation. So, for safe fileserver
operations
assert is replaced with reporting error condition to the caller.
This defect resolves a problem, wherein volserver
was not
able to access volumes with volume IDs greater than 2147483647, which
caused
all volserver operations like vos examin,
vos move
etc. on these volumes to fail.
When a badly configured client firewall product sends requests to
the fileserver, fileserver faces difficulty in getting back to the
client
and keeps trying this, repeatedly. This can cause the fileserver into a
meltdown. The fileserver needs a way to recognize that a client is in
this
state so it can prevent this client from causing bad performance to all
users. This problem has been noticed on Windows clients which had
misconfigured
firewall due to which server could not client at port 7001. This fix
helps
server to identify this condition and remove entries of such hosts from
the host hash chain.
A rare occurrence of callback chain corruption caused a fileserver
thread to loop infinitely inside the callback chain. A check was added
to detect this and recover from this condition.
This fix resolves a problem, wherein sending the signals SIGTSTP
or SIGHUP to the fileserver process sometimes results in a crash.
This fix resolves a problem wherein shutting down or
restarting
the fileserver using "bos shutdown" or "bos restart" sometimes crashes
the fileserver.
When a vos release command is executed, AFS volserver first completes
release job and then waits to for an acknowledgement from fileserver,
for
breaking callbacks to the client. If fileserver takes time to do this
operation,
it keeps volserver waiting, making it unavailable for other vos
requests.
With this fix, fileserver sends an acknowledgement to volserver, as
soon
as it receives request from volserver.
(Solaris only) Session would hang if we try to copy a large file
from AFS space to an UFS partition mounted with force directio option
enabled
on Solaris. Sessions trying to do "ps" or "who" would also
hang
and
client wont shutdown cleanly. This APAR fixes the problem
which
enables
to copy files from AFS to partition mounted with directio.
This fix resolves a race condition in the AFS buffer cache code
that results in the recycling of a buffer that is in use.
(AIX 4.3.3 only) This fix resolves a problem where the token passing
mechanism of AFS inetd, fails with "getpeername failure", when the
maintenance
level of AIX 4.3.3 is upgraded from ML6 to ML10.
(AIX only) This fix resolves a problem where the AIX client would
deadlock/panic under heavy load.
(Linux only) On Linux, when a file in AFS is checked to see if it
is locked or unlocked for advisory locking, AFS does not return the
correct
lock status. As a result, return status used to indicate file as
locked,
always. This was due to a bug in AFS lock vnodeop's implementation
where
the return structures was not copied back with the correct status. This
has been fixed in this APAR
This fix resolves a problem wherein sending a signal to the BIO
daemons (Some of the afsd daemons are BIO daemons) results in their
termination.
As a result all reads and writes to AFS space block forever.
This delta is created to add descriptive message to the afsd_init.log.
If the registry entry
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\ClientProtocols"
does not exist then the afsd service crashes with error code
1719.
For this error code, a descriptive message is added in the
afsd_init.log.
Also modifications are done so that the client does not crash..
The memory consumption of the AFS Client on Windows grows by almost
16MB with each LAN Adapters added in the system. This high memory usage
problem has been resolved under this APAR.
During reinstall/upgrade/downgrade, if a new path is chosen for
re-installation than the previous one, service fails to start upon
reboot
flagging an error that it was unable to find the path specified. This
is
fixed under this APAR.
This corrects a problem where "Timeout" messages were repeatedly
added in the Authlog
(HPUX only) This resolves the panic in afs_setgroups, because of
pointer truncation.
(Windows only) In AFS Control Centre - Account Manager GUI, the
pattern box doesn't work for any pattern. This was seen for all of the
"User", "Groups" or "Machines" tabs. This problem is fixed under this
APAR.
This fix resolves an integer overflow vulnerability in the Sun derived
XDR library used by AFS.
The vulnerability can be exploited by an attacker to induce a buffer overrun in certain AFS servers. This could result in a server crash or in the attacker being able to execute arbitrary code on the server allowing the attacker to obtain unauthorized root access.
UNIX Client Defects Corrected in Patch 5
(AIX only) The AFS login process was sometimes time-consuming. This
was due to the fact that AFS-specific methods had to be implemented to
read and search the /etc/passwd and the /etc/group
files,
which are often large. This problem has been corrected.
Note that a previous version of this APAR (included in Patch 4) resolved login and lsuser problems with the AFS authentication module caused by code changes in the security module of the AIX operating system.
(HP-UX only) This fix resolves partial hangs in the AFS filespace
that were due to processes holding resources when stopped. This fix
requires
the addition of HP-UX patches to both HP-UX 11.0 and HP-UX 11i systems.
See (HP_PATCHES)
for details.
The fix resolves a problem where the AFS File Server failed to create
the /usr/afs/local/sysid file after AFS was
upgraded from
version
3.5 to version 3.6.
(AIX only) This fix enables the AFS File Server to use up to 254
MB of memory. Previously, the default limit for a user level process
was
127 MB, which sometimes caused the File Server, under a heavy load, to
fail and write to a core file.
This fix prevents the File Server from generating a core file, which
occurred when a race condition in the File Server caused the File
Server's SAFS_Rename function to attempt to rename
a file that
no
longer
existed in the AFS filespace.
This fix prevents the File Server from generating a core file, which
occurred when the File Server's h_Enumerate
function traversed
the
list of hosts.
(Solaris 8 only) This fix corrects a porting problem with the NFS-AFS
Translator on Solaris 8 machines which caused basic operations, such as
lookup, create, remove, rename, when issued from an NFS version 3
client
machine, to fail.
(AIX 4.3.3 only) This fix prevents a condition that caused AFS to
panic when a multi-processor machine was shut down or rebooted.
This fix resolves a condition where an AFS client session hangs
while waiting for packets from a server. This occurred because the
server
discarded the outgoing packets thinking that the client had already
received
them.
This fix corrects a cache inconsistency. If a directory listing
was done on an AFS Client for Windows machine and if the directory
included
a file in the AFS filespace that was modified using a different
machine,
then the modified file's size was not displayed.
This fix resolves a problem where, after installing software such
as VMWARE that uses a large number of transport layer protocols, the
AFS
Client service could not be started.
(Windows 2000 only) This fix enables multiple directories to be
created concurrently.
(Windows only) This fix corrects a problem where the AFS Control
Center Server Manager was sorting and displaying the Date-Time field
incorrectly.
(Windows only) Any file or directory created on Windows File Server
vice partition and having a name starting with 'V' was incorrectly
listed
as a corrupted volume by the AFS Server Manager and in the list of
volumes
generated by using the vos listvolumes command. This problem has been
corrected.
UNIX Client Defects Corrected in Patch 4
(Solaris 7, 8) This fix resolves a machine deadlock caused by AFS
not taking proper UFS locks prior to calling UFS functions.
(All) This fix resolves a fileserver deadlock (fileserver meltdown)
that occurred when the fileserver experienced a very heavy load.
(Solaris 2.6, 7, 8) This fix resolves a machine deadlock during
a reboot sequence caused by closing the socket descriptors in an
incorrect
sequence. This fix implements a sequence variable to ensure that the
system
closes a socket only after the process that was listening on the open
socket
has completed its operation.
(Windows) This fix resolves a condition where the AFS Client on
a newly installed and configured AFS Server improperly displayed the
status
of volumes on /afs and /afs<cell name> as READ/WRITE.
Previously,
it
was necessary to restart the AFS Client in order for the status to be
properly
displayed as READ-ONLY.
(Solaris) This fix merges the /etc/name_to_sysnum is file for several
versions of Solaris. A check has been added in the afs.rc script for
Solaris
to check for valid values in the /etc/name_to_sysnum file. Incorrect
values
cause problems when AFS is starting.
(Windows) Previously, deleting a volume on a Windows AFS Server
did not completely remove the .data directory. This fix resolves that
problem.
(AIX) This fix resolves login and lsuser problems with the AFS
authentication
module caused by code changes in the security module of the AIX
operating
system.
(All) This fix resolves a condition where various volume related
commands showed the used space of a volume as negative when the size of
any file in the volume exceeded 2 GB.
(Windows) This fix resolves a condition on Windows AFS Servers where
the klog command failed to authenticate for certain passwords.
(AIX 4.3) This fix resolves an infinite loop condition that caused
fileservers to eventually meltdown.
(AIX 4.3) This fix adds a check to verify if the fields of the UUID
structure have valid values. This identifier is used to manage clients
with multiple IP interfaces.
(AIX) This fix corrects a problem where Kerberos tokens for logged
in users were not visible on AIX systems.
(Digital UNIX 4.0) This fix resolves a condition on Digital UNIX
4.0 machines where an improper error message was displayed when
removing
a mountpoint. Previously, when the "fs rmm <mountpoint>"
command
was
issued on an Digital UNIX 4.0 machine in AFS space, the mount was
deleted,
but an error message appeared stating "fs : file
<mountpoint>
does not
exist."
(All) This fix prevents a condition that caused the NFS-AFS Translator
(AFS Client) to panic when the NFS server forwarded requests from NFS
clients
to the NFS-AFS Translator before it was completely initialized.
(All) This fix resolves a vcache leak problem.
(Linux 2.2, 2.4) This fix resolves a race condition in the event
handling code for Linux. This race condition results in processes
losing
wakeup calls; the process gets the wakeup before it actually goes to
sleep.
As a result, the process continues sleeping on events because it is
waiting
for a wakeup which has already occured, and it never returns from the
system
call. To the user, it appears as if the process has hung.
(Linux 2.4) This fix resolves a condition where a Linux client session
hangs when a user issues the "su -" command from a terminal within a
KDE
environment.
This fix adds support for the -servers option in the klog command.
The -servers option allows the user to specify the authentication
server
when retrieving tokens.
This fix resolves a condition where Windows AFS Clients did not
correctly follow traversal rules.
This fix resolves a problem where, when the AFS Client GUI/Advanced
tab page/checkbox "Start the AFS Client whenever the computer restarts"
is checked, the following error message is displayed: Error Configuring
Service-The AFS Client Service's startup parameters could not be
changed.
You might not have the authorization to perform this operation. Error
0x000003E5.
This fix resolves a condition where roaming profiles were not being
created if the roaming profile path contained links.
This fix solves the problem of "?S" appearing in a volume label
name on Windows 2000 machines when "dir" is issued from the Command
Prompt.
This fix resolves a condition where, when the Windows AFS Client
and Tivoli Policy Director Admin Client were both installed on the same
machine, the afsd service did not start. This occurred because both
programs
used a pthread.dll file. The AFS file has been renamed to
afspthread.dll.
This fix resolves a condition that prevented removing Global Drive
Mappings in the Windows AFS Client.
This fix stops the AFS Client when the connection to the network
is lost.
This fix writes a message to the event log whenever a Windows
application
requests a byte-range lock of a file in AFS space.
(All) This fix allows users to restore volumes with volume names
in excess of 22 characters. It writes a warning into the
ErrorLog/TapeLog
file.
(All) This fix resolves the Dump Information problem with AFS backup
for volumes larger than 2 GB.
(Windows) This fix suppresses the "License" dialog box during silent
installs.
(All) This fix adds a -nodns flag to three vos commands: vos exa,
vos listvldb, vol listvol. If -nodns is specified in the command line,
the server names will be listed in IP format rather than as the host
names.
(HP-UX 11.0) Undefined symbols for xdr_* were reported when using
the AFS API on HP-UX. These missing symbols have been added to the
librx.a
file.
(Windows) This fix allows the Windows AFS Control Center Servers
Manager to create volumes with unlimited quotas.
(Windows) This fix enables AFS backup to work on Windows systems.
(All) This fix adds a -showprogress flag to the butc command. If
-showprogress is specified in the command line, progress will be
displayed
as dots when dumping or restoring a volume. Each dot represents 64 K of
data.
UNIX Client Defects Corrected in Patch 3
This fix prevents the salvager fom deleting hardlinked files. By
default, orphan files are ignored, but if the '--orphan remove' option
is specified, orphan files are removed. The default of '-orphan' is
ignore,
which allows the salvager to comment about orphans on every run, but
not
to delete them.
This fix enables the kaserver process to
authenticate krb-udp
requests from Kerberos 4 clients.
While trying to get data from a ptserver, an error condition was
not being checked. This caused a core dump of the fileserver. The
function acl_CheckRights() now checks for an error
condition.
A server panic was occurring as a result of a software assert (tweqi)
caused by giving jfs_rele a vnode with a v_count=0. This resulted from
insufficient locking. A VFS_LOCK for accessing the vnode list fom the
VFS
list was added to resolve this condition.
When a file on an NT fileserver was saved, the data was being
corrupted.
This did not occur when the file was created for the first time, but it
occurred when an existing file was opened and saved after being edited.
This defect corrects that problem.
(Linux only) Accessing AFS files through SAMBA caused refCount on
inode to increase incorrectly and resulted in an "IPUT Bad refCount on
inode" error. This fix resolves this problem.
This fix enables RX to properly track retransmitted packets.
(HPUX only) On HPUX 11.0, if the salvager were run on a partition
that was greater than 4GB in size, it would delete the volumes in that
partition. This fix solves that problem.
(IRIX only) This fix resolves a panic in afs_strategy.
(Linux 2.2only) This fix corrects a cache inconsistency problem
with AFS under the Linux 2.2.* kernels.
(Linux only) This fix resolves a condition that caused the Linux
OS to suspend processing because of a potential deadlock in memory
handling
routines.
(HP only) This fix allows the remsh command to
function
properly on HP11.
(Solaris 8 only) In Solaris 8, "df" was generating errors for AFS
directories. This fix allows the df command to
function
properly
in AFS directories under Solaris 8.
(HP only) This fix changes the startup script on HP 11. AFS used
to panic when /usr/vice/cache was on VxFs. An afs.rc startup script
corrects
this problem.
With this fix, an AFS client queries the operating system on which
it is installed during initialization. If the client is installed on
the
wrong OS, it will not start. This will prevent a Windows 98 AFS client
from crashing a computer system that has been upgraded to Windows
NT/2000.
This fix enables AFS clients on Windows 2000 running IIS to access
a default page in AFS space.
This fix corrects a problem where AFS would not start over a PPP
connection when a LAN adapter was present, but not active on the
machine.
This is a common scenario for laptops that connect via the LAN when in
the office and via a modem when working remotely.
This fix provides a new binary that enables administrators to grant
all users permission to start and stop an AFS service on a Windows
NT/2000
system.
A default security descriptor on the afsd server permits the following access:
afsdacl [-set] [-revoke]The afsdacl binary is installed in AFS/Client/Program.
where:
-set sets the DACL on AFS service to allow all users
in USERS group to start and stop services.
-revoke revokes the DACL. Only administrators can start and stop services.
Writing files into AFS space from a Windows 2000 client took longer
than performing the same operation on a Windows NT client. This fix
improves
write performance on Windows 2000 clients.
If any icon in the system tray refreshes, Windows 95 considers this
to be a screen refresh and restarts counting the amount of time that a
system has been inactive.This can prevent a screen saver from starting.
By default, the AFS tray icon refreshes every 3 minutes. This fix
allows
the user to set the refresh time of the lock icon by adding a registry
entry.
Key: HKEY_LOCAL_MACHINES\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\ParametersIf not value is given for data, a default of 3 minutes will be used.
Name: RefreshTimeInMinutes
Type: DWORD
Data: time in minutes
The menu that appears when right-clicking on the AFS tray icon was
not disappearing unless the user opened and closed the AFS client
window. This
fix allows the user to dismiss the context menu by clicking elsewhere
on
the screen.
When tokens from NT clients were taken into a file and from this
file were set into the cache manager of any UNIX system, the tokens
command
on the UNIX system was not printing correct values. This fix resolves
this
printing problem.
In AFS Windows clients, wildcard matching was not done correctly
during a search, for example, if, from the command prompt, "dir /s
*.txt"
was submitted, files with the .txt extension were not shown in the
results.
This fix adds support for wildcard matching on Windows 2000/NT systems.
This fix enables kdump to work properly on 64-bit
Solaris.
This fix enables special characters, such as colons, to be included
in a field in the bulk file used by the uss_bulk command by escaping
them
with a backslash. The ':' is traditionally used to separate fields. In
order to include it within a field, you must escape the ':' using the
'\'
(backslash). A ':' in a field is represented by '\:'. The '\' character
itself can be represented by '\\'.
The fix allows the bos server to perform its function correctly,
along with the option setrestart -server <machine
name>
-time
"now".
Before this fix, when the command was issued to restart the bos server at any instant by specifying the option "now", the bos server was restarting every minute. This was shown in the log file /usr/afs/logs/BosLog. This fix resolves that problem by updating the proper values in the BosConfig file.
When an AFS client was installed for the Japanese language, the
AFS menu, which is shown when you right-click on any AFS folder in
Windows
Explorer, was not showing up. This fix corrects that error.
AFS command line syntax allows argument switches to be omitted if
the arguments are in order. This fix solves a defect that caused the
"pts"
command to fail if the arguments were not accompanied by switches.
This fix enables the remove mountpoint command (fs rmm)
to
follow symbolic links. Previously, if a symbolic link was encountered,
the mount point was not removed.
This fix resolves a problem that occurred when an AFS File Server
received requests from AFS Client machines to which it could not
respond.
The requests locked up threads in the File Server and rendered the
server
unusable.
This fix prevents the File Server from generating a core file when
calling the following functions in the TAdd code module: AddCallBack1_r
and MultiBreakCallBack_r.
This fix modifies the behavior of the backup dump process by preventing
the creation of dumplevels with spaces in the name.
This fix modifies the behavior of the BOS Server (bosserver)
to automatically restart only when the timestamp changes on a binary.
Previously,
the BOS Server restarted processes when permissions were changed on
binaries,
even if there was no change to the timestamp of the binaries. This
happened
because the st_ctime time field was used to
determine when to
restart
processes. Now, st_ctime is replaced by st_mtime
as the
reference
time field. Therefore, processes are restarted only when the binary
itself
changes.
This fix enables the kaserver process to
authenticate krb-udp
requests from Kerberos 4 clients.
This fix improves File Server responses for Windows clients. It
was previously possible for users (mostly those using Windows NT
Explorer)
to experience a delay before a "Permission denied" error was returned
when
accessing directories with the following access permissions: system
anyuser li. Users can now run the File Server with the -dontdelay
switch to prompt the File Server to more quickly return the "Permission
denied" error.
This fix prevents an infinite loop situation from occurring when
the timeout chain receives a faulty link. Now, when a faulty link is
encountered,
a message if added to the log file.
This fix resolves a condition that caused the AFS client to panic
when server structures are no longer valid.
(Linux only) This fix resolves a condition that caused Linux systems
to suspend processing (hang) during a shutdown or reboot.
This fix resolves a condition that caused the 'vos backupsys' command
to fail when run by the bosserver as a cron job. On Linux, when the
bosserver
runs a process that tries to write to stdout/stderr, the process
receives
a SIGPIPE and fails. Although this error appeared only on Linux, code
changes
were made on all platforms to prevent processes that are started by the
bosserver from writing to stdout/stderr.
This fix enables AFS to return an ENODEV (error, no device) response
when an invalid mount point (device) is encountered. Invalid mount
points
occur as a result of unknown cells or volumes.
(Solaris only) This fix resolves a condition where a list command
(ls) returned an error of "Value too large for defined data type" when
it encountered an AFS file with a negative date.
This fix eliminates a buffer overflow that had been occurring in
VIOCSETVOSTAT pioclt.
This fix resolves a race condition in the fileserver wherein the
fileserver attempted to use a mutex that was not initialized.
(Linux only) This fix enables the use of double cellname entries
within the CellServDB file. In such an entry, the second cell name is
used
for AFS/DFS translator purposes.
(Solaris only) This fix resolves package segment faults that occurred
when the package client attempted to update files with long pathnames.
The buffer provided to the file that is used to hold diagnostic
messages, messages.c, overflows when the package
program
attempts to
modify
files with long pathnames. This was resulting in package segmentation
faults.
The buffer has been increased from 128 bytes to 256 bytes.
(Linux only) This fix closes potential security holes.
(Solaris 8 only) This fix resolves a condition that caused an AFS
Client on a SparcStation 20 to panic while accessing AFS files.
(Solaris only) This fix resolves a condition that caused an AFS
client to suspend processing (hang) when configured with a memory cache
greater than 2 GB.
(Linux only) This fix improves performance on Linux clients.
(HP only) This fix resolves a condition that caused the HP CDE screen
to hang.
This fix enables usernames to contain a period, for example, username.admin.
This fix resolves a condition that caused setup files to fail to
execute if the were deeply nested within an AFS directory.
This fix improves token management.
For kerberos authentication, two new binaries have been created: C:\Program
Files\IBM\AFS\Client\Program\klog_krb.exe and C:\Program
Files\IBM\AFS\Common\afsauthent_krb.dll. To use kerberos
authentication,
rename these binaries to klog.exe and afsauthent.dll.
This fix resolves a condition that caused a GUI account manager
being used to unlock an account to fail with an error message of "No
servers
appear to be up".
This fix improves the readability of the log file by removing excess
blank lines.
This fix removes an existing cache file during start up.
This fix resolves a condition that caused the AFS NT client to crash
in smb.c.
This fix resolves a condition on Windows 2000 clients that prevented
the AFS client from removing temporary files.
This fix resolves a condition that caused the login screen to display
an error dialog box stating that a problem existed in services.exe and
that the workstation would automatically restart in 60 seconds.
Microsoft
also addressed this problem using a hotifx (see
http://support.microsoft.com/support/kb/articles/q266/0/66.asp).
This fix enables silent installs on Windows 2000.
This fix prevent MS Visual C++ v6.0 from altering the timestamp
whenever a file is opened and closed without being altered.
UNIX Client Defects Corrected in Patch 1
Windows Client Defects Corrected in Patch 1
This fix changes the AFS server processes to log messages via syslog.
Previously, AFS wrote to /dev/console. When /dev/console
was unavailable, the process that was trying to write to it waited
until
it became available again; it was not possible to kill the process.
This fix eliminates one potential cause of timeouts when the vos
listvol command has to produce output about a large number of
volumes.
As it processes this command, the Volume Server no longer writes to
disk
the three index files (large vnode, small vnode, and header) associated
with a volume.
(Linux 2.2 only) When restarting the bosserver
process using
the bos restart command, the process stopped but
did not
restart.
Now, when the bos restart command is issued for the
bosserver
process, the process is correctly restarted.
This fix enables the File Server to shut down properly if it receives
the signal to shut down while attaching volumes.
Previously, it was difficult to use a firewall with a network address
translator (NAT). This enhancement enables users to have a File Server
register inactive (or fake) IP addresses in the Volume Location
database,
thus allowing client machines outside the NAT to be able to access File
Servers. In order to add fake IP addresses for server processes, add f
as the first character in the NetInfo line for the corresponding IP
address.
For example, add:
f 10.10.3.100This IP address is registered for the server process, but it is registered without being checked for a physical connection.
(Solaris only) This fix eliminates a race condition in the File
Server's h_ReleaseClient_r routine and so prevents
the File
Server
from generating a core file.
(Solaris only) This fix prevents the File Server from generating
a core file, which occurred when a NULL value was passed to the rx_NewCall
function.
This fix prevents the File Server from failing when a file is being
simultaneously accessed (created or read) and deleted.
This performance enhancement limits the number of Volume Location
Database entries that are searched by the Volume Location Server to
2000.
Previously, it was possible for requests to become backed up on the
Volume
Location Server when the server was searching the entire Volume
Location
Database for a few entries.
(Windows only) When using the Server Configuration Wizard, replicating
root volumes failed if replicas already existed elsewhere. No error
message
was displayed when this occurred. This problem has been corrected and
root
volumes can now be replicated using the Server Configuration Wizard.
This fix prevents remote procedure calls (RPCs) requesting
impermissible
operations to read-only volumes (such as rename, link, remove) from
being
made to File Servers; however, it allows sending RPCs to File Servers
for
file open operations when the file already exists.
(AIX 4.3 only) When reading volume information, the number of bytes
read did not always equal the actual size of the structure. This caused
AFS to fail. The VolumeItems file is now read
multiple times
before
AFS fails in order to increase the chance of a successful read.
This fix also corrects a client hang problem that appeared after the machine attempted to access a directory that contained a significant number of mount points.
(AIX 4.3.2 only) This fix eliminates a problem that resulted from
writing a large number of bytes to an invalid address in AFS.
Previously,
it was possible that when writing a large number of bytes to an invalid
address in AFS, the file could become full, resulting in an infinite
loop
in the kernel, and the process could not be stopped.
The pts createuser command did not function
properly when
used with positional parameters. This problem has been fixed and users
can now specify the parameters explicitly or identify them by following
the rules of positional parameters.
(Solaris only) This fix corrects a problem that occurred when a
process attempted to access the proc file system.
(HP-UX only) This fix prevents a problem that resulted in AFS client
machines not responding.
(Linux only) This fix corrects a cache inconsistency.
When using the Windows Command Prompt to rename a file in the AFS
filespace to be identical to an already existing file in the same AFS
location,
the already existing file was overwritten. This was not the desired
behavior.
Now, in this situation, the user is warned of the existence of a file
with
the same name and the file is not automatically overwritten.
The error dialog box that was displayed when users attempted to
obtain AFS tokens on a machine that had an incorrect date setting was
misleading
and partially unreadable. Now, the error message displayed is readable
and contains more information.
Previously, users were unable to map network drives using the graphical
user interface when the root directory was not /afs.
Now, when
using
a root volume other than /afs, users can map
network drives
using
the graphical user interface.
When using AFS Light and writing to the AFS filespace (saving, copying,
etc.), seven hours were added to the time stamp associated with the
file.
This problem has been fixed and the time associated with files in the
AFS
filespace is now correct.
This enhancement improves the AFS Client's trace logging. A
memory-mapped
file is now used for the log, allowing it to be viewed after a system
failure.
In addition, the log can now be viewed remotely and descriptive text is
displayed instead of error codes.
This enhancement enables the AFS Client to support all LAN Adapter
(LANA) numbers. The client now automatically detects and uses all
available
LANA numbers.
The Lan Adapter Number field on the AFS Client's
Miscellaneous
Configuration Dialog Box is now disabled. As of the Patch 1 release,
the
AFS Client automatically detects and uses all available LAN Adapter
(LANA)
numbers. Use of the Lan Adapter Number field could
possibly
result
in users unknowingly disabling the auto-LANA functionality. If
necessary,
you can fix the LANA number used by the AFS Client service to a
specific
value by using the LANadapter Registry key, which
is found
under
the following Registry setting:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters
Previously, non-relative symbolic links to the AFS root did not
function correctly. The problem has been identified and corrected.
When restarting a process using the graphical user interface in
the AFS Server Manager, all server processes were restarted. This
problem
has been fixed.
(Solaris only) This fix enables remsh commands that
point
to an AFS version of rsh to be issued to remote
machines and to
work as expected, producing the same results as issuing remsh
commands
that point to native rsh.
This enhancement improves the startup time to start dump by allowing
temporary volume sets to be created local to the backup process and not
stored in the Backup database. This reduces activity on the Backup
Server.
(Linux only) This fix enables AFS to shut down cleanly.
Previously, it was possible to easily create volumes with names
that exceeded the character limit. With this fix, a warning is now
displayed
when users create volumes using volume names with more than 22
characters.
Also, the backup system displays a warning when backing up a volume
will
result in a new name containing more than 22 characters.
This fix adds an additional step to the CheckVLserver
routine
to determine the definitive status of the servers. Previously, it was
possible
for AFS client machines to be unable to access volumes in foreign cells
even though the Volume Location Servers (vlservers) in those cells were
available. This was due to the CheckVLserver
routine accessing
conflicting
variable settings.
(Solaris 2.6 only) This fix eliminates kernel panics that sometimes
occurred.
(Linux only) This fix eliminates a kernel memory corruption that
sometimes occurred.
This fix resolves an RX error that resulted when operating systems
were mixed in the AFS environment. The operating system combinations
that
caused the error were AIX with Linux and Windows NT with Solaris.
This fix resolves an error that occurred when a CERT advisory was
issued due to a buffer overflow in Kerberos 4 and Kerberos 5.
This fix prevents the butc process from failing
while talking
to an ADSM server by avoiding contention for a pthread lock.
This enhancement provides a new version of the SGI kernel to work
with the SGI IP35 chip.
(Solaris only) This fix prevents a panic in osi_NetReceive
on Solaris machines.
(Linux only) This enhancement provides changes to the AFS
initialization
script. The initialization script automatically selects the appropriate
extensions file for the kernel version in use on the local machine. The
module for the kernel that is closest to the installed kernel version
is
now chosen; whereas previously, the script only chose modules compiled
specifically for the installed version.
(AIX 4.3 only) This fix resolves a programming error that resulted
in a client deadlock.
(AIX 4.3.3 only) With this enhancement, an error message is now
displayed if the klog command is used with the -setpag
option
when the user is logged on as root.