AFS port now committed (was: Re: OpenAFS 1.6.0pre3 available (was Re: [OpenAFS-announce] OpenAFS 1.6.0 release candidate 2 available (fwd)))

Benjamin Kaduk kaduk at MIT.EDU
Mon Jun 20 16:58:53 UTC 2011 

On Sun, 29 May 2011, Robert Watson wrote:

>
>
> An FYI to those following OpenAFS on FreeBSD: there's now a committed port 
> for it, net/openafs, which seems to work quite well for me here.  There are a 
> bunch of loose ends Benjamin and others are chasing, including:

The port has just been updated to the 1.6.0pre6 version.  Unfortunately, 
this one does need a few patches (but they are in upstream git as of the 
past half hour), to make the installation more uniform for amd64 vs. i386, 
and prevent a panic at unmount.

>
> - The port doesn't yet automatically create /afs and /usr/vice/cache 
> (possibly
>  the latter should be /var/openafs/cache?).
>

I still need to do this ... "coming soon".

> - The kernel module build for the client requires some help finding
>  opt_global.h, fixable by moving to bsd.kmod.mk I think?
>

hrs@ has kindly contributed some code which uses config(8) to generate 
opt_global.h, eliminating the need for a full kernel object tree -- only 
kernel (and world?) sources and a kernel configuration file (default: 
GENERIC) are needed.
I have also persuaded bsd.kmod.mk to build a libafs.ko in my development 
tree, but that needs cleanup and testing before it gets released into the 
wild.

> - The client currently uses a memory cache, not the vnode cache (on-disk
>  cache) due to locking issues which Derrick believes should be solvable in a
>  pretty straight forward manner given a bit of time.
>
> - FreeBSD doesn't have PAG support, although a MAC Framework module could
>  probably provide it fairly easily.
>
> - The AFS pages on the FreeBSD wiki require some refinement; the client one
>  seems generally to Just Work for me, but the server has quite a bit of
>  tweaking to do.  In particular, the port doesn't install pre-generated
>  databases, requiring some prodding around with pts, etc.  It sounds like
>  this should be fixed at some point?

These remain on the TODO list.

-Ben

>
> And, of course, there are a bunch of things I'm looking forward to seeing in 
> future OpenAFS versions, such as TCP support, GSSAPI support, and 
> confidentiality/integrity for pre- or non-kerberos access to AFS by a client.
>
> (In the slightly longer term, I'd also really like to see support for x509 
> client certs, etc, rather than having to use Kerberos.  I am quite happy with 
> kerberos for user-centric access, but for machine-centric access, certs make 
> more sense, I think).
>
> Robert
>

More information about the freebsd-afs mailing list