AFS port now committed (was: Re: OpenAFS 1.6.0pre3 available (was Re: [OpenAFS-announce] OpenAFS 1.6.0 release candidate 2 available (fwd)))

Robert Watson rwatson at FreeBSD.org
Sun May 29 21:06:49 UTC 2011 

On Tue, 22 Mar 2011, Benjamin Kaduk wrote:

> The latest release candidate is out, and should not need any patches for 
> FreeBSD.  A port sharball is at 
> http://web.mit.edu/freebsd/openafs/openafs.shar and precompiled packages for 
> amd64_fbsd_{81,82,90} are available in subdirectories of those names.

An FYI to those following OpenAFS on FreeBSD: there's now a committed port for 
it, net/openafs, which seems to work quite well for me here.  There are a 
bunch of loose ends Benjamin and others are chasing, including:

- The port doesn't yet automatically create /afs and /usr/vice/cache (possibly
   the latter should be /var/openafs/cache?).

- The kernel module build for the client requires some help finding
   opt_global.h, fixable by moving to bsd.kmod.mk I think?

- The client currently uses a memory cache, not the vnode cache (on-disk
   cache) due to locking issues which Derrick believes should be solvable in a
   pretty straight forward manner given a bit of time.

- FreeBSD doesn't have PAG support, although a MAC Framework module could
   probably provide it fairly easily.

- The AFS pages on the FreeBSD wiki require some refinement; the client one
   seems generally to Just Work for me, but the server has quite a bit of
   tweaking to do.  In particular, the port doesn't install pre-generated
   databases, requiring some prodding around with pts, etc.  It sounds like
   this should be fixed at some point?

And, of course, there are a bunch of things I'm looking forward to seeing in 
future OpenAFS versions, such as TCP support, GSSAPI support, and 
confidentiality/integrity for pre- or non-kerberos access to AFS by a client.

(In the slightly longer term, I'd also really like to see support for x509 
client certs, etc, rather than having to use Kerberos.  I am quite happy with 
kerberos for user-centric access, but for machine-centric access, certs make 
more sense, I think).

Robert

More information about the freebsd-afs mailing list