DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Packages and Ports

OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 27th August 2017
hanzer's Avatar
hanzer hanzer is offline
Real Name: Adam Jensen
just passing through
 
Join Date: Oct 2013
Location: EST USA
Posts: 228
Default Exploring OpenAFS

Does anyone have any experience with OpenAFS on OpenBSD? The version I found in ports is 1.4.7 which looks to be nine or ten years old. The most recent release, from earlier this month, is 1.6.21. I could attempt to build the recent release on OpenBSD but the patches for 1.4.7 in the ports seem to suggest that some significant twiddling and finagling might be involved. Before investing in that, does anyone have any experience with OpenAFS in general and OpenAFS on OpenBSD in particular (probably with a Heimdal KDC on OpenBSD)?
Reply With Quote
  #2   (View Single Post)  
Old 27th August 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,887
Default

I experimented with it when nnpfs (the Arla client) was in base, probably around 2007 or 2008. I never implemented it in production. The client was discontinued in 2012, for OpenBSD 5.3.
Reply With Quote
  #3   (View Single Post)  
Old 27th August 2017
hanzer's Avatar
hanzer hanzer is offline
Real Name: Adam Jensen
just passing through
 
Join Date: Oct 2013
Location: EST USA
Posts: 228
Default Update

The README file is very discouraging. It doesn't look like the OpenAFS server has ever worked on OpenBSD, and it seems like the client was only available for i386:
Code:
       i386_obsd31, i386_obsd32, i386_obsd33, i386_obsd34, i386_obsd35,
         i386_obsd36, i386_obsd37, i386_obsd38, i386_obsd39, i386_obsd40,
         i386_obsd41
And it may not have been very robust:
Code:
   Your kernel may panic when you try to shutdown after running the
   OpenAFS client.  To prevent this, change the "dangling vnode" panic in
   sys/kern/vfs_syscalls.c to a printf and build a new kernel.
I might deprioritize this exploration...
Reply With Quote
  #4   (View Single Post)  
Old 27th August 2017
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,098
Default

Quote:
Originally Posted by hanzer View Post
Does anyone have any experience with OpenAFS on OpenBSD? The version I found in ports is 1.4.7 which looks to be nine or ten years old. The most recent release, from earlier this month, is 1.6.21. I could attempt to build the recent release on OpenBSD but the patches for 1.4.7 in the ports seem to suggest that some significant twiddling and finagling might be involved. Before investing in that, does anyone have any experience with OpenAFS in general and OpenAFS on OpenBSD in particular (probably with a Heimdal KDC on OpenBSD)?
OpenAFS came out of Carnegie Mellon University school of computer science where I work. For all practical purposes it is dead after an unsuccessful attempt of commercialization by a few faculty and their graduate students who originally designed the system. There small start up was bought out by IBM and failed. OpenAFS is what is today left of it. Our school of computer science is one of few remaining Universities running AFS cells. It runs of Red Hat Linux machine. Running server is very complicated because AFS is an early attempt to create semi-distributed file systems which will be safe to use over hostile networks unlike NFS. AFS/Kerberos requires numerous open ports in the firewall but it is possible unlike NFS which should not be run through firewall. It requires Kerberos server MIT (U.S. only) or Heimdal (free re-implementation for the rest of the world) for authentication and LDAP for to store authorization.

Kerberos is security ridden old protocol (AFS is few years older satrted at early 80s of the last century) which was removed from OpenBSD core due to the lack of interest. To be seriously useful a small team of developers would have to adopt the project and bring it to standards (another OpenSSL situation). Kerberos is still in ports and it is up to date. You should start by clearing up Kerberos code before going to AFS.

Long story short a home user had no use for AFS. Even on Linux it is a third party kernel module which means that it is third class citizen. (Linux is very hostile to third party kernel module and that is one of the reason I don't consider ZFS and Xen usable on Red Hat). To my knowledge Box Backup (synchronization services) is inspired/based by AFS. It is also created by few of our CMU alumni.


For the record CMU including school of computer science has recently moved from its own Cyrus IMAP server to Exchange for our e-mail needs and is contemplating retiring AFS in favor of Samba. In another words we are more or less Microsoft shop (at least administrative/general computing) just like any other corporation in U.S. Our printers are also managed by third party contractor and it is not possible to print from UNIX. For the purpose of my group we just bought our own printer as we are all UNIX shop.

Last edited by Oko; 6th September 2017 at 04:43 AM.
Reply With Quote
  #5   (View Single Post)  
Old 27th August 2017
ibara's Avatar
ibara ibara is offline
vBSDcon 2017 troublemaker
 
Join Date: Jan 2014
Posts: 467
Default

When I was an undergrad at CMU, everything was AFS and Kerberos.

As a total aside, I remember when Slypheed was removed as an officially supported email client. There was student uproar! (We lost...) That was the push that got me to learn alpine (as alpine was still supported).

Good memories, though sadly I am no help when it comes to setting up AFS. Was just a captive user for 4 years.
Reply With Quote
  #6   (View Single Post)  
Old 28th August 2017
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,098
Default

Quote:
Originally Posted by ibara View Post
When I was an undergrad at CMU, everything was AFS and Kerberos.

As a total aside, I remember when Slypheed was removed as an officially supported email client. There was student uproar! (We lost...) That was the push that got me to learn alpine (as alpine was still supported).

Good memories, though sadly I am no help when it comes to setting up AFS. Was just a captive user for 4 years.
Ah I forgot that you were an undergrad here. Most of Linux desktop gear (Ubuntu with exception of my group using Red Hat) is still Kerberosed and AFS is the default. Very few if any of younger kids know how to use it. Setting AFS client on Red Hat is pretty trivial. Download RPM sources form OpenAFS website. Running

Code:
rpmbuild
and staring a daemon. Red Hat comes with ability to authenticate against Kerberos.
The number of ports needs to be open is pissing me off. Also I like to run yum-cron job and you can't if you are using AFS because every kernel update breaks the client. Didn't I mention that Linux is very adverse to third party kernel modules.

Very few kids know how and use it (kint + klog.krb5 -cell sequence). It is few dinosaurs like me who know how to use it. When I came to U.S. in 1996 every research university was running AFS+Kerberos. Old good times.

As the side note NFS client and particularly NFS server on OpenBSD could use some love. I don't like running NFS server of OpenBSD machine but I use the client all the time.
Reply With Quote
  #7   (View Single Post)  
Old 28th August 2017
hanzer's Avatar
hanzer hanzer is offline
Real Name: Adam Jensen
just passing through
 
Join Date: Oct 2013
Location: EST USA
Posts: 228
Default Update

The responses from the OpenAFS mailing list were informative.

Quote:
Originally Posted by http://lists.openafs.org/pipermail/openafs-info/2017-August/042194.html

It's worth mentioning, yes. The server is a pretty portable POSIX application
and should build without much trouble, but the client (kernel module) is
where the difficulty is likely to lie. The last commit in the tree working
on OpenBSD client support is e1d0342326d11a14e1fb0075fb62cc6be9389b97, from
2014, which added support for OpenBSD 5.4, which is quite a few releases
behind. So, someone would need to look at the VFS- and VM-layer changes
in OpenBSD between 5.4 and 6.1, and make the necessary (conditional!)
adjustments in the OpenAFS source tree to match up.

[snip]
The other noteworthy responses (thus far) [1,2] mention the Arla client and a possible FUSE implementation.
Reply With Quote
  #8   (View Single Post)  
Old 28th August 2017
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,098
Default

Check misc@openbsd for the Theo's exchange with Arla guys from circa 2004 or 2005. Once upon time AFS was a part of OpenBSD core. You are beating a dead horse now.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:57 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick