| Release Notes | ||
|---|---|---|
| <<< Previous | Changes to AFS Commands, Files, and Functionality | Next >>> |
AFS 3.6 adds the following new options and functionality to existing commands and files.
Changes that support XBSA servers
Several backup commands and configuration files include new features that support backup to XBSA servers such as TSM. See New Command and File Features that Support TSM.
New instructions in the CFG_tcid file
There are new instructions in the CFG_tcid file that apply to all types of backup media: CENTRALLOG, GROUPID, LASTLOG, MAXPASS, and STATUS. (There are also new instructions that apply only to XBSA servers, as documented in New Command and File Features that Support TSM.)
The new instructions are not documented in the OpenAFS Administration Guide or OpenAFS Administration Reference. See "CFG_tcid". (Note that this is a new way of referring to this file, called CFG_device_name in the OpenAFS Administration Guide and OpenAFS Administration Reference. For a Tape Coordinator that communicates with an XBSA server, the variable part of the filename is a port offset number rather than a device name, so the more generic tcid is a better description of possible values in this part of the filename.)
New -temporary flag to backup addvolset command
The backup addvolset command has a new -temporary flag. A temporary volume set is not recorded in the Backup Database and exists only during the lifetime of the interactive session in which it is created.
New options to the backup deletedump command
There are new options to the backup deletedump command: the -groupid argument specifies the group ID number associated with the dump records to delete, and the -noexecute flag displays a list of the records to be deleted rather than actually deleting them. (There are also new options that apply only to records for data dumped to an XBSA server, as documented in New Command and File Features that Support TSM.)
The new options are not documented in the OpenAFS Administration Guide or OpenAFS Administration Reference.
New output from the backup dumpinfo command
When both the -id and -verbose options to the backup dumpinfo command are provided, the output is divided into several sections. In the first section, headed by the label Dump, the new Group id field replaces the id field that previously appeared about halfway down the list of fields (the first field in the section is still labeled id). The Group id field reports the dump's group ID number, which is recorded in the Backup Database if the GROUPID instruction appears in the Tape Coordinator's /usr/afs/backup/CFG_tcid file when the dump is created. (The command's output also includes a new message that reports whether the dump data is stored on an XBSA server, as detailed in New Command and File Features that Support TSM.)
The new output is not documented in the OpenAFS Administration Guide or OpenAFS Administration Reference.
BOS Server sends additional field to notifier programs
The OpenAFS BOS Server sends additional information to notifier programs when an AFS server process exits. The bnode_proc structure now includes the lastExit field, which reports the exit code associated with the process's most recent exit. Previously, the only information about exit codes available to the notifier program was in the bnode structure's errorCode field, which records the exit code generated when the process last exited due to an error. The BOS Server does not clear the errorCode field, so the value set at the last exit due to error is reported even for exits that are not due to error.
If your notifier program currently checks the errorCode field but you really want a notification only when the most recent exit is due to an error, change the program to check the lastExit field in the bnode_proc structure instead. An error code appears in the lastExit field only if the most recent exit really was due to an error (in which case the same code also appears in the errorCode field).
The bos create command's reference page in the OpenAFS Administration Reference describes all of the fields that the BOS Server can include in the bnode_proc and bnode structures. As noted there, the BOS Server does not necessarily include every field in the structures it sends to a notifier program, because some of them are for internal use. For best results, the notifier program must correctly handle the absence of a field that it expects to find.
Only administrators can use kas examine command's -showkey flag
As in AFS 3.6, the OpenAFS Authentication Server does not require that you disable authorization checking on its database server machine before it returns the octal digits that constitute the encrypted password or key stored in an Authentication Database entry, which was the requirement with earlier versions of AFS. Instead, it always returns the octal digits, as long as the connection between the kas command interpreter and Authentication Server is encrypted. AFS 3.5 introduced the -showkey flag to make the kas examine command display the octal digits.
This change in requirements creates a potential security exposure, however, in that earlier versions of the kas examine command always display the octal digits (instead of a checksum) when directed to an AFS 3.5 or 3.6 Authentication Server. To eliminate this exposure, in AFS 3.6 the Authentication Server returns octal digits only for a principal that has the ADMIN flag in its Authentication Database entry.
The main effect of the new requirement is that only administrators can include the -showkey flag on the AFS 3.6 kas examine command. It does not effectively change the privilege required to display the octal digits when using versions of the kas examine command before AFS 3.5 Patch 2 (build level afs3.5 3.17), because it was assumed with earlier versions that only administrators were able to disable authorization checking. It also does not affect the automated installation and configuration tool provided for AFS for Windows, which still can be used only by administrators.
The vos delentry command accepts only read/write volume names
The AFS 3.6 version of the vos delentry command accepts only read/write volume names or volume ID numbers as values for its -id or -prefix arguments. The new restriction is not documented in the OpenAFS Administration Guide or OpenAFS Administration Reference.
| <<< Previous | Home | Next >>> |
| Changes to AFS Commands, Files, and Functionality | Up | Support for Backup to TSM |