Best Practices Workshop 2008

Welcome to the home of OpenAFS

What is AFS?

AFS is a distributed filesystem product, pioneered at Carnegie Mellon University and supported and developed as a product by Transarc Corporation (now IBM Pittsburgh Labs). It offers a client-server architecture for federated file sharing and replicated read-only content distribution, providing location independence, scalability, security, and transparent migration capabilities. AFS is available for a broad range of heterogeneous systems including UNIX, Linux, MacOS X, and Microsoft Windows

IBM branched the source of the AFS product, and made a copy of the source available for community development and maintenance. They called the release OpenAFS.

OpenAFS News

17-Aug-2008 - OpenAFS 1.5.52 released

OpenAFS 1.5.52 provides the best user experience for Microsoft Windows users. The Unicode character set support for Windows clients permits users to create and access file system objects using characters not represented in the local 8-bit OEM character set.

1.5.52 is also the most recent in the series of releases intended to provide new experimental features including the Demand Attach File Service, on other platforms including MacOS X, Linux variants, and UNIX, and includes several bugfixes since 1.5.51.

• Go to the release page
• Go to the release announcement

1-May-2008 - OpenAFS 1.4.7 released

OpenAFS 1.4.7 is the eighth in a series of releases focusing on bugfixes for Unix platforms. It contains a number of fixes to both clients and servers, including major bugfixes to the fileserver.

• Read the 1.4.7 release notes
• Go to the release page
• Go to the release announcement

17-Mar-2008 - OpenAFS participating in Google Summer of Code

Once again, Google will be doing their Summer of Code. For the first year, OpenAFS will be participating as a mentoring organization. Students interested are encouraged to discuss potential projects on the openafs development list. We have a list of suggested projects online, but we would be happy to discuss any relevant project with you.

20-Dec-2007 - OpenAFS Security Advisory 2007-003

OpenAFS fileserver versions 1.3.50 - 1.4.5, 1.5.0 - 1.5.27.   Fileservers of affected versions can be crashed by a client-triggered race condition. Fixes are available in 1.4.6 and 1.5.28.

• Go to the advisory

OpenAFS Elders Newsletter for November online

The OpenAFS Elders newsletter for November is available now.

AFS & Kerberos Best Practice Workshop 2008

The fifth annual AFS & Kerberos Best Practice Workshop will be held May 19-23, 2008 at NJIT in Newark New Jersey USA. See http://workshop.openafs.org/afsbpw08/ for registration information.

OpenAFS Elders Newsletter for August online

The OpenAFS Elders newsletter for August is available now.

19-Apr-2007 - OpenAFS Security Advisory 2007-002

OpenAFS for Windows clients versions 1.3.64 - 1.3.99, 1.4.0 - 1.4.4, 1.5.0 - 1.5.18.   When MIT Kerberos for Windows (any version) is installed a user with the ability to alter the contents of the Kerberos v5 configuration profile can prevent Microsoft Windows from successfully booting.  This issue has been corrected in OpenAFS 1.5.19.

• Go to the advisory

20-Mar-2007 - OpenAFS Security Advisory 2007-001

Unix clients in OpenAFS versions before 1.5.17 and 1.4.4 allow a potential privilege escalation via setuid functionality which can be enabled by the client administration but is enabled by default for the client's local cell. To avoid this issue, 1.5.17 and 1.4.4 have been issued with setuid disabled by default in all cases.

• Go to the advisory

28-Dec-2006 - OpenAFS Elders announce "No More DES" roadmap

AFSv3 was designed and implemented during the late 80s and early 90s when the state of the art in distributed computer authentication and data confidentiality was to use Kerberos 4 and the United States' Data Encryption Standard (DES). Over the last two years the U.S. National Institutes of Standards and Technology (NIST) has withdrawn the DES standard and MIT has announced the end of life of Kerberos 4. In response, the OpenAFS Elders have approved a roadmap to transition from DES to stronger ciphers which includes the deprecation of the OpenAFS kaserver.

• Go to the announcement

6-Dec-2006 - pam-afs-session 1.0 released

pam-afs-session is a PAM module intended for use with a Kerberos v5 PAM module to obtain an AFS PAG and AFS tokens on login. It puts every new session in a PAG regardless of whether it was authenticated with Kerberos and runs a configurable external program to obtain tokens. It supports using Heimdal's libkafs for the AFS interface and falls back to an internal Linux-only implementation if libkafs isn't available.

• Go to the announcement

1-Dec-2006 - Announcing OpenAFS "Works with Windows Vista"

The OpenAFS Elders are pleased to announce that with the release of OpenAFS for Windows version 1.5.12 that Microsoft Windows Vista becomes an officially supported platform. All versions of Vista including "Home Basic", "Home Premium", "Business", and "Ultimate" are supported on both X86 and X86_64 CPU architectures.

• Go to the announcement

31-May-2006 - OpenAFS council of elders meeting minutes from 30 May

The minutes of the most recent OpenAFS Council of Elders meeting are online now.

• Minutes of the 30 May 2006 elders meeting

Older news - OpenAFS CVS available!

OpenAFS anonymous CVS service is available. Your CVSROOT should be set to :pserver:anonymous@cvs.openafs.org:/cvs ; The password for this user is "anonymous"; OpenAFS can be found in the "openafs" module.