Welcome to the home of OpenAFS

What is AFS?

AFS is a distributed filesystem product, pioneered at Carnegie Mellon University and supported and developed as a product by Transarc Corporation (now IBM Pittsburgh Labs). It offers a client-server architecture for federated file sharing and replicated read-only content distribution, providing location independence, scalability, security, and transparent migration capabilities. AFS is available for a broad range of heterogeneous systems including UNIX, Linux, MacOS X, and Microsoft Windows

IBM branched the source of the AFS product, and made a copy of the source available for community development and maintenance. They called the release OpenAFS.

Recent OpenAFS News

14-August-2010 - Sixteenth OpenAFS Newsletter
The latest issue of the monthly OpenAFS newsletter is available at http://www.openafs.org/newsletter/newsletter-2010-08-volume002-issue08.html.

25-May-2010 - OpenAFS 1.4.12.1 available
An update of the 1.4.12 release, 1.4.12.1 adds support for Linux kernel 2.6.34, fixes a bug with 64 bit kernels on 32 bit hardware, and avoids a panic when the volume data cannot be read or written from persistent storage. Updated MacOS binaries and source distributions are available.

17-Aug-2010 - OpenAFS 1.5.76 released
OpenAFS 1.5.76 is the tenth release of OpenAFS for Windows 7 and Server 2008 R2 and provides the best user experience for users on all supported Microsoft Windows platforms. 1.4.12 is the suggested production release for all other users. Due to data loss issues present in all versions of OpenAFS prior to 1.5.62 and believed to be in IBM AFS, all Windows users are urged to upgrade.

1.5.76 is also the most recent in the series of releases intended to provide new experimental features including the Demand Attach File Service and Disconnected AFS, on other platforms including MacOS X, Linux variants, and UNIX, and includes numerous new features since 1.5.72, especially for users of MacOS X. OSX users may find that 1.5.76 provides a better usage experience than the current suggested production version.

13-Mar-2010 - OpenAFS 1.4.12 released
OpenAFS 1.4.12 is the thirteenth in a series of releases focusing on bugfixes for Unix platforms. It contains a number of fixes to both clients and servers.

24-Oct-2009 - Microsoft Windows 7 and Server 2008 R2 now supported
The OpenAFS Elders are pleased to announce that with the release of OpenAFS for Windows version 1.5.66 that Microsoft Windows 7 becomes an officially supported platform. All versions of Windows 7 including "Home Basic", "Home Premium", "Business", and "Ultimate" are supported on both X86 and X86_64 CPU architectures.  Users that are upgrading to Windows 7 from Vista must reinstall OpenAFS after the upgrade.
28-Aug-2009 - MacOS 10.6 Snow Leopard support announced
Concurrent with the release of MacOS 10.6, OpenAFS has released OpenAFS 1.5.62 with 32 and 64 bit kernel and userspace support for Snow Leopard. Additionally, a backport of the necessary support is available and is being distributed with OpenAFS 1.4.11 effective immediately.

28-Aug-2009 - Data Loss in Pre-1.5.62 OpenAFS for Windows Releases

Releases of OpenAFS for Windows prior 1.5.62 may fail to store data to file servers. There are two issues that are addressed in the 1.5.62 release.

  1. Failure to Store Portions of Unaligned Writes
  2. Failure to Store Data to File Servers Lacking Large File Support

9-Jul-2009 - OpenAFS Changes Source Code Version Control System to Git
After more than eighteen months of attempts to migrate source code management away from cvs OpenAFS has finally converted to Git. This change will not have any visible impact on end users. For developers there are major changes in the tools required to work with the OpenAFS source repository and the workflow used to submit contributions to OpenAFS. Along with the conversion to Git, OpenAFS is now using the Gerrit source code review application which makes it significantly easier for developers to review and comment on each other's contributions.

June 1-5 - AFS & Kerberos Best Practice Workshop 2009
The sixth annual AFS & Kerberos Best Practice Workshop will be held June 1-5, 2009 at Stanford University in Palo Alto, California. See http://workshop.openafs.org/afsbpw09/ for registration information.

6-Apr-2009 - OpenAFS Security Advisory 2009-002
OpenAFS clients versions 1.0-1.4.8, 1.5.0-1.5.58 for all Linux 2.4-2.6 platforms.   An attacker with control of a fileserver, or the ability to forge RX packets, can crash the cache manager, and hence the kernel, of affected Linux AFS clients. This vulnerability is being tracked as CVE-2009-1250.

6-Apr-2009 - OpenAFS Security Advisory 2009-001
OpenAFS clients versions 1.0-1.4.8, 1.5.0-1.5.58 for all Unix platforms except MacOS 10.4, 10.5.   An attacker with control of a fileserver, or the ability to forge RX packets, can crash the cache manager, and hence the kernel, of any Unix AFS client. It may be possible for an attacker to cause the kernel to execute arbitrary code. This vulnerability is being tracked as CVE-2009-1251.

18-Mar-2009 - OpenAFS Accepted into Google Summer of Code(TM) 2009
Following last year's successful participation in GSoC 2008, OpenAFS has been accepted for a second straight year. Students and OpenAFS experts are encouraged to participate. Student proposals are due April 3. Students and mentors interested in participating in an OpenAFS project should read the OpenAFS Summer of Code page.
17-Sep-2008 - European AFS conference
The first European AFS Conference will be held in Graz from 24th to 26th of September 2008.

Besides information about current OpenAFS topics there will be talks about usage cases, development and a social event.

For more information, please visit http://www.openafs.at

17-Mar-2008 - OpenAFS participating in Google Summer of Code
Once again, Google will be doing their Summer of Code. For the first year, OpenAFS will be participating as a mentoring organization. Students interested are encouraged to discuss potential projects on the openafs development list. We have a list of suggested projects online, but we would be happy to discuss any relevant project with you.
20-Dec-2007 - OpenAFS Security Advisory 2007-003
OpenAFS fileserver versions 1.3.50 - 1.4.5, 1.5.0 - 1.5.27.   Fileservers of affected versions can be crashed by a client-triggered race condition. Fixes are available in 1.4.6 and 1.5.28.
  • OpenAFS Elders Newsletter for November online
    The OpenAFS Elders newsletter for November is available now.

    • OpenAFS Elders Newsletter for August online
    The OpenAFS Elders newsletter for August is available now.

    19-Apr-2007 - OpenAFS Security Advisory 2007-002
    OpenAFS for Windows clients versions 1.3.64 - 1.3.99, 1.4.0 - 1.4.4, 1.5.0 - 1.5.18.   When MIT Kerberos for Windows (any version) is installed a user with the ability to alter the contents of the Kerberos v5 configuration profile can prevent Microsoft Windows from successfully booting.  This issue has been corrected in OpenAFS 1.5.19.

    20-Mar-2007 - OpenAFS Security Advisory 2007-001
    Unix clients in OpenAFS versions before 1.5.17 and 1.4.4 allow a potential privilege escalation via setuid functionality which can be enabled by the client administration but is enabled by default for the client's local cell. To avoid this issue, 1.5.17 and 1.4.4 have been issued with setuid disabled by default in all cases.

    28-Dec-2006 - OpenAFS Elders announce "No More DES" roadmap
    AFSv3 was designed and implemented during the late 80s and early 90s when the state of the art in distributed computer authentication and data confidentiality was to use Kerberos 4 and the United States' Data Encryption Standard (DES). Over the last two years the U.S. National Institutes of Standards and Technology (NIST) has withdrawn the DES standard and MIT has announced the end of life of Kerberos 4. In response, the OpenAFS Elders have approved a roadmap to transition from DES to stronger ciphers which includes the deprecation of the OpenAFS kaserver.

    6-Dec-2006 - pam-afs-session 1.0 released
    pam-afs-session is a PAM module intended for use with a Kerberos v5 PAM module to obtain an AFS PAG and AFS tokens on login. It puts every new session in a PAG regardless of whether it was authenticated with Kerberos and runs a configurable external program to obtain tokens. It supports using Heimdal's libkafs for the AFS interface and falls back to an internal Linux-only implementation if libkafs isn't available.

    1-Dec-2006 - Announcing OpenAFS "Works with Windows Vista"
    The OpenAFS Elders are pleased to announce that with the release of OpenAFS for Windows version 1.5.12 that Microsoft Windows Vista becomes an officially supported platform. All versions of Vista including "Home Basic", "Home Premium", "Business", and "Ultimate" are supported on both X86 and X86_64 CPU architectures.

    31-May-2006 - OpenAFS council of elders meeting minutes from 30 May
    The minutes of the most recent OpenAFS Council of Elders meeting are online now.

    [Frames]   [No Frames]

    www.OpenAFS.org uses Apache, mod_ssl, and OpenSSL!

    Apache Webserver   mod_ssl Interface   OpenSSL Toolkit