The OpenAFS Gatekeepers are pleased to announce the release of version 1.4 of OpenAFS. This version incorporates literally hundreds of fixes enhancements and improvements. Many bugs and programming inefficiencies (some of which have been present since IBM's donation of AFS to the open source community) have been eliminated, resulting in a much more stable product. Improvements for Windows users are particularly dramatic. 1.4 also represents a significant step forward for Kerberos 5 integration. This release allows all Kerberos 5 KDCs including Microsoft Active Directory to be the source of AFS client authentication. Changes under UNIX (tm) and *nix Operating Systems Increased Performance and Stability Addition of pthreading support on servers and threading optimization of RPC and RX libraries provide increased performance over the 1.2 release. Cache chunk locking has been refined, and system vnodes on Linux and MacOS X are now supported. Support for files larger than two Gigabytes in the AFS filesystem is now available to operating systems providing native support for large files. Ntp, rlogind, rsh and other unnecessary and potentially insecure services have been removed. Increased Server Efficiency in Handling Mobile Clients Multi-probing has been improved, reducing the time a server needs to timeout clients no longer accessible on the network. Callback Break Later functionality has been added, allowing servers to queue callback breaks for clients that have disappeared from the network until the client contacts the servers, reducing both server load and the chance of file corruption. Improved Administration Audit logs are available for all servers, and named pipe logging supported, augmenting existing server monitoring and debugging tools. Groups of groups (aka Supergroups) can now be created on the protection server facilitating administration of user access, and tools for Kerberos 5 have been integrated into the AFS software, including aklog. Improved Build and Installation Function prototypes have been added for improved compile time type checking, and Kerberos 5 availability (MIT/Heimdal) is automatically detected, simplifying the configuration process. Also, the default configuration of the installation has been updated to provide better performance in modern network environments. Other New Features vos copy allows an administrator to create a new volume, and copy the contents of an existing volume, with one command. This eliminates the need to peform a vos dump followed by a vos restore. vos convertROtoRW lets an administrator convert an existing RO replica into a new RW site in the event the current RW site goes down. the -vattachpar option to fileserver causes the fileserver to attach volumes from multiple vice partitions in parallel, thus improving fileserver startup time. Changes under Microsoft Windows (2000, XP, and 2003) Improved Performance Performance has been enhanced by support for a persistent cache. The default cache size is now 96 Megabytes with 10,000 cache entries. The maximum cache size has been extended to 1.2 Gigabytes. Overall, the 1.4 release is between 30% and 150% faster than the 1.2 release, depending on the mode of operation. Improved User Experience Integration into the Windows environment has been significantly enhanced with the addition of support for browsing of AFS servers, an AFS context senstive popup menu, an improved Systray icon, and enhancements to both the GUI and command line programs. Increased Security All of the known security problems present in 1.2.10 have been fixed. Compatibility with the Cisco IPSec VPN client has been added, and the AFS Client now communicates with Microsoft's integrated firewall to open ports as needed, allowing receipt of callback messages from the server without manual configuration. Enhanced Integration in Heterogeneous Environments AFS UNC paths are now supported, eliminating reliance on mapped drive letters and allowing for true worldwide path usage and cross platform filesystem links. By default, filenames beginning with a period are no longer displayed (reducing user confusion when viewing home directories shared by Unix environments). Also, the AFS Client now works correctly at sites using cross-realm trusts between a Unix based Kerberos realm (MIT/Heimdal) and multidomain Windows Forests. Multihomed file servers are now supported for use in complex network environments, and automatic failover to available server volumes added providing greater fault tolerance for large scale installations and mission critical applications. Simplified Installation Support for AFS records in DNS has been added, so that the locations of a site's AFS servers no longer need be specified in CellServDB files on individual machines. This means that users can access new cells without reconfiguring the client, and that changes in AFS server configurations can be propogated transparently to clients without touching individual workstations, and installation no longer requires inclusion of a site specific server list in a local file. Addition of Freelance Mode Freelance Mode allows users to start AFS on boot without access to their home AFS cell. The volume loaded at AFS Client is maintained locally in the registry without access to a cell. Whenever a user attempts to contact an AFS path in a previously unknown cell, mountpoints and symlinks are dynamically created and stored in the registry. Improved Network Support for Mobile Users Support for network events and power management have been added and enhanced. A Microsoft Loopback Adapter is now part of the installation, resulting in improved stability for users of dynamically configured networking devices, and allowing users to specify which network adapter to use with AFS. The AFS Client is aware of the current state of the network connection, and is able to start itself and prompt the user for tokens as needed. Laptop users can thus now move about freely or change network interfaces without having to reboot or restart the AFS service, and the "hangs" associated with brief interruptions in network connections eliminated. Enhanced Stability Support for SMB/CIFS messaging has been extended, reducing hangs and stalls in file transfers. File timestamps are reported entirely in UTC resulting in improved stability in backup and syncing operations. The Client Service now checks the versions of DLLs on startup to verify that the code is from the same version, resulting in fewer problems after upgrades. When an exception does occur, minidumps are created locally, and can be created as needed via the command line. Also, although the AFS client service provides crash reporting, the 1.4 release can also be configured through an Active Directory policy to report crashes within the domain for machines running XP and above. Enhanced Central Administration An AFS Client Admins group is now created by the AFS installation, allowing for the first time control over who can alter the configuration of the AFS Client Service. All configuration data except the contents of the CellServDB file (which is no longer required for access to sites supporting AFS service records in DNS) are now stored in the Registry, and are thus configurable via Active Directory Group Policies. An MSI is also available for those who wish to deploy AFS or customize existing installations for their users. Using integrated login, the network provider can be configured to have different behavior depending on the domain that the user logs into. Supported Platforms: (! == new) AIX 4.2, 4.3, 5.1!, 5,2!, 5.3! HP-UX 11i (pa-risc), 11.22 (pa-risc), 11.23 (ia64)! Solaris 7, 8, 9, 10! MacOS X 10.3 Microsoft Windows 2000, XP!, 2003!, 2003 R2! Linux 2.4 kernel: x86, x86-uml, amd64, ia64, pa-risc!, ppc, ppc64!, s390, s390x, sparc, sparc64 Linux 2.6 kernel: x86!, x86-uml!, amd64!, ia64!, ppc!, ppc64!, s390x!, sparc64! OpenBSD (x86) 3.3, 3.4, 3.5, 3.6, 3.7, 3.8 NetBSD (x86; server only) 1.5, 1.6, 2.0, 2.1, 3.0 FreeBSD (x86; server only) 4.7, 5.3, 6.0-beta SGI Irix 6.5 Individual Contributors: adridg@sci.kun.nl aedil@alchar.org akosut@cs.stanford.edu alfw@slac.stanford.edu Andrei.Keis@morganstanley.com andrej.filipcic@ijs.si asanka@secure-endpoints.com banz@umbc.edu beyond@mmc-startup.com blade@debian.org bpcreech@eos.ncsu.edu brent@graveland.net cg2v@andrew.cmu.edu chas@cmf.nrl.navy.mil cvv@email.zp.ua d00-tga@d.kth.se deengert@anl.gov dhowells@redhat.com dlc@cs.cmu.edu dmagda@magda.ca drh@umich.edu dtanner@mit.edu efenyak@gamax.hu emoy@apple.com fallsjo@stacken.kth.se gendalia@iastate.edu Guillaume.Rousse@inria.fr haba@pdc.kth.se hanke@rzg.mpg.de hans-gunther.borrmann@rz.uni-freiburg.de hans@MPA-Garching.MPG.DE hartmans@mit.edu hollandp@umich.edu horst@riback.net hozer@hozed.org iacobs@exotic4.nipne.ro ilya@ccmr.cornell.edu irene.braun@ualberta.ca. jaltman@secure-endpoints.com james@abrakus.com jasonmc@cert.org jbuehler@hekimian.com jcurley@andrew.cmu.edu jeffm@suse.com Jeffrey.B.Woodward@Dartmouth.EDU, jeremym@backboneentertainment.com jhutz@cmu.edu jmoss@ichips.intel.com joda@pdc.kth.se kcr@mit.edu kekelley@iastate.edu kenh@cmf.nrl.navy.mil klas.lindfors@it.su.se kllin@it.su.se kolya@mit.edu kwc@citi.umich.edu lantzer@umr.edu leg@andrew.cmu.edu lha@stacken.kth.se lyzhang@umich.edu mack@uni-hohenheim.de marc@mit.edu matt@linuxbox.com mattdm@mattdm.org mattiasa@e.kth.se mbacchi@btv.ibm.com mcmer@gmx.net mcp@eda.ei.tum.de mdw@umich.edu Menke@MPPMU.MPG.DE Mike.Becher@lrz-muenchen.de miles@cs.stanford.edu mitch@ccmr.cornell.edu. mmokrejs@ribosome.natur.cuni.cz mnandrews@lbl.gov mpereira@almaden.ibm.com nik@zurich.ibm.com Niklas.Edmundsson@hpc2n.umu.se nneul@umr.edu oehmes@de.ibm.com onime@ictp.trieste.it paul.weber@hp.com peb@mppmu.mpg.de provos@citi.umich.edu psomogyi@gamax.hu pterjan@mandriva.com rainer.schoepf@proteosys.com Rainer.Toebbicke@cern.ch rbasch@mit.edu rees@umich.edu reuter@rzg.mpg.de rmitz@cmu.edu rolf@multi-os-net.de rolnas@takas.lt rra@stanford.edu rsm4@ieee.org rtb@pclella.cern.ch salvet@ics.muni.cz sdw@email.unc.edu semerad@ss1000.ms.mff.cuni.cz sgr0@lehigh.edu shadow@dementia.org slack@quackmaster.net ssen@apple.com stefaan.deroeck@gmail.com tdamato@odu.edu thomas.mueller@hrz.tu-chemnitz.de thomas@cs.wisc.edu tkeiser@gmail.com tmaher@watson.org toddr@rpi.edu tony@lions.odu.edu tron@NetBSD.org tvb@intel.com warlord@mit.edu wingc@engin.umich.edu wollman@khavrinen.lcs.mit.edu zacheiss@mit.edu zschimke@mars.asu.edu