ARCHIVED VERSION
While this page is no longer updated, it serves as a useful reference.
Contents
- Introduction
- Goals
- Release Deliverables
- Development Infrastructure
- Milestones
- Release Features List
- Design Plans For Release Features
- Desupported and Changed Features
Introduction
The Athena 10 release is planned for summer-2008 IAP 2009, with full roll-out over the Summer of 2009. It is intended to renew the Athena software, improve security, bring the base operating system into closer alignment with the MIT community, and reduce the ongoing maintenance burden of the Athena environment.
The Athena 10 project will be a collaboration with the Debathena developers from SIPB and will also act as a follow-on to the current Debathena release. From IS&T, the primary developers will be Greg Hudson (the release engineer and lead developer), Robert Basch, and Andrew Boardman, with Alex Prengel taking on the role of ensuring compatibility with third-party software lockers. From the SIPB, the contributors will be Tim Abbott and Anders Kaseorg.
(Greg Hudson left the project on October 1, 2008. William Cattey took on more project management responsibility at that time. Additional SIPB contributors: Geoffrey Thomas, Greg Price and Evan Broder.)
Goals
- Continue to support the familiar user interface.
- Continue to support "Public Cluster" systems that clean themselves up after each user logs out.
- Continue to support the existing "Quickstation" systems tailored for shorter duration sessions.
- Allow installation of Athena on an already-installed Linux system without an Operating System re-install.
- Un-bundle the components to allow customers the option to pick and choose which pieces of Athena they want.
- Retire functionality that is no longer used, or is no longer of sufficient benefit to warrant the ongoing maintenance cost.
- Replace more of MIT invented or maintained components with upstream open source components, where necessary migrating to community standard practices rather than Athena-unique practices.
Release Deliverables
The deliverables for the Athena 10 release are:
- A set of packages containing Athena original software (e.g. Larvnet, attach, etc.) with names like debathena-discuss.
- A set of packages controlling configuration of other packages (e.g. sshd) with names like debathena-hesiod-config.
- A set of packages to perform self-maintenance (e.g. to clean up temporary directories).
- Source repositories for software which has Ubuntu packages, but for which we are the upstream maintainer (e.g. Zephyr).
- An-automated-update-from-Athena-9.4. Eliminated from scope c. July 2008.
- A script to install Athena 10 on a pre-installed Ubuntu syatem.
- A comprehensive Cluster Installer to install Ubuntu and Athena 10 on bare metal.
- Release notes and documentation, particularly for aspects of Athena 9.4 which become desupported or supported in different ways.
Design Decisions
- The supported base operating system will be Ubuntu 8.04 (Hardy Heron), which is due out in April 2008 and is tagged by Canonical as a long-term support release. Development will mostly take place on Ubuntu 7.10 (Gutsy Gibbon).
- Subsequent Athena OS updates will be taken from the Ubuntu 6-month release cycle. Although this will be more work because of greater frequency, the 6-month release offers the most useful versions of applications and drivers. The plan is to deploy the x.10 release in January and the x.04 release over the summer.
- The build infrastructure and package repository will also support versions of Debian and other versions of Ubuntu. These operating system versions will be supported by SIPB rather than IS&T.
- When a software package exists in the Ubuntu package archive, we will not build it ourselves from the upstream source. In cases where a change is necessary, we will use a script to rebuild the relevant Ubuntu and Debian source packages with a patch applied.
- We will plug into system features such as PAM and NSS to avoid having to replace core parts of the base platform.
- We will use FUSE on /mit to remove the need for users to manually attach lockers (though the attach command will remain for compatibility and system notifications).
- We will make our configuration packages as modular as possible, rather than bundling them all up into an athena-ws package.
- We will use the standard /usr path prefix for Athena software rather than using a separate tree in /usr/athena. There will be a big package of compatibility symlinks to ensure that most old path references keep working.
- The update system will no longer be organized around specific patch releases. This change will allow us to better leverage the native update system and will also enable machines to take native package updates as soon as they become available, which will improve security.
Development Infrastructure
The Athena CVS repository will be converted to Subversion and copied to svn.mit.edu. This will become the development trunk; the CVS repository in AFS will remain as a branch for Athena 9.4 development.
The source tree will be reorganized to reflect the new architecture. The tentative new organization is:
- athena - Athena local software. New debian subdirectories will be added to each software directory to turn these into Debian packages.
- third - Third-party software imported from orginal source provider. Ideally, this would go away completely; in practice, a few packages may remain and have debian subdirectories added.
- doc - Source tree documentation.
- debathena/scripts - Build scripts and other supporting
materials. - debathena/config - Sources for debathena-config-* packages.
- debathena/debathena - Sources for debathena-specific software
packages such as debathena-libnss-afspag. - debathena/meta - Sources for metapackages.
- debathena/third - Scripts and supporting materials for building modified versions of native Debian and Ubuntu packages.
Conspicuously absent is the packs directory; the entire contents will be replaced with Debathena-specific packages.
Milestones
- DONE 3/18/08 Infrastructure - Development infrastructure in place including source tree and build scripts. Ubuntu machines in the hands of Andrew and Bob so that they may begin work.
- DONE 6/30/08 Core - The fundamental building blocks of the Athena environment are in place (AFS, login, incremental updates, etc). Due date: April 30.
- DONE 7/25/08 Basic - The high-profile Athena applications are in place (Firefox, email, etc.). Due date: June 30. Bigest scheduling issue: email clients.
- DONE 8/15/08 Preview - Enough features are in place for release to private machines on an opt-in basis. Backward compatibility features are not a big concern for this milestone if they are not expected to receive heavy use. Biggest scheduling issue: printing. Due date: August 15.
- Cluster - Self-maintenance features and GNOME modifications necessary for cluster machine deployments are in place. Alpha testing can begin once this milestone is complete. The-updater-is-complete. (Updater eliminated from scope c. July 2008). Due date: October 1. Biggest scheduling isue: The-updater The comprehensive installer.
- DONE 12/12/08 Feature Complete - Remaining release features are completed. The-installer-is-complete. (Installer moved to Cluster milestone.) System release notes are complete. Backward compatibility issues are substantially resolved. Due date: November 1. Biggest scheduling issue: The-installer.
- Beta Testing Complete - Acceptance testing is complete and Athena 10 is ready for "early release" deployment. User release notes are complete. Due date: November 1.
- Full Deployment Readiness - Early release is complete and Athena 10 is ready to be released to all cluster machines. Due date: December 1
Release Features List
Applications
- DONE Users can connect to the mainframe with the x3270 terminal emulator.
- DONE Users can send and receive Zephyr messages.
- DONE Users can browse the web with Firefox, which is preconfigured with the MIT CA, a local filesystem path for its disk cache, and the Java and Flash plugins.
- DONE Users can easily connect to the MIT Chat service with Gaim, and in addition can use the gaim-encryption plugin for end-to-end message encryption.
- DONE Users can easily read MIT mail using Evolution or Pine.
- DONE Users can read archives in Discuss.
- DONE Users have access to a rich C development environment as well as basic installations of Perl, Python, and Java.
- DONE Users have access to a variety of non-standard utilities (jot, lam, saferm, etc.).
- DONE Users can print to Athena network printers with the lpr command and from applications which support printing.
- DONE Users have access to the enscript command to format text documents into postscript for printing.
- DONE Users can run emacs with Athena site customizations.
- DONE Users can conduct single sign-on logins to other Athena machines (provided they have a keytab and are configured for remote access) or compatible non-Athena machines via kerberized ssh, telnet, rlogin, or ftp.
- DONE Users can query and manipulate IMAP mail stores with the mailquota, mailusage, from, and mitmail* commands.
- DONE Users can access and run software from AFS lockers through /mit paths via "attach", "add", "setup", and related commands. Home directories are also treated as lockers.
- DESUPPORT Users can use a network-enabled replacement for "write" between machines.
- DONE Users can query Athena hesiod information with the hesinfo command.
- DONE Users can spell-check documents using the ispell command.
- DONE Users can pull down MIT mail with the emacs movemail command (currently uses kpop).
- DONE Athena machines have a selection of international fonts installed.
- DONE Users can talk to serial devices using kermit.
- DONE Users can process TeX and LaTeX documents.
- DONE Athena machines can access Windows file shares using a Kerberos-enabled smbclient.
- DESUPPORT Athena machines can serve file shares to SMB clients, using a Kerberos-enabled Samba server which is pre-configured for the win.mit.edu realm.
- DONE Athena machines have attach-and-run scripts in the default path for various bits of locker software such as the Moira tools.
Legacy Features
- DESUPPORT Athena users can run an old desktop interface based on dash and mwm instead of GNOME if they have opted to do so.
- DESUPPORT Athena users can elect to run Sawfish (an outdated GNOME window manager) instead of Metacity.
- DONE Users can read mail with the nmh command suite (currently uses kpop).
- DESUPPORT Users can browse the web with Mozilla instead of Firefox. Mozilla can also be used to read mail and edit HTML files.
Serial Reusability
- DONE Any MIT user can log into cluster machines using their Kerberos passwords and their AFS home directories.
- DONE Root logins on cluster machines are not permitted, but users can su to root once they log in as themselves.
- DONE Users can change their Kerberos passwords with the passwd command.
- DONE Private machine admins can configure who can log into machines remotely and locally with the /etc/athena/access file. They can also tag accounts as "local" and not part of the Hesiod/AFS namespace.
- DELAY Athena machines tagged as quickstations display a timer and nagging warnings to log out after a set period of time.
- DESUPPORT Users can temporarily enable and disable remote access daemons on Athena machines with the access_on and access_off commands, if the machine is configured to allow this.
Changes For Shared Network Home Directories
- DESUPPORT GNOME Bonobo components from one login session will not be reused in another login session because they may not have access to the same tickets and tokens. There is similar isolation for gconfd-2 for the same reason.
- DONE Users can log in simultaneously from multiple machines without running afoul of GNOME software locks in the home directory.
- DESUPPORT If a user's home directory is unavailable upon login, a temporary homedir will be created on local disk and used instead.
- DESUPPORT Users can log in with "ignore customizations" or in terminal mode to repair severely broken dotfiles.
- DONE User processes generated by Athena software components do not stick around after the user logs out. On cluster machines, user processes are forcibly killed after the user logs out.
- DONE Athena machines have a screensaver which accepts a Kerberos password to unlock and which allows the user to be logged out after a set time.
- DONE GNOME won't display a dialog about changes in X keyboard settings from one login to another, since the same account is used on multiple machines.
- DOCUMENT Basic GNOME functions will work when the user's home directory is inaccessible (such as when the user's AFS tokens have expired) or is over quota.
- DONE GNOME's trash handling has fixes for Athena home directories.
- DONE Users receive warning dialogs when Kerberos tickets are about to expire.
- DONE Users receive warning dialogs at login time when their homedir or mail quotas are approaching full.
Monitoring
- DONE Athena machines can be queried via athinfo for various bits of information.
- DESUPPORT Athena machines record a history of their patch release numbers and dates of each update.
- DONE Athena machines forward some syslog notices to a central host for monitoring purposes.
- DONE Athena machines send information about whether they are in use to a "larvnetd" daemon on a central host which can be queried using the cview and xcluster commands.
- DONE Athena machines report centrally about their existence, machine type, and version so that they can be counted.
- DESUPPORT Athena machines respond to requests on the "time" and "daytime" ports with their idea of the current time.
Self-maintenance
- DONE Athena machines have filesystem-level access to AFS.
- DONE Athena machines periodically clean up files in temporary areas to avoid slowly filling the disk.
- DONE Athena machines automatically take updates when we put out new releases.
- DONE Athena machines have a consistent set of native platform packages installed, which is a superset of the default package set.
- DESUPPORT Athena machines can be flagged as "public", which implies that they have no persistent data or customizations and can engage in more aggressive cleanup activities.
- DONE The default GNOME panel setup contains a menu of important Athena locker software (currently unmaintained). For performance reasons, the files representing this menu must be stored on local disk.
- DESUPPORT Some lockers containing frequently-used software are stored on local disk for performance reasons.
- DONE Cluster machines perform some self-integrity checking to repair accidental and casual changes to their configurations.
- DONE Athena machines may be part of a Hesiod "cluster" which can determine whether they take beta updates, whether they are cluster/quickstation machines, and what their default printers are.
- DESUPPORT Particular aspects of Athena machines can be configured by editing /etc/athena/rc.conf.
- DESUPPORT Cluster machines use static IP addresses and have an easy procedure for changing IP addresses when they are moved to different subnets.
- DESUPPORT Cluster machines run a local name server and are configured to use it to cache name lookup results.
- DESUPPORT Admins can enable various nework services with the "mkserv" command; the most popular of these is "mkserv remote" to permanently enable remote access daemons.
- DONE Athena machines almost always have the correct time as determined by time.mit.edu.
- DESUPPORT Athena machines automatically synchronize the hardware clock following Daylight Savings Time changes.
- DONE Athena users receive messages of the day prior to logging in (the gmotd) and upon logging in (the motd) and can also be sent personalized system messages upon logging in about things like impending account cancellations (lert).
- DONE Users can submit bug reports to the appropriate channel using the sendbug command.
Miscellaneous
- DONE /usr/sbin/sendmail is configured to inject mail through outgoing.mit.edu and to use Kerberos authentication if the user has valid tickets. The sendmail queue is flushed once an hour in case mail has to be queued locally.
- DESUPPORT Users can see system messages in the "console".
- DESUPPORT GNOME is configured to use applications available on Athena to open certain document types.
- DESUPPORT Athena machines can have either a krb5 keytab or a krb4 srvtab and Kerberos daemons will use either one, preferring the keytab.
- DONE Athena login sessions follow a complicated set of rules regarding user dotfiles.
- DONE Users can query basic machine characteristics with the machtype command.
Design Plans For Release Features
In total, these design plans account for about 24 weeks of work, or about two months per developer. Additional work will be required for the installer, the updater, integration testing, and documentation.
Feature: Users can connect to the mainframe with the x3270 terminal emulator.
Current solution: The athena-x3270 package provides this software. It does not appear to be modified except for portability. There is an xlogin option to run x3270 to mitvma.mit.edu in an xterm.
Planned solution: Ensure that the native x3270 package is installed. The xlogin option will no longer be supported.
Milestone: Feature Complete (one hour).
Status: Done.
Feature: Users can send and receive Zephyr messages.
Current solution: The athena-zephyr package provides this software, including Athena configuration and a boot script for zhm.
Planned solution: We will use the native zephyr package; however, we must continue maintaining the Zephyr source code (if only minimally) since Ubuntu treats MIT as the upstream maintainer. A new debathena-zephyr-config package will provide Athena configuration files.
Status: Already done in Debathena.
Feature: Users can browse the web with Firefox, which is preconfigured with the MIT CA, a local filesystem path for its disk cache, and the Java and Flash plugins.
Current solution: We use the native Red Hat Firefox package. The athena-firefox-extension package installs a Firefox extension making the MIT-local customizations, and the athena-firefox-wrapper package installs a front-end script in /usr/athena/bin/firefox which performs some customizations and setup.
Planned solution: Same general plan. However, debathena-firefox-extension's packaging materials will likely need to be adjusted for Ubuntu, and debathena-firefox-wrapper will need to use a dpkg diversion on /usr/bin/firefox since we don't have a /usr/athena/bin in the path to play with.
Status: Done after adapting some Debathena work.
Feature: Users can easily connect to the MIT Chat service with Gaim, and in addition can use the gaim-encryption plugin for end-to-end message encryption.
Current solution: The athena-gaim package provides a Gaim 1.5 built with GSSAPI support and some bugfixes. The athena-gaim-encryption package includes the encryption plugin.
Planned solution: Ensure that the native pidgin, pidgin-encryption, and libsasl2-modules-gssapi-mit packages are installed. Create a wrapper script to set up an MIT Chat account the first time pidgin is run.
Milestone: Basic (one day).
Status: Done.
Feature: Users can easily read MIT mail using Evolution or Pine.
Current solution: The athena-evolution and athena-evolution-data-server packages provide Evolution, and the athena-pine package provides Pine. The athena-evolution package has been modified to make the Evolution data directory private when created, to auto-configure MIT mail settings on first invocation, to add Hesiod support, to cache messages in /var/tmp in preference to AFS homedirs, to display MIT folders first in the folder list, to avoid using ibex folders since they are byte-order dependent, and to enable krb4 authentication support. The athena-pine package has been modified to add Hesiod and krb4 support, to make the mail directory private when created, and to auto-configure MIT mail via the site config file.
Planned solution: The debathena-evolution-wrapper package will handle initial configuration, privacy of the data directory, and Hesiod lookup of the PO server. The debathenificator framework will be used to modify the Ubuntu Evolution package to enable krb4 support, and possibly to cache messages in /var/tmp and disable ibex folders should those changes prove still necessary. For Pine, the debathenificator framework will be used to modify the Ubuntu alpine package to integrate krb4 and Hesiod support and to ensure the privacy of the data directory, and a new package debathena-alpine-config will install our site config file and create a pine -> alpine symlink.
Milestone: Basic (three weeks).
Status: Done.
Feature: Users can read archives in Discuss.
Current solution: The athena-discuss and athena-xdsc packages provide the Discuss software and an X front end.
Planned solution: No change.
Status: Already done in Debathena.
Feature: Users have access to a rich C development environment as well as basic installations of Perl, Python, and Java.
Current solution: We install the RHEL 4 C development environment and a selection of development packages. We install our own builds of Perl 5.8.3 and Python 2.3.3. We install a JDK RPM from Sun. The athena-ws package ensures that /usr/java/jdk is a symlink to the most recent JDK directory. Our Firefox wrapper script includes the Java plugin directory in the plugin path.
Planned solution: Ensure that build-essential and native GNOME development packages are installed. Perl and Python are installed by default. Ensure that the sun-java6 packages are installed. Ubuntu sets up /usr/lib/jvm/java-6-sun along the same lines as our /usr/java/jdk so we won't have to do that ourselves.
Milestone: Core (one day).
Status: Done.
Feature: Users have access to a variety of non-standard utilities (jot, lam, saferm, etc.).
Current solution: We build each of these from small independent source trees: gettime, cxref, dent, hostinfo, just, saferm, syncupdate, jot, lam, and rs. jot, lam, and rs are imports from NetBSD (they live in third/) while the others are treated as original source code.
Planned solution: We can use the athena-jot package (which is an upstream Ubuntu package despite the name), and cxref can be desupported (it is completely broken in Athena 9.4 on Linux, without user complaint), but other than that, no change. These utilities do not have Ubuntu equivalents. Some of them are probably never used, but it's too hard to measure which ones and too easy to just keep building them.
Milestone: Feature Complete (one day).
Status: Done.
Feature: Users can print to Athena network printers with the lpr command and from applications which support printing.
Current solution: athena-lprng-misc, athena-ifhp, and athena-lprng provide this functionality. lprng has been extensively modified for Kerberos authentication and Hesiod support.
Planned solution: The default printing system, CUPS, will be configured to point at a SIPB-operated browsing server cups.mit.edu. (This will probably be migrated to an ops-maintained server before Athena 10 is deployed to clusters.) CUPS printing will be integrated with the GUI and will work for printers which do not require authentication. For authenticated queues and as a backup mechanism, a modified version of the stock lprng package will provide renamed commands (mit-lpr, mit-lpq, etc.). The debathena-lprng-config package will configure this package to work with Athena printers.
Milestone: Feature Complete (three weeks or defer rearchitecting printing and deploy the existing code base with a work estimate of one week.).
Status: Done.
Future issues: The browsing server should be migrated to an ops-run server; the actual print queues may want to be migrated from LPD to CUPS at some point; support for private printers could be improved (perhaps via a mechanism using clusterinfo).
Feature: Users have access to the enscript command to format text documents into postscript for printing.
Current solution: The athena-enscript command provides this functionality, which we used to get from Transcript (a commercial tool from Adobe). athena-glue installs attach-and-run scripts for the other Transcript utilites which are installed in the psutils locker: afmdit, pscat, pscatmap, psdit, psdraft, pslpr, psnup, psplot, psrev, and psroff.
Planned solution: Ensure that the native enscript and psutils packages are installed; that gets us enscript and psnup, the most commonly used utilities.
Milestone: Feature Complete (one day).
Status: Done.
Feature: Users can run emacs with Athena site customizations.
Current solution: athena-emacs provides this functionality, including the Athena site-start file. Although we have some source-level customizations to emacs, none of them appear important any more.
Planned solution: Ensure that the native emacs package is installed. A new package debathena-emacs-config will install our site-start file into /etc/emacs/site-start.d.
Milestone: Basic (one day).
Status: Done.
Feature: Users can conduct single sign-on logins to other Athena machines (provided they have a keytab and are configured for remote access) or compatible non-Athena machines via kerberized ssh, telnet, rlogin, or ftp.
Current solution: The athena-ssh package provides ssh and sshd. The upstream openssh.org source code has been customized with GSSAPI key exchange support, libal support, krb524 conversion of delegated credentials, access_on/access_off support, AFS PAG creation support, denial of GSSAPI-authenticated logins without delegated credentials, a change to make sshd work when invoked simply as "sshd" without an absolute path, syslogging of root logins, and creation of a directory in /tmp to put Xauthority files to prevent them from living in AFS.
The athena-krb5 package provides kerberized telnet, rlogin, rsh, and ftp daemons. Each are customized with libal support. The athena-inetd package is configured to allow access to these daemons.
Planned solution: Desupport the daemons for Kerberized telnet, rlogin, rsh, and ftp, all in favor of sshd. Ensure that krb5-clients is installed so that clients for those protocols are available. The debathena-ssh-client-config and debathena-ssh-server-config packages will configure the OpenSSH client and server appropriately. A metapackage debathena-ssh-server will provide an entry point for installing the appropriately configured SSH daemon.
Milestone: Feature Complete (one week).
Status: Done.
Feature: Users can query and manipulate IMAP mail stores with the mailquota, mailusage, from, and mitmail* commands.
Current solution: The athena-from, athena-mailquota, athena-mailusage, and athena-mitmail* packages provide these programs. They are based on the athena-cyrus-imapd package, which is a build of Cyrus IMAPD 2.2.3 with some bug fixes.
Planned solution: Use the native Cyrus packages; otherwise no change. Testing will be required to ensure that the native Cyrus packages have all the required bug fixes.
Status: Already done in Debathena.
Feature: Users can access and run software from AFS lockers through /mit paths via "attach", "add", "setup", and related commands. Home directories are also treated as lockers.
Current solution: The athena-locker, athena-libathdir, athena-attach, athena-quota, athena-attachandrun, athena-athdir, athena-athrun, and athena-gathrun packages provide most of this functionality. The standard dotfiles define the "add" and "setup" commands. The athena-zephyr package is configured to invoke zinit at zwgc startup time, causing users to get zephyr messages about outages of filesystems they have attached lockers on.
Planned solution: All of the above packages will continue to be in the release, but the liblocker logic to actually mount filesystems will be removed. A new package debathena-autofs-config will configure autofs to mount hesiod filesystems in /mit. Ensure that autofs and autofs-hesiod are installed.
Status: Already done in Debathena.
Feature: Users can use a network-enabled replacement for "write" between machines.
Current solution: The athena-write and athena-writed packages provide the client and server. The athena-inetd package is configured to allow access to the daemon.
Planned solution: Desupport this feature.
Status: Done.
Feature: Users can query Athena hesiod information with the hesinfo command.
Current solution: The athena-hesinfo package provides this command.
Planned solution: Ensure that the native hesiod package is installed.
Status: Already done in Debathena.
Feature: Users can spell-check documents using the ispell command.
Current solution: The athena-ispell package provides this command. The Linux works has mostly moved over to aspell, but some of our documentation refers to ispell and our Emacs site-start file also refers to it.
Planned solution: Ensure that the native ispell and ispell-dictionary packages are installed. aspell is installed by default.
Milestone: Feature Complete (one hour).
Status: Done.
Feature: Users can pull down MIT mail with the emacs movemail command (currently uses kpop).
Current solution: The athena-emacs package is built with Hesiod and KPOP support in its movemail command, which is used by emacs rmail. It has also been locally modified to install a symlink from /usr/athena/bin/movemail to the internal location of the movemail program; however, the need for this symlink is no longer present (it was used by Pine and Netscape ten years ago, but no longer).
Planned solution: The Ubuntu emacs package is not built with Hesiod and KPOP support in movemail. Even though a few users still use emacs rmail, it has been actively discouraged for a very long time. We are going to desupport this feature. If there is significant pushback, we can either instruct the few users how to build their own movemail, or we could install the native mailutils package, configure it to work with the PO servers, and point emacs at it in our site-start file. If the user base changes or the email infrastructure changes significantly this can be revisited in follow-on work.
Milestone: Feature Complete (one week, maybe less).
Changed: Eliminate to shrink project scope.
Status: Done.
Feature: Athena machines have a selection of international fonts installed.
Current solution: The athena-intlfonts package provides these fonts.
Planned solution: Ensure that the native emacs-intl-fonts package is installed.
Milestone: Feature Complete (one hour).
Status: Done.
Feature: Users can talk to serial devices using kermit.
Current solution: The athena-kermit package provides a build of kermit 8.0.
Planned solution: Ensure that the native ckermit package is installed.
Milestone: Feature Complete (one hour).
Status: Done.
Feature: Users can process TeX and LaTeX documents.
Current solution: The athena-tetex package contains a build of teTeX 2.0.2. The package installs a few extra control files to support printing duplex, tumble, or in the bottom tray, and also installs a "listing" style. The Athena stock answers refer to the duplex and tumble printing options.
Planned solution: Ensure that the native texlive-full package is installed. A new package debathena-tex-extras will install the nonstandard extensions.
Milestone: Feature Complete (one day).
Status: Done.
Feature: Athena machines can access Windows file shares using a Kerberos-enabled smbclient.
Current solution: The athena-samba package contains a build of the entire Samba suite (3.0.2a), built with Kerberos.
Planned solution: Ensure that the native smbclient package is installed, and confirm that it is Kerberos-enabled and can access shares in the win.mit.edu domain.
Status: Done.
Feature: Athena machines can serve file shares to SMB clients, using a Kerberos-enabled Samba server which is pre-configured for the win.mit.edu realm.
Current solution: The athena-samba package contains a build of the entire Samba suite (3.0.2a), built with Kerberos, along with a boot script and some configuration files for the Samba server.
Planned solution: Desupport this; the Samba server package will not be installed automatically (but ideally we would provide documentation on how to join a Samba server machine to the win.mit.edu domain).
Milestone: Feature Complete (one day).
Changed: Eliminate SMB server from scope.
Status: Done.
Feature: Athena machines have attach-and-run scripts in the default path for various bits of locker software such as the Moira tools.
Current solution: The athena-glue package installs attach-and-run scripts as well as man page symlinks (in some cases) for the Moira utilities, the Transcript utilities, acroread, Ghostscript, Ghostview, lastlog (a consult locker tool), OpenOffice, MIME utilities, realplay, ivview, freewrl, and tellme. The MIME utilities are custom-written scripts and are referred to by our nmh configuration.
Planned solution: Ensure that the native gv package is installed. OpenOffice and Ghostscript should be installed by default. Moira utilities will be installed locally by the debathena-moira-clients package. The mimeutils scripts are most likely obsolete at this point. New packages debathena-transcript-glue and debathena-misc-glue will install the remaining attach-and-run scripts and man page symlinks.
Milestone: Feature Complete (one day).
Status: Done.
Feature: Athena users can run an old desktop interface based on dash and mwm instead of GNOME if they have opted to do so.
Current solution: The athena-dash package provides the dash software, as well as a set of fallback software menus in /usr/athena/lib/Dash.fallback and a symlink to the (theoretically but not actually) maintained-in-AFS menus in /usr/athena/lib/Dash.menus. We use the native RHEL 4 mwm from the openmotif package, but the athena-ws package installs a /usr/lib/X11/system.mwmrc.athena file and overwrites the standard configuration file with it. xlogin has an option to log in with the dash interface. The athena-revert-to-dash package provides a dialog which will create ~/.athena_dash_interface, and the standard Athena GNOME system menu has an entry to run this program. The xsession in the athena-dotfiles package has conditional logic to honor these indications and invoke mwm and dash instead of GNOME software.
Planned solution: Continue to provide debathena-dash since it's cheap to do so (though it will have to be renamed, since the name dash is now taken up by a shell in modern Ubuntu and Debian). Provide an debathena-mwm-config to overwrite the system mwm configuration. Continue to honor ~/.athena_dash_interface. Eliminate revert-to-dash and the dash login option.
Milestone: Feature Complete (one day).
Changed: Desupport and remove from project scope.
Status: Done.
Feature: Athena users can elect to run Sawfish (an outdated GNOME window manager) instead of Metacity.
Current solution: The athena-sawfish package provides a build of Sawfish 1.2-gtk2, customized with a number of bugfixes, an Athena site-init file, and the Eazel theme. The xsession in the athena-dotfiles package uses sawfish if ~/.athena-sawfish exists. The athena-dotfiles package installs a script to display a dialog about reverting to sawfish, and the standard Athena GNOME system menu has an entry to run this script. At present count there are 126 publically listable AFS home directories with the .athena-sawfish file in them; the usage levels of thouse accounts are unknown.
Planned solution: Desupport this option. If we receive pushback, we can support it by ensuring that the native sawfish package is supporting and installing a site-init file via a new package debathena-sawfish-config.
Feature: Users can read mail with the nmh command suite (currently uses kpop).
Current solution: The athena-nmh package provides a build of nmh 1.0.
Planned solution: Debathena contains a package of the Athena nmh sources which uses KPOP. This is an adequate stopgap. Follow-on work will be needed as the MIT Email infrastructure evolves.
Milestone: Feature Complete (two weeks, maybe less).
Changed: Use stopgap.
Status: Done.
Feature: Users can browse the web with Mozilla instead of Firefox. Mozilla can also be used to read mail and edit HTML files.
Current solution: The athena-mozilla package provides this software. We have never officially supported Mozilla as a mail client, though we do know that some people use it.
Planned solution: Desupport this. Ensure that the native mozilla-thunderbird package is installed for people who want to use a Mozilla mail client.
Milestone: Feature Complete (one hour).
Status: Done.
Feature: Any MIT user can log into cluster machines using their Kerberos passwords and their AFS home directories.
Current solution: The athena-libal package provides a library which contains code to create passwd and group entries for users as they log in and attach user home directories. The athena-xlogin, athena-openssh, and athena-krb5 packages contain modified versions of the various login programs (graphical, text console, and remote daemons) which are customized to use krb5 authentication, to get krb4 tickets, to invoke libal session creation, and to create an AFS PAG for the login session. Non-transient passwd and group entries are stored in /etc/passwd.local, /etc/shadow.local, and /etc/group.local. In the athena-ws package, the athena-ws boot script overwrites the current passwd/group files with those files at boot time, the reactivate script overwrites them between graphical logins if no one else is logged in. The public workstation verification script also references those files.
Planned solution: athena-libal will go away. A new package debathena-pam-config will set up the PAM configuration to use krb5 authentication, create krb4 tickets, and create an AFS PAG for each login session. A new package debathena-nsswitch-config will set up the nsswitch configuration to use Hesiod for users and groups, making use of Debathena's libnss_nonlocal for improved security. Since the login system will no longer be modifying the passwd and group files, the .local versions of those files will no longer be part of the model and will be removed during the update process.
Status:: Already done in Debathena.
Feature: Root logins on cluster machines are not permitted, but users can su to root once they log in as themselves.
Current solution: On cluster machines, the root password is set to a value which can be discovered by the tellme command (a symlink into AFS installed by athena-glue). To prohibit root logins, the athena-ws boot script in the athena-ws package creates /etc/noroot on machines which are part of the "cluster" Hesiod cluster. The athena-libal package denies root login access if this file exists.
Planned solution: gdm already denies root logins by default. A new package debathena-cluster-login-config will remove the tty getty processes and set the root password.
Milestone: Cluster (one day).
Status: Done.
Feature: Users can change their Kerberos passwords with the passwd command.
Current solution: The athena-passwd package provides a /usr/athena/bin/passwd command which uses libal to determine whether the current user is a local account and runs kpasswd (from athena-krb5) or /usr/bin/passwd as appropriate.
Planned solution: The debathena-pam-config package will configure password changing to use krb5 for non-system uids. The passwd program will change both the local and Kerberos passwords.
Status: Already done in Debathena.
Feature: Private machine admins can configure who can log into machines remotely and locally with the /etc/athena/access file. They can also tag accounts as "local" and not part of the Hesiod/AFS namespace.
Current solution: The login library in the athena-libal package parses /etc/athena/access and will deny access to accounts when appropriate. It also tells the calling application if the account is tagged as local; if so, the login program will suppress all Athena login activities (getting Kerberos tickets, creating a session entry, attaching the homedir).
Planned solution: The debathena-pam-config package will configure pam_access as part of the login sequence. The PWOG will document how to edit /etc/security/access.conf. Local account tagging will be desupported unless we think of a clever way to do it. Users who wish to use Athena software with a privately-owned machine will generally not install the debathena-pam-config package. Also, it shouldn't be as necessary with the new login architecture; all it would really do is suppress the attempt to get Kerberos tickets.
Milestone: Core (two days).
Status: Steady state already done in Debathena.
Feature: Athena machines tagged as quickstations display a timer and nagging warnings to log out after a set period of time.
Current solution: The athena-bugme package displays the timer and the nagging warnings for quickstations. The Xsession script in the athena-dotfiles package invokes bugme.
Planned solution: Instead of being invoked from athena-dotfiles, the debathena-bugme package will include an xsession script. If the hostname is found on the list of quickstations the script will wrap the session with the bugme program, otherwise it will do nothing. The bugme program may need to be tested for interference with gnome-session. Athena bugs 27097 lists a problem but has been un-verified. The tricky part is to advance the code to deal with current window manager conventions: don't decorate, font properly, keep on top, even in the face of compositing.
Getting these issues right is reasonable, but should not block roll-out to general clusters. We will do this work after Early relese, but it will need to be finished when Athena 10 displaces Athena 9 as the standard release on all systems.
Milestone: Follow-on mini-project.
Status: Not Done.
Feature: Users can temporarily enable and disable remote access daemons on Athena machines with the access_on and access_off commands, if the machine is configured to allow this.
Current solution: The athena-inetd package contains a modified version of inetd which will respond to SIGUSR1 by turning on access to daemons marked as "switched" and to SIGUSR2 by turning off access. The boot script in that package invokes inetd with the -n option if /etc/athena/rc.conf has ACCESSON set to true, instructing inetd to turn those services on initially. The athena-openssh package has the sshd daemon customized to honor SIGUSR1 and SIGUSR2 if sshd is invoked with the -s or -S options. The boot script in that package invokes sshd with one of those options if /etc/athena/rc.conf has SSHD set to "switched". (Which option is sent depends on the value of ACCESSON and determines whether sshd is active or inactive initially.) The athena-access package contains a setuid program which sends SIGUSR1 or SIGUSR2 to inetd and sshd depending on whether it is invoked as access_on or access_off.
Planned solution: Desupport this feature.
Status: Done.
Feature: GNOME Bonobo components from one login session will not be reused in another login session because they may not have access to the same tickets and tokens. There is similar isolation for gconfd-2 for the same reason.
Current solution: The athena-ORBit2 and athena-ORBit packages are locally modified to honor the ATHENA_SESSION_TMPDIR variable and use that instead of /tmp/orbit- for ORBit communication files. The Xsession script in athena-dotfiles creates a temporary directory (using a shell script named mksessiondir included in the same package) and sets ATHENA_SESSION_TMPDIR to point to it. This serves to create a separate universe of ORBit-enabled applications (including Bonobo components) for each login session. A similar local modification exists for athena-GConf2 and athena-GConf.
Planned solution: Desupport this change. Processes persisting past logout is largely not an issue in Athena 10 (especially on cluster machines), and solving the remaining cases is not worth the penalty of changing an upstream Ubuntu package.
It's worth noting that upstream GNOME source code implements the ORBIT_SOCKETDIR and GCONF_TMPDIR environment variables, which would allow us to solve this problem through setting environment variables in debathena-xsession. Unfortunately, this code is not in Ubuntu Hardy, but it's a consideration for the future.
Milestone: Cluster (three days).
Change: Desupport to shrink project scope.
Status: Done.
Feature: Users can log in simultaneously from multiple machines without running afoul of GNOME software locks in the home directory.
Current solution: There are several code modifications to GConf2 to alter the way it does locking. However, most of these changes are inoperable because they were made to a backend which is no longer in use, and apparently the changes are not necessary in current GConf2.
Planned solution: No work needs to be done; the problem has been solved for us upstream.
Milestone: Cluster (three days).
Changed: Fixed upstream
Status: Done.
Feature: If a user's home directory is unavailable upon login, a temporary homedir will be created on local disk and used instead.
Current solution: The login library in the athena-libal package checks if "attach" succeeds and that the resulting home directory is readable. If not, it synthesizes a local home directory and rewrites the local passwd entry to point to it. The passwd entry will be reverted on a future login attempt if attach succeeds.
Planned solution: Desupport this feature. It's a good feature but we want to get away from customizing the login system code, and there's no way to make it work without doing that. The gdm fallback session should allow people to log in with inaccessible homedirs.
Milestone: Feature Complete (one day).
Status: Done.
Feature: Users can log in with "ignore customizations" or in terminal mode to repair severely broken dotfiles.
Current solution: The athena-xlogin package includes an "ignore customizations" login option, which causes the Xsession script in the athena-dotfiles package to be invoked with the argument "2". Xsession responds to this argument by ignoring $HOME/.xsession files and invoking the central xsession script (also in athena-dotfiles) with the -nocalls flag. The xsession script responds to this flag by setting the NOCALLS environment variable and forcing SHELL to /bin/athena/tcsh. Athena dotfiles will typically do their best to ignore user dotfiles when NOCALLS is set. The athena-GConf and athena-GConf2 packages are modified to honor NOCALLS by substituting a temporary directory when evaluating $(HOME) in the configuration source paths. The athena-gnome-libs package (a GNOME 1 library package) also contains a change to honor NOCALLS, but that change does not appear to have propagated into the corresponding GNOME 2 package--which makes some sense since most GNOME 2 software uses GConf2 rather than the outdated gnome_config API.
Planned solution: If we are making source-level modifications to GConf2 anyway, then this is a relatively easy feature to support. debathena-gdm-config will include an "ignore" desktop (we've prototyped this in prior 9.9 work) and the dotfiles will continue to respect NOCALLS in the same manner. If this ever becomes the last source-level modification we are making to GConf2, we should desupport that side of the feature.
Milestone: Cluster (one day).
Changed: Reduce scope, and offer gdm failsafe sessions.
Status: Done.
Feature: User processes generated by Athena software components do not stick around after the user logs out. On cluster machines, user processes are forcibly killed after the user logs out.
Current solution: The athena-dustbuster package provides a program which runs a command in a child process and terminates the process when it detects that the current login session has ended. The athena-esound, aathena-GConf, athena-GConf2, athena-oaf, and athena-bonobo-activation packages are locally modified to invoke subprocesses under dustbuster so that they don't survive a logout.
Planned solution: Using the GNOME session manager should fix most of our issues with components surviving a logout. Our biggest problem in the past was that gconfd-2 was surviving a logout due to a race condition in the shutdown process (gnome-panel was managing to cause a restart of gconfd-2 after the manual shutdown in the Xsession script); that goes away with a properly ordered shutdown. So we should be able to discard all of this machinery.
Status: Done.
Feature: Athena machines have a screensaver which accepts a Kerberos password to unlock and which allows the user to be logged out after a set time.
Current solution: The athena-xscreensaver package contains a build of xscreensaver 4.14, heavily customized. For historical reasons, symlinks to the xscreensaver commands from xss, xss-command, and xss-demo are added. We have added a new command xscreensaver-button (with a symlink xss-button) to present a simple UI for locking the screen. We have added an option to let people log the user out after the screen has been locked for a specified amount of time; forcible logouts also send syslogs in an effort to detect cluster abuse. We have trimmed the number of screen hacks to a bare minimum because man of them were triggering X server bugs on Solaris. We have added an option to let people specify an encrypted screensaver password to use in preference to the account password. We have added a -start-locked option to make the screensaver start out locked and exit when the screen is unlocked, like the old xlock command works. We have added options to specify commands to run when the screen is locked or unlocked. We have removed support for unlocking the screen using the root password. We have added a feature to allow Kerberos ticket renewal using the password entered to unlock the screen.
In addition, the athena-glue package provides an xlock script which will successfully lock the screen whether or not the xscreensaver daemon is running. It was originally written to prevent people from running the native "xlock" command which behaved in inappropriate ways on cluster machines.
Planned solution: Remove the athena-xscreensaver package. A new debathena-xlock package will provide the xlock script, which will just be an alias for "gnome-screensaver-command -l". The debathena-pam-config package will configure the screensaver to unlock the screen with the user's Kerberos password. A new debathena-cluster-login-config package will set up system GConf defaults to configure gnome-screensaver to disable user switching and to allow the user to be logged out after the screen has been saved for a set length of time. All other special features of the Athena screensaver will be desupported as they would require local code modifications.
Milestone: Cluster (one day).
Status: Done.
Feature: GNOME won't display a dialog about changes in X keyboard settings from one login to another, since the same account is used on multiple machines.
Current solution: The athena-control-center package is customized to disable this dialog.
Planned solution: The dialog still exists in current GNOME code; however, it will come up much less often with only one platform, and it now contains an option to suppress itself, so it should only bother users once if it happens at all. So we should not need to propagate this change.
Status: Done.
Feature: Basic GNOME functions will work when the user's home directory is inaccessible (such as when the user's AFS tokens have expired) or is over quota.
Current solution: The athena-gnome-desktop package is customized to make launchers work when the home directory is inaccessible. The athena-libgnome package is customized to make gnome_init() work when the home directory cannot be written to.
Planned solution: These problems still exist in current code. However, if the system Xsession detects an inaccessible homedir and throws up an xterm for repair, we can probably get away without making the code modifications.
Status: No work required.
Feature: GNOME's trash handling has fixes for Athena home directories.
Current solution: The athena-gnome-vfs2 package is locally modified with a change to make trash handling work when the homedir is a symlink to a directory on another device and to support moving files between devices in the gnome_vfs_xfer function.
Planned solution: It looks like we will be forced to make a similar change to the native libgnomevfs2 package, since this still appears to be a problem in upstream code. We should try to get a fix into GNOME to resolve this problem upstream.
Milestone: Feature Complete (one day for local fix, another for upstream patch submission).
Change: The failures previously addressed in local modifications no longer seem to occur, though we have not yet identified the specific upstream modifications that changed the relevant behaviors.
Status: Done.
Feature: Users receive warning dialogs when Kerberos tickets are about to expire.
Current solution: The athena-authwatch package provides a locally written program to monitor ticket lifetimes and display warning dialogs at appropriate times. The dialog warnings direct the user to select a "Renew Authentication" menu option which is part of the Athena panel menu customized by the athena-dotfiles package. The xsession in the athena-dotfiles package invokes authwatch as part of the standard login sequence.
Planned solution: The debathena-authwatch package will provide authwatch. The debathena-grenew package will install a desktop item which adds "Renew Authentication" to the panel menu. The debathena-xsession package will run authwatch for Athena logins.
Status: Done.
Feature: Users receive warning dialogs at login time when their homedir or mail quotas are approaching full.
Current solution: The athena-dotfiles package includes a script which invokes quota and mailquota and displays dialogs using zenity if they are over 90%.
Planned solution: The debathena-xsession package will provide the quotawarn script and will invoke it as part of the Athena session integration.
Status: Done.
Feature: Athena machines can be queried via athinfo for various bits of information.
Current solution: The athena-athinfo package provides the client software. The athena-athinfod package provides the daemon and default configuration files (athinfo.access, athinfo.defs). The athena-inetd package contains configuration to make the Athena inetd answer on the athinfod port.
Planned solution: The debathena-athinfod package will install stub configuration files, which will be kept in athena/etc/athinfod rather than packs/config. A new Ubuntu-specific package debathena-athinfod-config will install the actual Athena athinfo.defs and will take care of making athinfod network-accessible (unfinished). The athinfo.defs file may need to be updated for Ubuntu.
Status:: Debathena contains a working athinfod package, although it does not separate the code from the configuration. Good enough to call it done even though it varies from the above plan.
Feature: Athena machines record a history of their patch release numbers and dates of each update.
Current solution: The athena-base package inaugurates the /etc/athena/version file. The update and mkserv scripts write entries to the file.
Planned solution: The version feature will only be used for full release updates (e.g. 9.4 to 10.0) since we will no longer be using a patch release model for individual package updates.
Milestone: (Accounted for in installer and updater tasks).
Feature: Athena machines forward some syslog notices to a central host for monitoring purposes.
Current solution: The athena-ws package installs a syslog.conf file which (via a scriptlet) overwrites the stock syslog.conf file.
Planned solution: A new debathena-syslog-config package will overwrite the stock syslog.conf file.
Milestone: Cluster (one day).
Status: Done.
Feature: Athena machines send information about whether they are in use to a "larvnetd" daemon on a central host which can be queried using the cview and xcluster commands.
Current solution: The athena-xlogin package contains calls to liblarv (in the athena-larv package) which creates or removes a flag file (/var/athena/busy) and sends a UDP status packet to a machine determined by the larvnet Hesiod sloc record. The athena-busyd package provides a UDP daemon which responds to poll requests based on the presence of the flag file, and the athena-inetd package makes the busyd daemon available. On the server end, the athena-larvnetd package contains a program to receive status packets, do periodic polling of cluster machines and printers, and write out reports. The athena-cviewd, athena-cview, and athena-xcluster packages provide server and client programs for retrieving and displaying those reports.
Planned solution: The debathena-larvnet package provides the busyd daemon and an Xsession script to send packets to larvnet before and after graphical login sessions. Rather than use a flag file, busyd uses an empirical query to determine whether a gdm session is active, eliminating the need to run code as root before and after login sessions.
Milestone: Cluster (one day).
Status: Done.
Feature: Athena machines report centrally about their existence, machine type, and version so that they can be counted.
Current solution: The athena-ws package installs a script /etc/athena/counterlog to do the actual logging, a cron job to run it every hour (desynchronized), and a line in the athena-ws.rc script to run it at boot time.
Planned solution: A new package debathena-counterlog will install the script and cron job.
Milestone: Cluster (one day).
Status: Done.
Feature: Athena machines respond to requests on the "time" and "daytime" ports with their idea of the current time.
Current solution: The athena-inetd package is configured to answer on the time and daytime ports. The daemon code is built into inetd.
Planned solution: Desupport this feature.
Status: Done.
Feature: Athena machines have filesystem-level access to AFS.
Current solution: The installer creates a separate disk partition for the AFS cache. The athena-openafs package contains a build of OpenAFS 1.4.4. It also contains a script /etc/athena/config_afs to set up cell locations, setuid cells, and cell aliases using files in /afs/athena.mit.edu/service and a customized init script which recreates the cache partition if it won't fsck cleanly and then mounts it. We rebuild the athena-openafs package each time the kernel changes so that the kernel module matches the kernel version. The athena-afs-krb5 package contains an aklog program which can get tokens using a Kerberos credentials cache.
Planned solution: Ensure that openafs-clients is installed. A new package debathena-openafs-config will configure the machine appropriately. Through automated scripts, packages and metapackages will be produced to install binary AFS kernel modules matching the standard Ubuntu kernel versions.
Milestone: Core (one week).
Status: Done.
Feature: Athena machines periodically clean up files in temporary areas to avoid slowly filling the disk.
Current solution: The athena-ws package installs a script in /etc/athena/clean_tmp_areas which removes old files in temporary areas if they are not owned by logged-in users. It also installs a cron job to run the script once a day. It also contains code in the boot and reactivate scripts to clean specific kinds of files which only pertain to logged in users, such as /tmp/session-* directories used by our GConf modifications.
Planned solution: A new package debathena-tmp-cleaner will install the script and cron job.
Milestone: Cluster (one day).
Status: Done.
Feature: Athena machines automatically take updates when we put out new releases.
Current solution: The athena-ws package installs a script /etc/athena/update_ws which is invoked by the boot and reactivate scripts. update_ws runs a script out of the sysprefix area (determined by the machine's Hesiod cluster information) which checks for a new numbered patch release and invokes rpmupdate from the athena-rpmupdate package to update the machine's RPM set to a new version.
Planned solution: We are moving away from the concept of patch releases. Privately administered machines can take updates via the usual updater. The debathena-auto-update package contains a cron job to take updates for cluster machines.
Milestone: Core (one week).
Status: Done.
Feature: Athena machines have a consistent set of native platform packages installed, which is a superset of the default package set.
Current solution: In the release area in AFS, the list-9.4.X files contain a list of pathnames of RHEL 4 packages. When we want to add or remove a native package in a patch release, we simply include it or omit it from the list file for that patch, and rpmupdate adds or removes the RPM during the update. Non-included RHEL 4 packages are listed in the upgrade-9.4.X file; rpmupdate will upgrade these packages if they are locally installed on a private machine, but will not install them.
Planned solution: The debathena-cluster-software metapackage will depend on the required software. This metapackage will be implied by debathena-cluster, but not by debathena-workstation as it will be quite large and not desirable for all privately administered machines.
Milestone: Core (one day).
Status: Done; will require ongoing maintenance as software needs arise.
Feature: Athena machines can be flagged as "public", which implies that they have no persistent data or customizations and can engage in more aggressive cleanup activities.
Current solution: The athena-ws package inaugurates the PUBLIC variable into /etc/athena/rc.conf. The package value defaults to false, but our installer will set it to true if the user does not customize the rc.conf values. The specific changes enabled by setting PUBLIC are:
- athinfod allows remote viewing of the update.log file.
- The athena-ws boot script performs hardware-specific configuration maintenance when appropriate, such as adjusting the X configuration. (Specific examples at the current time are probably irrelevant due to the change in base operating system.)
- The athena-ws boot script removes any installed ssh host keys.
- The athena-ws boot script removes any files named *.local in /etc, /etc/athena, or /etc/athena/login.
- The athena-ws boot script removes Mozilla cache directories in /var/tmp.
- The athena-ws boot script removes configuration files and other files which shouldn't exist, and adjusts the mode of /etc/shadow.
- The athena-ws boot script does not preserve the contents of /etc/motd (normally it rewrites the original line but keeps the remaining contents.
- The public workstation verification script will operate (normally it will refuse to run) and runs at boot time.
- The reactivate script does not check for running screen processes before performing cleanup.
- The reactivate script performs a "full" reactivation (additional, slower cleanup) between each login instead of just when it runs from the cron job.
- The reactivate script erases all files in /tmp as well as all temporary home directories.
- The reactivate script copies the local passwd, athinfo.access, and local-lockers.conf file from a directory in AFS.
- The reactivate script removes any installed ssh host keys.
- The update script (run out of AFS) passes the -p option to rpmupdate, causing it not to honor local changes to the installed RPM set.
Planned solution: Desupport this feature. Private machines will install the debathena-workstation package instead of the debathena-cluster package. Functionality which applies only to cluster machines will be implemented in packages which are part of debathena-cluster.
Milestone: Cluster (two days).
Status: Done.
Feature: The default GNOME panel setup contains a menu of important Athena locker software (currently unmaintained). For performance reasons, the files representing this menu must be stored on local disk.
Current solution: The athena-dotfiles package installs gnome-panel default schemas which include a menu object pointing to /var/athena/menus. It also installs a symlink /usr/athena/share/gnome/athena/menus pointing into AFS. The athena-ws package includes a script /etc/athena/local-menus which is invoked from the reactivate and boot scripts. The local-menus script copies a tar file out of AFS if a new one exists, and then untars it locally into /var/athena/menus. If the process fails, /var/athena/menus is directly symlinked into an untarred menu directory in AFS, which will yield poor performance but is correct.
Planned solution: A new package (name to be determined) will install desktop items for high-profile locker software.
Milestone: Basic (two days).
Status: Done.
Feature: Some lockers containing frequently-used software are stored on local disk for performance reasons.
Current solution: The athena-athlsync package contains a program which can efficiently synchronize a locker to local disk while translating AFS-specific path features. The athena-ws package includes a script /etc/athena/local-lockers and a cron job to invoke it every day between 3:30am and 7:30am. The local-lockers script uses athlsync to synchronize lockers to /var/athena/local and sets up a symlink in /var/athena/local-validated for those lockers which were successfully synchronized. The athena-liblocker package contains logic to look for a directory in /var/athena/local-validated when attaching a locker and to use that in preference to the network copy.
Planned solution: Desupport this feature. It would be difficult, though possible, to make it work with autofs. Right now we are only using it for OpenOffice and Acrobat. We can use the native OpenOffice installation for document processing and natively provided PDF tools for casual PDF browsing.
Status: Done.
Feature: Cluster machines perform some self-integrity checking to repair accidental and casual changes to their configurations.
Current solution: The athena-ws package includes a script /etc/athena/verify which is invoked from the boot script. The verify script uses rpmupdate to synchronize the locally installed RPM set with the current release list, and then checks for files which differ from their RPM checksums and reinstalls any affected RPMs. A specific set of configuration files is also copied in from an area in AFS in case they have been changed.
Planned solution: Each gdm login on a cluster machine will be performed in a separate, ephemeral snapshot of the root partition. The debathena-reactivate package will interface with gdm in order to do so.
Milestone: Cluster (three days).
Status: Done.
Feature: Athena machines may be part of a Hesiod "cluster" which can determine whether they take beta updates, whether they are cluster/quickstation machines, and what their default printers are.
Current solution: The athena-getcluster package contains a program which queries Hesiod for cluster information and writes out C shell or Bourne shell commands to set environment variables. The athena-ws package installs a script in /etc/athena/save_cluster_info which invokes getcluster to update files in /var/athena containing the environment variable settings. save_cluster_info is invoked by the boot athena reactivate scripts, and is also invoked by update_ws just to make sure. The resulting files are used by the boot script, the update script, the verification script, and the Athena dotfiles.
Planned solution: A new package debathena-clusterinfo will contain the save_cluster_info script and a boot script to invoke it. The debathena-getcluster package will remain.
Milestone: Core (one day).
Status: Done.
Feature: Particular aspects of Athena machines can be configured by editing /etc/athena/rc.conf.
Current solution: The athena-base package (required by all other packages) contains the initial rc.conf file, which contains no variables. Each package which respects a variable will "inaugurate" that variable value into rc.conf with its default value at installation time, and will honor the variable value by sourcing /etc/athena/rc.conf in (usually) the package's included boot script. The list of packages using this mechanism is: athstatusd, glue, ined, lprng, ntp, olc, openafs, openssh, samba, sendmail, ws, and zephyr.
Planned solution: Desupport this feature. Since we will no longer be a multi-platform environment, we should not be layering our own configuration mechanism on top of the native IP address configuration, and we should be using standard mechanisms (files in /etc/default) for configuring when our own software runs at boot time or determining whether a workstation is considered public.
Milestone: Cluster (one day).
Status: Done.
Feature: Cluster machines use static IP addresses and have an easy procedure for changing IP addresses when they are moved to different subnets.
Current solution: The athena-ws package inaugurates HOST, ADDR, and NETDEV variables into /etc/athena/rc.conf. Their values are initially determined at install time. The syncconf boot script runs /etc/athena/syncconf (both are from the athena-ws package) which rewrites the appropriate network configuration scripts when those variable values change. An ADDR value of dhcp indicates the use of a dynamic address.
Planned solution: Desupport this mechanism and use standard native mechanisms for reconfiguring machines' IP addresses. This will require a certain amount of retraining of ACIS personnel.
Status: Done.
Feature: Cluster machines run a local name server and are configured to use it to cache name lookup results.
Current solution: The athena-bind package provides a build of BIND 9.3.1 and a script to run the daemon at boot time. It also includes an /etc/resolv.conf file (which, oddly, is not owned by any system RPM) pointing libc name resolution requests at the local named and setting a search domain of MIT.EDU.
Planned solution: Desupport this feature. Use the MIT name servers directly from resolv.conf instead.
Milestone: (Accounted for in installer and updater tasks).
Feature: Admins can enable various nework services with the "mkserv" command; the most popular of these is "mkserv remote" to permanently enable remote access daemons.
Current solution: The athena-glue package installs an attach-and-run script for mkserv and man page symlinks. The update script invokes "mkserv updatetest" before an update to check if all services are available for the new version, and "mkserv update" afterwards. The mkserv locker software contains code to bring parts of /usr/athena onto local disk (no longer used since /usr/athena is already local), to change values in rc.conf, and to run service-specific action scripts when services are added and removed. Scripts to add services are re-run at each update.
Planned solution: Desupport this feature.
Status: Done.
Feature: Athena machines almost always have the correct time as determined by time.mit.edu.
Current solution: The athena-gettime package contains a locally written utility to get the time from a remote host and optionally reset the current machine's time from a remote host. The athena-ntp package contains a build of ntp 4.1.1, along with configuration files to sync time passively from network broadcasts and a boot script to reset the time and start up ntpd. The athena-ws package sets up a cron job to reset the time twice a day using gettime if it has drifted. AFS will also attempt to keep the time synchronized to within two seconds.
Planned solution: Ensure that the native ntp and ntpdate packages are installed. A new package debathena-ntp-config will configure ntp to synchronize the time actively against time.mit.edu. AFS will continue to resync the time if NTP somehow fails.
Milestone: Basic (two hours).
Status: Done.
Feature: Athena machines automatically synchronize the hardware clock following Daylight Savings Time changes.
Current solution: The athena-ws package installs a script in /etc/athena/syncclock which synchronizes the hardware clock to local time, and a cron job to run it after daylight savings transitions.
Planned solution: This mechanism exists because most of our existing time synchronization methods can fail if a machine comes up without network and with a time which is off by an hour. Configuring the native package to actively sync time against time.mit.edu should not be vulnerable to this issue, so this mechanism should not be needed. Therefore, desupport this feature unless it is found to be necessary. If it is necessary, add the script and cron job to debathena-ntp-config.
Status: Done.
Feature: Athena users receive messages of the day prior to logging in (the gmotd) and upon logging in (the motd) and can also be sent personalized system messages upon logging in about things like impending account cancellations (lert).
Current solution: The xlogin program is configured to display the contents of /afs/athena.mit.edu/system/config/motd/login.94 prior to login. The athena-get-message, athena-gms, and athena-messaged packages contain client, library, and server software for retrieving the motd. The athena-lert package contains client and server software for retrieving the user-specific lert messages. get-message and lert are invoked from the xsession and login dotfiles in the athena-dotfiles package; the messages are displayed via Zephyr in graphical logins and to standard out in text logins.
Planned solution: The xlogin gmotd will be desupported since we are moving to gdm; Ops has indicated that they don't care about it. The motd and lert message will be displayed using zenity by scripts in the debathena-xsession package, which will invoke them as part of Athena login session integration.
Status: Done.
Feature: Users can submit bug reports to the appropriate channel using the sendbug command.
Current solution: The athena-sendbug package contains the sendbug script. The message is composed in emacs and submitted using nmh commands.
Planned solution: No change. The script badly needs to be rewritten to use modern tools, but that is neither trivial nor relevant to the Athena 10 goals.
Milestone: Cluster (two hours).
Status: Done.
Feature: /usr/sbin/sendmail is configured to inject mail through outgoing.mit.edu and to use Kerberos authentication if the user has valid tickets. The sendmail queue is flushed once an hour in case mail has to be queued locally.
Current solution: The athena-sendmail package contains a lightly customized version of sendmail, along with a wrapper script which checks if the user has valid tickets and chooses what options to pass.
Planned solution: The debathena-msmtp-config package will provide a script which emulates the Athena sendmail behavior.
Status: Already done in Debathena.
Feature: Users can see system messages in the "console".
Current solution: The athena-console package contains a console display program, and the athena-dm package invokes it and sends xlogin's stdout and stderr to it. The athena-config_console package contains a setuid utility which can send signals to the console to show or hide itself or reload configuration from X resources. The xsession script in the athena-dotfiles package redirects the output of GNOME programs to /dev/null to reduce console spam.
Planned solution: Desupport this feature. xsession output messages will be written to .xsession-errors in the user's home directory as is standard on Ubuntu.
Status: Done.
Feature: GNOME is configured to use applications available on Athena to open certain document types.
Current solution: The athena-gnome-mime-data package contains a customized applications file which will run acroread, applix, gimp, gv, lynx, office, realplay, soffice, and xanim from lockers instead of locally, and also knows about htmlview, mswordview, xess, and xv. It also contains a customized keys file adjusting which applications are pointed to by certain MIME types.
Planned solution: Desupport this feature. The base OS will do a good job of viewing documents without our help at this point.
Status: Done.
Feature: Athena machines can have either a krb5 keytab or a krb4 srvtab and Kerberos daemons will use either one, preferring the keytab.
Current solution: The athena-krb5 package is customized with support to read krb4 srvtab files and support for trying two different kinds of keytabs. The krb5.conf installed by the athena-krb5 package is configured to look in /etc/krb5.keytab first and /etc/athena/srvtab second.
Planned solution: Desupport this feature. As part of the Athena 9 to Athena 10 update, translate srvtab files to keytab files automatically if a srvtab exists and a keytab does not.
Milestone: (Accounted for in installer and updater tasks.)
Feature: Athena login sessions follow a complicated set of rules regarding user dotfiles.
Current solution: The athena-dotfiles package package installs central dotfiles in /usr/athena/lib/init, prototype user dotfiles in /usr/prototype_user, and replacement root dotfiles in /root.
Planned solution: The debathena-dotfiles package will need to be adjusted for the new development infrastructure, and will contain only the central and prototype dotfiles for text logins. A new package debathena-root-dotfiles will contain the root dotfile replacements, since those are not necessarily desirable for privately operated machines. A new package debathena-xsession will contain the graphical login session integration.
Milestone: Core (two days).
Status: Done.
Feature: Users can query basic machine characteristics with the machtype command.
Current solution: The athena-machtype package installs a script in /bin/athena/machtype to answer the questions.
Planned solution: No change.
Status: Already done in debathena.
Desupported and Changed Features
This section will collate features which are desupported or changed in user-visible ways, and can serve as a basis for a similar section in the release notes.
- The login option to run x3270 to mitvma.mit.edu is no longer supported; users will have to log in and run x3270 by hand.
- The login option to use the dash interface is no longer supported, nor is the script to revert to dash. ~/.athena_dash_interface will not be honored.
- The Mozilla web browser is de-supported and not available by default.
- The Kerberized rlogin, rsh, telnet, and ftp daemons are no longer supported. The clients are still provided.
- The network write command is no longer supported.
- The Sawfish window manager is no longer supported.
- The -k and -l options to the passwd command (to select between changing the Kerberos and local password) are no longer supported. The passwd command will always try to change both.
- The /etc/athena/access file has been replaced with the /etc/security/access.conf file. The update from Athena 9.4 will automatically rewrite /etc/athena/access to /etc/security/access.conf. The ability to tag accounts as "local" (suppressing Kerberos authentication) is no longer supported.
- The access_on and access_off commands are no longer supported.
- Athena machines will no longer create temporary home directories for users whose home directories are unavailable.
- The "ignore customizations" login option is gone. In its place are two similar options: "Failsafe GNOME" which uses a default GNOME session without user customizations, and "Failsafe Terminal" which eliminates all GUI customizations.
- The customized Athena xscreensaver has been replaced with the default GNOME screensaver. It is still possible to log out users after 20 minutes by default. It is no longer possible to specify a separate password for the screensaver. It is possible to run commands when the screen locks or unlocks but it is substantially more complicated; google for "gnome-screensaver dbus" for more information. The xscreensaver-button command is no longer supported.
- The pop-up console window for system messages is gone. The standard Ubuntu behavior of writing xsession errors to a file .xsession_errors in the user's home directory is used instead.
- Athena machines will no longer answer time requests on the "time" and "daytime" ports unless manually configured to do so.
- Athena 10 discontinues boot-time synchronizing the hardware clock with daylight savings time changes.
- Bringing lockers local with the /etc/athena/local-lockers.conf file is no longer supported.
- The /etc/athena/version file will no longer list patch release updates since we are no longer using a patch release model. It will continue to list full release updates such as the one from 9.4 to 10.0.
- The /etc/athena/rc.conf file is no longer used to control workstation configuration.
- There is no longer a "PUBLIC" configuration flag to control system cleanups. Instead Athena 10 systems will be considered "private" or "PUBLIC=false" by default. Cluster systems with their comprehensive application suite and aggressive system cleanups will install the package debathen-cluster. Installation of this package now defines a "PUBLIC=true" system.
- Setting the hostname and IP address is no longer done in rc.conf. Instead the standard utility from the menu System->Administration->Network is used.
- Athena machines no longer run a local caching name server.
- The mkserv command is no longer supported.
- Default SMB support is client only. To act as an SMB server requires additional software and manual configuration.
- The xlogin global motd (displayed on the login screen before the user logs in) is no longer supported.
- Athena machines will no longer read /etc/athena/srvtab files. The update from Athena 9.4 will automatically translate /etc/athena/srvtab to /etc/krb5.keytab files if the former exists and the latter does not.
- Printing to queues requiring authentication will only be supported via the non-standard command-line mit-lpr utility, not via the GUI.
- If a .tcshrc file is present in a user's home directory, it will be executed instead of .cshrc; this is the standard tcsh behavior. In Athena 9.4 it is executed in addition to .cshrc.
- If you log in and use GNOME processes twice on the same machine (e.g. using ssh with X forwarding for one of the login sessions), the later session may reuse gconfd2 or Bonobo components from the former one, which can break ungracefully if the former session's tokens have expired. In Athena 9.4 we made local changes to the GNOME source code to prevent this possibility.