<itemizedlist>
<listitem>
<para>
- <link linkend="KAS012">Enabling AFS Login on AIX Systems</link>
- </para>
- </listitem>
- <listitem>
- <para>
<link linkend="KAS015">Enabling AFS Login on Linux Systems</link>
</para>
</listitem>
</itemizedlist>
</para>
</sect2>
- <sect2 id="KAS012">
- <title>Enabling kaserver based AFS login</title>
-
- <para>Now incorporate AFS into the AIX secondary authentication system.
- <orderedlist>
- <listitem>
- <para>Issue the <emphasis role="bold">ls</emphasis> command to
- verify that the <emphasis role="bold">afs_dynamic_auth</emphasis>
- and <emphasis role="bold">afs_dynamic_kerbauth</emphasis>
- programs are installed in the local
- <emphasis role="bold">/usr/vice/etc</emphasis> directory.
-<programlisting>
- # <emphasis role="bold">ls /usr/vice/etc</emphasis>
-</programlisting>
- </para>
-
- <para>If the files do not exist, unpack the
- OpenAFS Binary Distribution for AIX (if it is not already),
- change directory as indicated, and copy them.</para>
-
-<programlisting>
- # <emphasis role="bold">cd /tmp/afsdist/rs_aix42/dest/root.client/usr/vice/etc</emphasis>
- # <emphasis role="bold">cp -p afs_dynamic* /usr/vice/etc</emphasis>
-</programlisting>
- </listitem>
-
- <listitem>
- <para>Edit the local
- <emphasis role="bold">/etc/security/user</emphasis> file, making
- changes to the indicated stanzas:
- <itemizedlist>
- <listitem>
- <para>In the default stanza, set the
- <computeroutput>registry</computeroutput> attribute to
- <emphasis role="bold">DCE</emphasis> (not to
- <emphasis role="bold">AFS</emphasis>), as follows:
-<programlisting>
- registry = DCE
-</programlisting>
- </para>
- </listitem>
-
- <listitem>
- <para>In the default stanza, set the
- <computeroutput>SYSTEM</computeroutput> attribute as
- indicated.</para>
-
- <para>If the machine is an AFS client only, set the
- following value:</para>
-<programlisting>
- SYSTEM = "AFS OR (AFS[UNAVAIL] AND compat[SUCCESS])"
-</programlisting>
-
- <para>If the machine is both an AFS and a DCE client,
- set the following value (it must appear on a single line in
- the file):</para>
-<programlisting>
- SYSTEM = "DCE OR DCE[UNAVAIL] OR AFS OR (AFS[UNAVAIL] \
- AND compat[SUCCESS])"
-</programlisting>
- </listitem>
-
- <listitem>
- <para>In the <computeroutput>root</computeroutput>
- stanza, set the <computeroutput>registry</computeroutput>
- attribute as follows. It enables the local superuser
- <emphasis role="bold">root</emphasis> to log into the local
- file system only, based on the password listed in the
- local password file.
-<programlisting>
- root:
- registry = files
-</programlisting>
- </para>
- </listitem>
- </itemizedlist>
- </para>
- </listitem>
-
- <listitem>
- <para>Edit the local
- <emphasis role="bold">/etc/security/login.cfg</emphasis> file,
- creating or editing the indicated stanzas:
- <itemizedlist>
- <listitem>
- <para>In the <computeroutput>DCE</computeroutput> stanza,
- set the <computeroutput>program</computeroutput>
- attribute as follows.</para>
-
- <para>If you use the AFS Authentication Server
- (<emphasis role="bold">kaserver</emphasis> process):</para>
-<programlisting>
- DCE:
- program = /usr/vice/etc/afs_dynamic_auth
-</programlisting>
-
- <para>If you use a Kerberos v4 implementation of AFS
- authentication:</para>
-
-<programlisting>
- DCE:
- program = /usr/vice/etc/afs_dynamic_kerbauth
-</programlisting>
- </listitem>
-
- <listitem>
- <para>In the <computeroutput>AFS</computeroutput> stanza,
- set the <computeroutput>program</computeroutput>
- attribute as follows.</para>
-
- <para>If you use the AFS Authentication Server
- (<emphasis role="bold">kaserver</emphasis> process):</para>
-<programlisting>
- AFS:
- program = /usr/vice/etc/afs_dynamic_auth
-</programlisting>
-
- <para>If you use a Kerberos v4 implementation of AFS
- authentication:</para>
-<programlisting>
- AFS:
- program = /usr/vice/etc/afs_dynamic_kerbauth
-</programlisting>
- </listitem>
- </itemizedlist>
- </para>
- </listitem>
- <listitem>
- <para>Proceed to
- <link linkend="HDRWQ50">Starting the BOS Server</link>,
- if you are installing your first file server machine;
- <link linkend="HDRWQ108">Starting Server Programs</link>,
- if you are installing an additional file server machine; or
- <link linkend="HDRWQ145">Loading and Creating Client Files</link>
- if you are installating a client</para>
- </listitem>
- </orderedlist>
- </para>
- </sect2>
<sect2 id="KAS015">
<title>Enabling kaserver based AFS Login on Linux Systems</title>