Get the rest of them all at once.
Change-Id: Idb33746d43a4a1a9f41e21d7f6d81360ecdd952e
Reviewed-on: http://gerrit.openafs.org/11591
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
</listitem>
<listitem>
<para>
- <link linkend="KAS013">Enabling AFS Login on HP-UX Systems</link>
- </para>
- </listitem>
- <listitem>
- <para>
<link linkend="KAS015">Enabling AFS Login on Linux Systems</link>
</para>
</listitem>
</orderedlist>
</para>
</sect2>
- <sect2 id="KAS013">
- <title>Enabling kaserver based AFS Login on HP-UX systems</title>
-
- <para>At this point you incorporate AFS into the operating system's
- Pluggable Authentication Module (PAM) scheme. PAM integrates all
- authentication mechanisms on the machine, including login, to provide
- the security infrastructure for authenticated access to and from the
- machine.</para>
-
- <para>Explaining PAM is beyond the scope of this document. It is
- assumed that you understand the syntax and meanings of settings in the
- PAM configuration file (for example, how the
- <computeroutput>other</computeroutput> entry works, the effect of
- marking an entry as <computeroutput>required</computeroutput>,
- <computeroutput>optional</computeroutput>, or
- <computeroutput>sufficient</computeroutput>, and so on).</para>
-
- <para>The following instructions explain how to alter the entries in
- the PAM configuration file for each service for which you
- wish to use AFS authentication. Other configurations possibly also
- work, but the instructions specify the recommended and
- tested configuration.</para>
-
- <note>
- <para>The instructions specify that you mark each entry as
- <computeroutput>optional</computeroutput>. However, marking some
- modules as optional can mean that they grant access to the
- corresponding service even when the user does not meet all of the
- module's requirements. In some operating system revisions, for
- example, if you mark as optional the module that controls
- login via a dial-up connection, it allows users to login without
- providing a password. See the <emphasis>OpenAFS Release
- Notes</emphasis> for a discussion of any limitations that apply to
- this operating system.</para>
-
- <para>Also, with some operating system versions you must install
- patches for PAM to interact correctly with certain
- authentication programs. For details, see the
- <emphasis>OpenAFS Release Notes</emphasis>.</para>
- </note>
-
- <para>The recommended AFS-related entries in the PAM configuration
- file make use of one or more of the following three
- attributes.
- <variablelist>
- <varlistentry>
- <term><emphasis role="bold"><computeroutput>try_first_pass</computeroutput></emphasis></term>
-
- <listitem>
- <para>This is a standard PAM attribute that can be included on
- entries after the first one for a service; it directs
- the module to use the password that was provided to the first
- module. For the AFS module, it means that AFS
- authentication succeeds if the password provided to the module
- listed first is the user's correct AFS password. For
- further discussion of this attribute and its alternatives, see
- the operating system's PAM documentation.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><emphasis role="bold"><computeroutput>ignore_root</computeroutput></emphasis></term>
-
- <listitem>
- <para>This attribute, specific to the AFS PAM module, directs it
- to ignore not only the local superuser <emphasis
- role="bold">root</emphasis>, but also any user with UID 0
- (zero).</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><emphasis role="bold"><computeroutput>setenv_password_expires</computeroutput></emphasis></term>
-
- <listitem>
- <para>This attribute, specific to the AFS PAM module, sets the
- environment variable PASSWORD_EXPIRES to the expiration
- date of the user's AFS password, which is recorded in the
- Authentication Database.</para>
- </listitem>
- </varlistentry>
- </variablelist>
- </para>
-
- <para>Perform the following steps to enable AFS login.
- <orderedlist>
- <listitem>
- <para>Unpack the OpenAFS Binary Distribution for HP-UX into the
- <emphasis role="bold">/tmp/afsdist</emphasis> directory, if it is
- not already.
- Then change directory as indicated.
-<programlisting>
- # <emphasis role="bold">cd /usr/lib/security</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Copy the AFS authentication library file to the
- <emphasis role="bold">/usr/lib/security</emphasis> directory. Then
- create a symbolic link to it whose name does not mention the
- version. Omitting the version eliminates the need to edit
- the PAM configuration file if you later update the library
- file.</para>
-
- <para>If you use the AFS Authentication Server
- (<emphasis role="bold">kaserver</emphasis> process) in the cell:</para>
-
-<programlisting>
- # <emphasis role="bold">cp /tmp/afsdist/hp_ux110/dest/lib/pam_afs.so.1 .</emphasis>
- # <emphasis role="bold">ln -s pam_afs.so.1 pam_afs.so</emphasis>
-</programlisting>
-
- <para>If you use a Kerberos implementation of AFS authentication:</para>
-
-<programlisting>
- # <emphasis role="bold">cp /tmp/afsdist/hp_ux110/dest/lib/pam_afs.krb.so.1 .</emphasis>
- # <emphasis role="bold">ln -s pam_afs.krb.so.1 pam_afs.so</emphasis>
-</programlisting>
- </listitem>
-
- <listitem>
- <para>Edit the
- <computeroutput>Authentication management</computeroutput>
- section of the HP-UX PAM configuration file,
- <emphasis role="bold">/etc/pam.conf</emphasis> by convention. The
- entries in this section have the value
- <computeroutput>auth</computeroutput> in their second field.</para>
-
- <para>First edit the standard entries, which refer to the
- HP-UX PAM module (usually, the file <emphasis
- role="bold">/usr/lib/security/libpam_unix.1</emphasis>) in their
- fourth field. For each service for which you want to
- use AFS authentication, edit the third field of its entry to read
- <computeroutput>optional</computeroutput>. The
- <emphasis role="bold">pam.conf</emphasis> file in the HP-UX
- distribution usually includes standard entries for the
- <emphasis role="bold">login</emphasis> and
- <emphasis role="bold">ftp</emphasis> services, for instance.</para>
-
- <para>If there are services for which you want to use AFS
- authentication, but for which the <emphasis
- role="bold">pam.conf</emphasis> file does not already include a
- standard entry, you must create that entry and place the
- value <computeroutput>optional</computeroutput> in its third field.
- For instance, the HP-UX <emphasis role="bold">pam.conf</emphasis>
- file does not usually include standard entries for the <emphasis
- role="bold">remsh</emphasis> or
- <emphasis role="bold">telnet</emphasis> services.</para>
-
- <para>Then create an AFS-related entry for each service, placing it
- immediately below the standard entry. The following
- example shows what the
- <computeroutput>Authentication Management</computeroutput> section
- looks like after you have you
- edited or created entries for the services mentioned previously.
- Note that the example AFS entries appear on two lines
- only for legibility.</para>
-
-<programlisting>
- login auth optional /usr/lib/security/libpam_unix.1
- login auth optional /usr/lib/security/pam_afs.so \
- try_first_pass ignore_root setenv_password_expires
- ftp auth optional /usr/lib/security/libpam_unix.1
- ftp auth optional /usr/lib/security/pam_afs.so \
- try_first_pass ignore_root
- remsh auth optional /usr/lib/security/libpam_unix.1
- remsh auth optional /usr/lib/security/pam_afs.so \
- try_first_pass ignore_root
- telnet auth optional /usr/lib/security/libpam_unix.1
- telnet auth optional /usr/lib/security/pam_afs.so \
- try_first_pass ignore_root setenv_password_expires
-</programlisting>
- </listitem>
-
- <listitem>
- <para>If you use the Common Desktop Environment (CDE) on the
- machine and want users to obtain an AFS token as they log
- in, also add or edit the following four entries in the
- <computeroutput>Authentication management</computeroutput>
- section. Note that the AFS-related entries appear on two lines
- here only for legibility.
-<programlisting>
- dtlogin auth optional /usr/lib/security/libpam_unix.1
- dtlogin auth optional /usr/lib/security/pam_afs.so \
- try_first_pass ignore_root
- dtaction auth optional /usr/lib/security/libpam_unix.1
- dtaction auth optional /usr/lib/security/pam_afs.so \
- try_first_pass ignore_root
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Proceed to
- <link linkend="HDRWQ50">Starting the BOS Server</link> if you
- are installing your first file server;
- <link linkend="HDRWQ108">Starting Server Programs</link> if you
- are installing an additional file server machine; or
- <link linkend="HDRWQ145">Loading and Creating Client Files.</link>
- if you are installing a client.</para>
- </listitem>
- </orderedlist>
- </para>
- </sect2>
<sect2 id="KAS015">
<title>Enabling kaserver based AFS Login on Linux Systems</title>
<para>On AIX systems, <emphasis role="bold">/etc/rc.afs</emphasis></para>
</listitem>
- <listitem>
- <para>On HP-UX systems, <emphasis role="bold">/sbin/init.d/afs</emphasis></para>
- </listitem>
-
<listitem>
<para>On Fedora and RHEL systems, <emphasis role="bold">/etc/sysconfg/openafs</emphasis></para>
</listitem>
</listitem>
</orderedlist></para>
- <indexterm>
- <primary>HP-UX</primary>
-
- <secondary>AFS initialization script</secondary>
-
- <tertiary>on first AFS machine</tertiary>
- </indexterm>
-
- <para><emphasis role="bold">On HP-UX systems:</emphasis> <orderedlist>
- <listitem>
- <para>Run the AFS initialization script. <programlisting>
- # <emphasis role="bold">/sbin/init.d/afs start</emphasis>
-</programlisting></para>
- </listitem>
- </orderedlist></para>
-
- <indexterm>
- <primary>Linux</primary>
-
- <secondary>AFS initialization script</secondary>
-
- <tertiary>on first AFS machine</tertiary>
- </indexterm>
-
<para><emphasis role="bold">On Linux systems:</emphasis> <orderedlist>
<listitem>
<para>Reboot the machine and log in again as the local superuser <emphasis role="bold">root</emphasis>.
</listitem>
<listitem>
- <para><link linkend="HDRWQ76">Activating the Script on HP-UX Systems</link></para>
- </listitem>
-
- <listitem>
<para><link linkend="HDRWQ78">Activating the Script on Linux Systems</link></para>
</listitem>
</orderedlist>
<indexterm>
- <primary>HP-UX</primary>
-
- <secondary>AFS initialization script</secondary>
-
- <tertiary>on first AFS machine</tertiary>
- </indexterm>
- </sect2>
-
- <sect2 id="HDRWQ76">
- <title>Activating the Script on HP-UX Systems</title>
-
- <orderedlist>
- <listitem>
- <para>Change to the <emphasis role="bold">/sbin/init.d</emphasis> directory and issue the <emphasis role="bold">ln
- -s</emphasis> command to create symbolic links that incorporate the AFS initialization script into the HP-UX startup and
- shutdown sequence. <programlisting>
- # <emphasis role="bold">cd /sbin/init.d</emphasis>
- # <emphasis role="bold">ln -s ../init.d/afs /sbin/rc2.d/S460afs</emphasis>
- # <emphasis role="bold">ln -s ../init.d/afs /sbin/rc2.d/K800afs</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para><emphasis role="bold">(Optional)</emphasis> There are now copies of the AFS initialization file in both the
- <emphasis role="bold">/usr/vice/etc</emphasis> and <emphasis role="bold">/sbin/init.d</emphasis> directories. If you want
- to avoid potential confusion by guaranteeing that they are always the same, create a link between them. You can always
- retrieve the original script from the AFS CD-ROM if necessary. <programlisting>
- # <emphasis role="bold">cd /usr/vice/etc</emphasis>
- # <emphasis role="bold">rm afs.rc</emphasis>
- # <emphasis role="bold">ln -s /sbin/init.d/afs afs.rc</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Proceed to <link linkend="HDRWQ80">Configuring the Top Levels of the AFS Filespace</link>.</para>
- </listitem>
- </orderedlist>
-
- <indexterm>
<primary>Linux</primary>
<secondary>AFS initialization script</secondary>
</listitem>
<listitem>
- <para><link linkend="HDRWQ103">Getting Started on HP-UX Systems</link></para>
- </listitem>
-
- <listitem>
<para><link linkend="HDRWQ106">Getting Started on Linux Systems</link></para>
</listitem>
</orderedlist></para>
</sect3>
- <sect3 id="HDRWQ103">
- <title>Getting Started on HP-UX Systems</title>
-
- <para>Begin by building AFS modifications into the kernel, then configure server partitions and replace the HP-UX <emphasis
- role="bold">fsck</emphasis> program with a version that correctly handles AFS volumes.</para>
-
- <para>If the machine's hardware and software configuration exactly matches another HP-UX machine on which AFS is already
- built into the kernel, you can copy the kernel from that machine to this one. In general, however, it is better to build AFS
- modifications into the kernel on each machine according to the following instructions.
- <orderedlist>
- <indexterm>
- <primary>incorporating AFS kernel extensions</primary>
-
- <secondary>server machine after first</secondary>
-
- <tertiary>HP-UX</tertiary>
- </indexterm>
-
- <indexterm>
- <primary>AFS kernel extensions</primary>
-
- <secondary>on server machine after first</secondary>
-
- <tertiary>HP-UX</tertiary>
- </indexterm>
-
- <indexterm>
- <primary>file server machine, additional</primary>
-
- <secondary>AFS kernel extensions</secondary>
-
- <tertiary>on HP-UX</tertiary>
- </indexterm>
-
- <indexterm>
- <primary>HP-UX</primary>
-
- <secondary>AFS-modified kernel</secondary>
-
- <tertiary>on add'l server machine</tertiary>
- </indexterm>
-
- <listitem>
- <para>Move the existing kernel-related files to a safe location. <programlisting>
- # <emphasis role="bold">cp /stand/vmunix /stand/vmunix.noafs</emphasis>
- # <emphasis role="bold">cp /stand/system /stand/system.noafs</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Unpack the OpenAFS HP-UX distribution tarball. The examples
- below assume that you have unpacked the files into the
- <emphasis role="bold">/tmp/afsdist</emphasis> directory. If you
- pick a different location, substitute this in all of the following
- examples. Once you have unpacked the distribution, change
- directory as indicated.
-<programlisting>
- # <emphasis role="bold">cd /tmp/afsdist/hp_ux110/dest/root.client</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Copy the AFS initialization file to the local directory for initialization files (by convention, <emphasis
- role="bold">/sbin/init.d</emphasis> on HP-UX machines). Note the removal of the <emphasis role="bold">.rc</emphasis>
- extension as you copy the file. <programlisting>
- # <emphasis role="bold">cp usr/vice/etc/afs.rc /sbin/init.d/afs</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Copy the file <emphasis role="bold">afs.driver</emphasis> to the local <emphasis
- role="bold">/usr/conf/master.d</emphasis> directory, changing its name to <emphasis role="bold">afs</emphasis> as you
- do. <programlisting>
- # <emphasis role="bold">cp usr/vice/etc/afs.driver /usr/conf/master.d/afs</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Copy the AFS kernel module to the local <emphasis role="bold">/usr/conf/lib</emphasis> directory.</para>
-
- <para>If the machine's kernel supports NFS server functionality:</para>
-
- <programlisting>
- # <emphasis role="bold">cp bin/libafs.a /usr/conf/lib</emphasis>
-</programlisting>
-
- <para>If the machine's kernel does not support NFS server functionality, change the file's name as you copy it:</para>
-
- <programlisting>
- # <emphasis role="bold">cp bin/libafs.nonfs.a /usr/conf/lib/libafs.a</emphasis>
-</programlisting>
- </listitem>
-
- <listitem>
- <para>Incorporate the AFS driver into the kernel, either using the <emphasis role="bold">SAM</emphasis> program or a
- series of individual commands. <itemizedlist>
- <listitem>
- <para>To use the <emphasis role="bold">SAM</emphasis> program: <orderedlist>
- <listitem>
- <para>Invoke the <emphasis role="bold">SAM</emphasis> program, specifying the hostname of the local
- machine as <replaceable>local_hostname</replaceable>. The <emphasis role="bold">SAM</emphasis> graphical
- user interface pops up. <programlisting>
- # <emphasis role="bold">sam -display</emphasis> <replaceable>local_hostname</replaceable><emphasis role="bold">:0</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Choose the <emphasis role="bold">Kernel Configuration</emphasis> icon, then the <emphasis
- role="bold">Drivers</emphasis> icon. From the list of drivers, select <emphasis
- role="bold">afs</emphasis>.</para>
- </listitem>
-
- <listitem>
- <para>Open the pull-down <emphasis role="bold">Actions</emphasis> menu and choose the <emphasis
- role="bold">Add Driver to Kernel</emphasis> option.</para>
- </listitem>
-
- <listitem>
- <para>Open the <emphasis role="bold">Actions</emphasis> menu again and choose the <emphasis
- role="bold">Create a New Kernel</emphasis> option.</para>
- </listitem>
-
- <listitem>
- <para>Confirm your choices by choosing <emphasis role="bold">Yes</emphasis> and <emphasis
- role="bold">OK</emphasis> when prompted by subsequent pop-up windows. The <emphasis
- role="bold">SAM</emphasis> program builds the kernel and reboots the system.</para>
- </listitem>
-
- <listitem>
- <para>Login again as the superuser <emphasis role="bold">root</emphasis>. <programlisting>
- login: <emphasis role="bold">root</emphasis>
- Password: <replaceable>root_password</replaceable>
-</programlisting></para>
- </listitem>
- </orderedlist></para>
- </listitem>
-
- <listitem>
- <para>To use individual commands: <orderedlist>
- <listitem>
- <para>Edit the file <emphasis role="bold">/stand/system</emphasis>, adding an entry for <emphasis
- role="bold">afs</emphasis> to the <computeroutput>Subsystems</computeroutput> section.</para>
- </listitem>
-
- <listitem>
- <para>Change to the <emphasis role="bold">/stand/build</emphasis> directory and issue the <emphasis
- role="bold">mk_kernel</emphasis> command to build the kernel. <programlisting>
- # <emphasis role="bold">cd /stand/build</emphasis>
- # <emphasis role="bold">mk_kernel</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Move the new kernel to the standard location (<emphasis role="bold">/stand/vmunix</emphasis>),
- reboot the machine to start using it, and login again as the superuser <emphasis
- role="bold">root</emphasis>. <programlisting>
- # <emphasis role="bold">mv /stand/build/vmunix_test /stand/vmunix</emphasis>
- # <emphasis role="bold">cd /</emphasis>
- # <emphasis role="bold">shutdown -r now</emphasis>
- login: <emphasis role="bold">root</emphasis>
- Password: <replaceable>root_password</replaceable>
-</programlisting></para>
- </listitem>
- </orderedlist></para>
- </listitem>
- </itemizedlist></para>
-
- <indexterm>
- <primary>configuring</primary>
-
- <secondary>AFS server partition on server machine after first</secondary>
-
- <tertiary>HP-UX</tertiary>
- </indexterm>
-
- <indexterm>
- <primary>AFS server partition</primary>
-
- <secondary>configuring on server machine after first</secondary>
-
- <tertiary>HP-UX</tertiary>
- </indexterm>
-
- <indexterm>
- <primary>file server machine, additional</primary>
-
- <secondary>AFS server partition</secondary>
-
- <tertiary>on HP-UX</tertiary>
- </indexterm>
-
- <indexterm>
- <primary>HP-UX</primary>
-
- <secondary>AFS server partition</secondary>
-
- <tertiary>on add'l server machine</tertiary>
- </indexterm>
- </listitem>
-
- <listitem>
- <para>Create a directory called <emphasis role="bold">/vicep</emphasis><replaceable>xx</replaceable> for each AFS
- server partition you are configuring (there must be at least one). Repeat the command for each partition.
- <programlisting>
- # <emphasis role="bold">mkdir /vicep</emphasis><replaceable>xx</replaceable>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Use the <emphasis role="bold">SAM</emphasis> program to create a file system on each partition. For
- instructions, consult the HP-UX documentation.</para>
- </listitem>
-
- <listitem>
- <para>On some HP-UX systems that use logical volumes, the <emphasis role="bold">SAM</emphasis> program automatically
- mounts the partitions. If it has not, mount each partition by issuing either the <emphasis role="bold">mount
- -a</emphasis> command to mount all partitions at once or the <emphasis role="bold">mount</emphasis> command to mount
- each partition in turn. <indexterm>
- <primary>replacing fsck program</primary>
-
- <secondary>server machine after first</secondary>
-
- <tertiary>HP-UX</tertiary>
- </indexterm> <indexterm>
- <primary>fsck program</primary>
-
- <secondary>on server machine after first</secondary>
-
- <tertiary>HP-UX</tertiary>
- </indexterm> <indexterm>
- <primary>file server machine, additional</primary>
-
- <secondary>fsck program</secondary>
-
- <tertiary>on HP-UX</tertiary>
- </indexterm> <indexterm>
- <primary>HP-UX</primary>
-
- <secondary>fsck program</secondary>
-
- <tertiary>on add'l server machine</tertiary>
- </indexterm></para>
- </listitem>
-
- <listitem>
- <para>Create the command configuration file <emphasis role="bold">/sbin/lib/mfsconfig.d/afs</emphasis>. Use a text
- editor to place the indicated two lines in it: <programlisting>
- format_revision 1
- fsck 0 m,P,p,d,f,b:c:y,n,Y,N,q,
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Create and change directory to an AFS-specific command directory called <emphasis
- role="bold">/sbin/fs/afs</emphasis>. <programlisting>
- # <emphasis role="bold">mkdir /sbin/fs/afs</emphasis>
- # <emphasis role="bold">cd /sbin/fs/afs</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Copy the AFS-modified version of the <emphasis role="bold">fsck</emphasis> program (the <emphasis
- role="bold">vfsck</emphasis> binary) and related files from the distribution directory to the new AFS-specific command
- directory. <programlisting>
- # <emphasis role="bold">cp -p /tmp/afsdist/hp_ux110/dest/root.server/etc/* .</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Change the <emphasis role="bold">vfsck</emphasis> binary's name to <emphasis role="bold">fsck</emphasis> and set
- the mode bits appropriately on all of the files in the <emphasis role="bold">/sbin/fs/afs</emphasis> directory.
- <programlisting>
- # <emphasis role="bold">mv vfsck fsck</emphasis>
- # <emphasis role="bold">chmod 755 *</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Edit the <emphasis role="bold">/etc/fstab</emphasis> file, changing the file system type for each AFS server
- partition from <computeroutput>hfs</computeroutput> to <computeroutput>afs</computeroutput>. This ensures that the
- AFS-modified <emphasis role="bold">fsck</emphasis> program runs on the appropriate partitions.</para>
-
- <para>The sixth line in the following example of an edited file shows an AFS server partition, <emphasis
- role="bold">/vicepa</emphasis>.</para>
-
- <programlisting>
- /dev/vg00/lvol1 / hfs defaults 0 1
- /dev/vg00/lvol4 /opt hfs defaults 0 2
- /dev/vg00/lvol5 /tmp hfs defaults 0 2
- /dev/vg00/lvol6 /usr hfs defaults 0 2
- /dev/vg00/lvol8 /var hfs defaults 0 2
- /dev/vg00/lvol9 /vicepa afs defaults 0 2
- /dev/vg00/lvol7 /usr/vice/cache hfs defaults 0 2
-</programlisting>
- </listitem>
-
- <listitem>
- <para>If the machine is to remain an AFS client, incorporate AFS into its authentication system, following the
- instructions in <link linkend="HDRWQ35">Enabling AFS Login on HP-UX Systems</link>.</para>
- </listitem>
-
- <listitem>
- <para>Proceed to <link linkend="HDRWQ108">Starting Server Programs</link>.</para>
- </listitem>
- </orderedlist></para>
- </sect3>
-
<sect3 id="HDRWQ106">
<title>Getting Started on Linux Systems</title>
</listitem>
<listitem>
- <para>On HP-UX systems, <emphasis role="bold">/sbin/init.d/afs</emphasis></para>
- </listitem>
-
- <listitem>
<para>On Fedora and RHEL systems,
<emphasis role="bold">/etc/sysconfig/openafs</emphasis>.
Note that this file has a different format from a standard
</orderedlist></para>
<indexterm>
- <primary>HP-UX</primary>
-
- <secondary>AFS initialization script</secondary>
-
- <tertiary>on add'l server machine</tertiary>
- </indexterm>
-
- <para><emphasis role="bold">On HP-UX systems:</emphasis> <orderedlist>
- <listitem>
- <para>Run the AFS initialization script. <programlisting>
- # <emphasis role="bold">/sbin/init.d/afs start</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Change to the <emphasis role="bold">/sbin/init.d</emphasis> directory and issue the <emphasis role="bold">ln
- -s</emphasis> command to create symbolic links that incorporate the AFS initialization script into the HP-UX
- startup and shutdown sequence. <programlisting>
- # <emphasis role="bold">cd /sbin/init.d</emphasis>
- # <emphasis role="bold">ln -s ../init.d/afs /sbin/rc2.d/S460afs</emphasis>
- # <emphasis role="bold">ln -s ../init.d/afs /sbin/rc2.d/K800afs</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para><emphasis role="bold">(Optional)</emphasis> There are now copies of the AFS initialization file in both the
- <emphasis role="bold">/usr/vice/etc</emphasis> and <emphasis role="bold">/sbin/init.d</emphasis> directories. If
- you want to avoid potential confusion by guaranteeing that they are always the same, create a link between them.
- You can always retrieve the original script from the AFS CD-ROM if necessary. <programlisting>
- # <emphasis role="bold">cd /usr/vice/etc</emphasis>
- # <emphasis role="bold">rm afs.rc</emphasis>
- # <emphasis role="bold">ln -s /sbin/init.d/afs afs.rc</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Proceed to Step <link linkend="LIWQ113">4</link>.</para>
- </listitem>
- </orderedlist></para>
-
- <indexterm>
<primary>Linux</primary>
<secondary>AFS initialization script</secondary>
</listitem>
<listitem>
- <para><link linkend="HDRWQ138">Getting Started on HP-UX Systems</link></para>
- </listitem>
-
- <listitem>
<para><link linkend="HDRWQ143">Getting Started on Linux Systems</link></para>
</listitem>
<listitem>
<para>Proceed to <link linkend="HDRWQ145">Loading and Creating Client Files</link>.</para>
</listitem>
- </orderedlist></para>
-
- <indexterm>
- <primary>incorporating AFS kernel extensions</primary>
-
- <secondary>client machine</secondary>
-
- <tertiary>HP-UX</tertiary>
- </indexterm>
-
- <indexterm>
- <primary>AFS kernel extensions</primary>
-
- <secondary>on client machine</secondary>
-
- <tertiary>HP-UX</tertiary>
- </indexterm>
-
- <indexterm>
- <primary>client machine</primary>
-
- <secondary>AFS kernel extensions</secondary>
-
- <tertiary>on HP-UX</tertiary>
- </indexterm>
-
- <indexterm>
- <primary>HP-UX</primary>
-
- <secondary>AFS-modified kernel</secondary>
-
- <tertiary>on client machine</tertiary>
- </indexterm>
-
- <indexterm>
- <primary>enabling AFS login</primary>
-
- <secondary>client machine</secondary>
-
- <tertiary>HP-UX</tertiary>
- </indexterm>
-
- <indexterm>
- <primary>AFS login</primary>
-
- <secondary>on client machine</secondary>
-
- <tertiary>HP-UX</tertiary>
- </indexterm>
-
- <indexterm>
- <primary>client machine</primary>
-
- <secondary>AFS login</secondary>
-
- <tertiary>on HP-UX</tertiary>
- </indexterm>
-
- <indexterm>
- <primary>HP-UX</primary>
-
- <secondary>AFS login</secondary>
-
- <tertiary>on client machine</tertiary>
- </indexterm>
-
- <indexterm>
- <primary>PAM</primary>
-
- <secondary>on HP-UX</secondary>
-
- <tertiary>client machine</tertiary>
- </indexterm>
- </sect2>
- </sect1>
-
- <sect1 id="HDRWQ138">
- <title>Getting Started on HP-UX Systems</title>
-
- <para>In this section you build AFS into the HP-UX kernel. Then incorporate AFS modifications into the machine's Pluggable
- Authentication Module (PAM) system, if you wish to enable AFS login.</para>
-
- <sect2 id="Header_126">
- <title>Building AFS into the HP-UX Kernel</title>
-
- <para>On HP-UX systems, you must build AFS modifications into a new static kernel; HP-UX does not support dynamic loading. If
- the machine's hardware and software configuration exactly matches another HP-UX machine on which AFS is already built into the
- kernel, you can choose to copy the kernel from that machine to this one. In general, however, it is better to build AFS
- modifications into the kernel on each machine according to the following instructions. <orderedlist>
- <listitem>
- <para>Move the existing kernel-related files to a safe location. <programlisting>
- # <emphasis role="bold">cp /stand/vmunix /stand/vmunix.noafs</emphasis>
- # <emphasis role="bold">cp /stand/system /stand/system.noafs</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Unpack the OpenAFS HP-UX distribution tarball. The examples
- below assume that you have unpacked the files into the
- <emphasis role="bold">/tmp/afsdist</emphasis> directory. If you
- pick a different location, substitute this in all of the following
- examples. Once you have unpacked the distribution, change directory
- as indicated.
- <programlisting>
- # <emphasis role="bold">cd /tmp/afsdist/hp_ux110/dest/root.client</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Copy the AFS initialization file to the local directory for initialization files (by convention, <emphasis
- role="bold">/sbin/init.d</emphasis> on HP-UX machines). Note the removal of the <emphasis role="bold">.rc</emphasis>
- extension as you copy the file. <programlisting>
- # <emphasis role="bold">cp usr/vice/etc/afs.rc /sbin/init.d/afs</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Copy the file <emphasis role="bold">afs.driver</emphasis> to the local <emphasis
- role="bold">/usr/conf/master.d</emphasis> directory, changing its name to <emphasis role="bold">afs</emphasis> as you
- do. <programlisting>
- # <emphasis role="bold">cp usr/vice/etc/afs.driver /usr/conf/master.d/afs</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Copy the AFS kernel module to the local <emphasis role="bold">/usr/conf/lib</emphasis> directory.</para>
-
- <para>If the machine's kernel supports NFS server functionality:</para>
-
- <programlisting>
- # <emphasis role="bold">cp bin/libafs.a /usr/conf/lib</emphasis>
-</programlisting>
-
- <para>If the machine's kernel does not support NFS server functionality, change the file's name as you copy it:</para>
-
- <programlisting>
- # <emphasis role="bold">cp bin/libafs.nonfs.a /usr/conf/lib/libafs.a</emphasis>
-</programlisting>
- </listitem>
-
- <listitem>
- <para>Incorporate the AFS driver into the kernel, either using the <emphasis role="bold">SAM</emphasis> program or a
- series of individual commands. <itemizedlist>
- <listitem>
- <para>To use the <emphasis role="bold">SAM</emphasis> program: <orderedlist>
- <listitem>
- <para>Invoke the <emphasis role="bold">SAM</emphasis> program, specifying the hostname of the local machine
- as <replaceable>local_hostname</replaceable>. The <emphasis role="bold">SAM</emphasis> graphical user
- interface pops up. <programlisting>
- # <emphasis role="bold">sam -display</emphasis> <replaceable>local_hostname</replaceable><emphasis role="bold">:0</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Choose the <emphasis role="bold">Kernel Configuration</emphasis> icon, then the <emphasis
- role="bold">Drivers</emphasis> icon. From the list of drivers, select <emphasis
- role="bold">afs</emphasis>.</para>
- </listitem>
-
- <listitem>
- <para>Open the pull-down <emphasis role="bold">Actions</emphasis> menu and choose the <emphasis
- role="bold">Add Driver to Kernel</emphasis> option.</para>
- </listitem>
-
- <listitem>
- <para>Open the <emphasis role="bold">Actions</emphasis> menu again and choose the <emphasis
- role="bold">Create a New Kernel</emphasis> option.</para>
- </listitem>
-
- <listitem>
- <para>Confirm your choices by choosing <emphasis role="bold">Yes</emphasis> and <emphasis
- role="bold">OK</emphasis> when prompted by subsequent pop-up windows. The <emphasis
- role="bold">SAM</emphasis> program builds the kernel and reboots the system.</para>
- </listitem>
-
- <listitem>
- <para>Login again as the superuser <emphasis role="bold">root</emphasis>. <programlisting>
- login: <emphasis role="bold">root</emphasis>
- Password: <replaceable>root_password</replaceable>
-</programlisting></para>
- </listitem>
- </orderedlist></para>
- </listitem>
-
- <listitem>
- <para>To use individual commands: <orderedlist>
- <listitem>
- <para>Edit the file <emphasis role="bold">/stand/system</emphasis>, adding an entry for <emphasis
- role="bold">afs</emphasis> to the <computeroutput>Subsystems</computeroutput> section.</para>
- </listitem>
-
- <listitem>
- <para>Change to the <emphasis role="bold">/stand/build</emphasis> directory and issue the <emphasis
- role="bold">mk_kernel</emphasis> command to build the kernel. <programlisting>
- # <emphasis role="bold">cd /stand/build</emphasis>
- # <emphasis role="bold">mk_kernel</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Move the new kernel to the standard location (<emphasis role="bold">/stand/vmunix</emphasis>), reboot
- the machine to start using it, and login again as the superuser <emphasis role="bold">root</emphasis>.
- <programlisting>
- # <emphasis role="bold">mv /stand/build/vmunix_test /stand/vmunix</emphasis>
- # <emphasis role="bold">cd /</emphasis>
- # <emphasis role="bold">shutdown -r now</emphasis>
- login: <emphasis role="bold">root</emphasis>
- Password: <replaceable>root_password</replaceable>
-</programlisting></para>
- </listitem>
- </orderedlist></para>
- </listitem>
- </itemizedlist></para>
- </listitem>
- </orderedlist></para>
- </sect2>
-
- <sect2 id="Header_127">
- <title>Enabling AFS Login on HP-UX Systems</title>
-
- <para>At this point you incorporate AFS into the operating system's Pluggable Authentication Module (PAM) scheme. PAM
- integrates all authentication mechanisms on the machine, including login, to provide the security infrastructure for
- authenticated access to and from the machine.</para>
-
- <para>In modern AFS installations, you should be using Kerberos v5
- for user login, and obtaining AFS tokens subsequent to this authentication
- step. OpenAFS does not currently distribute a PAM module allowing AFS
- tokens to be automatically gained at login. Whilst there are a number of
- third party modules providing this functionality, it is not know if these
- have been tested with HP/UX.</para>
-
- <para>Following login, users can
- obtain tokens by running the <emphasis role="bold">aklog</emphasis>
- command</para>
-
- <para>If you are at a site which still requires
- <emphasis role="bold">kaserver</emphasis> or external Kerberos v4 based
- authentication, please consult
- <link linkend="KAS014">Enabling kaserver based AFS Login on HP-UX systems</link>
- for further installation instructions.
- <orderedlist>
- <listitem>
- <para>Proceed to <link linkend="HDRWQ145">Loading and Creating Client Files</link>.</para>
- </listitem>
</orderedlist>
<indexterm>
</listitem>
<listitem>
- <para>On HP-UX systems, <emphasis role="bold">/sbin/init.d/afs</emphasis></para>
- </listitem>
-
- <listitem>
<para>On Fedora and RHEL systems, <emphasis role="bold">/etc/sysconfig/openafs</emphasis></para>
</listitem>
</listitem>
<listitem>
- <para><link linkend="HDRWQ153">Running the Script on HP-UX Systems</link></para>
- </listitem>
-
- <listitem>
<para><link linkend="HDRWQ155">Running the Script on Linux Systems</link></para>
</listitem>
</indexterm>
<indexterm>
- <primary>HP-UX</primary>
-
- <secondary>AFS initialization script</secondary>
-
- <tertiary>on client machine</tertiary>
- </indexterm>
- </sect2>
-
- <sect2 id="HDRWQ153">
- <title>Running the Script on HP-UX Systems</title>
-
- <orderedlist>
- <listitem>
- <para>Run the AFS initialization script. <programlisting>
- # <emphasis role="bold">/sbin/init.d/afs start</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>Change to the <emphasis role="bold">/sbin/init.d</emphasis> directory and issue the <emphasis role="bold">ln
- -s</emphasis> command to create symbolic links that incorporate the AFS initialization script into the HP-UX startup and
- shutdown sequence. <programlisting>
- # <emphasis role="bold">cd /sbin/init.d</emphasis>
- # <emphasis role="bold">ln -s ../init.d/afs /sbin/rc2.d/S460afs</emphasis>
- # <emphasis role="bold">ln -s ../init.d/afs /sbin/rc2.d/K800afs</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para><emphasis role="bold">(Optional)</emphasis> There are now copies of the AFS initialization file in both the
- <emphasis role="bold">/usr/vice/etc</emphasis> and <emphasis role="bold">/sbin/init.d</emphasis> directories. If you want
- to avoid potential confusion by guaranteeing that they are always the same, create a link between them. You can always
- retrieve the original script from the AFS CD-ROM if necessary. <programlisting>
- # <emphasis role="bold">cd /usr/vice/etc</emphasis>
- # <emphasis role="bold">rm afs.rc</emphasis>
- # <emphasis role="bold">ln -s /sbin/init.d/afs afs.rc</emphasis>
-</programlisting></para>
- </listitem>
-
- <listitem>
- <para>If a volume for housing AFS binaries for this machine's system type does not already exist, proceed to <link
- linkend="HDRWQ157">Setting Up Volumes and Loading Binaries into AFS</link>. Otherwise, the installation is
- complete.</para>
- </listitem>
- </orderedlist>
-
- <indexterm>
- <primary>afs file</primary>
-
- <secondary>AFS initialization file</secondary>
- </indexterm>
-
- <indexterm>
- <primary>files</primary>
-
- <secondary>afs</secondary>
-
- <tertiary>AFS initialization file</tertiary>
- </indexterm>
-
- <indexterm>
<primary>etc/rc.d/init.d/afs</primary>
<see>afs file</see>
git://git.openafs.org / openafs.git / commitdiff