From 2c6886bf8c62f72eb399d96508012ff7724e1180 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Mon, 3 Nov 2014 12:59:14 -0500 Subject: [PATCH] Reorder "Getting Started" sections Put the ones most likely to be relevant at the top, instead of sorting alphabetically. Change-Id: I6ad80ee2a30b7192d8c8e4668234fa1789e1a213 Reviewed-on: http://gerrit.openafs.org/11576 Tested-by: BuildBot Reviewed-by: D Brashear --- doc/xml/QuickStartUnix/auqbg005.xml | 1740 +++++++++++++++++------------------ 1 file changed, 870 insertions(+), 870 deletions(-) diff --git a/doc/xml/QuickStartUnix/auqbg005.xml b/doc/xml/QuickStartUnix/auqbg005.xml index 8f3d00f..f2dab8c 100644 --- a/doc/xml/QuickStartUnix/auqbg005.xml +++ b/doc/xml/QuickStartUnix/auqbg005.xml @@ -424,122 +424,215 @@ To continue, proceed to the appropriate section: - Getting Started on AIX Systems + Getting Started on Linux Systems - Getting Started on Linux Systems + Getting Started on Solaris Systems - Getting Started on Solaris Systems + Getting Started on AIX Systems - - Getting Started on AIX Systems + + Getting Started on Linux Systems + + + replacing fsck program + + not necessary on Linux + + + + fsck program + + on first AFS machine + + Linux + + + + first AFS machine + + fsck program + + on Linux + - Begin by running the AFS initialization script to call the AIX kernel extension facility, which dynamically loads AFS - modifications into the kernel. Then use the SMIT program to configure partitions for storing - AFS volumes, and replace the AIX fsck program helper with a version that correctly handles AFS - volumes. If the machine is to remain an AFS client machine, incorporate AFS into the AIX secondary authentication system. + Linux + + fsck program replacement not necessary + + + Since this guide was originally written, the procedure for starting + OpenAFS has diverged significantly between different Linux distributions. + The instructions that follow are appropriate for both the Fedora and + RedHat Enterprise Linux packages distributed by OpenAFS. Additional + instructions are provided for those building from source. + + Begin by running the AFS client startup scripts, which call the + modprobe program to dynamically + load the AFS modifications into the kernel. Then create partitions for + storing AFS volumes. You do not need to replace the Linux fsck program. If the machine is to remain an + AFS client machine, incorporate AFS into the machine's Pluggable + Authentication Module (PAM) scheme. incorporating AFS kernel extensions first AFS machine - AIX + Linux AFS kernel extensions on first AFS machine - AIX + Linux first AFS machine AFS kernel extensions - on AIX + on Linux - AIX + Linux AFS kernel extensions on first AFS machine - - Loading AFS into the AIX Kernel + + Loading AFS into the Linux Kernel - The AIX kernel extension facility is the dynamic kernel loader - provided by IBM Corporation. AIX does not support incorporation of - AFS modifications during a kernel build. + The modprobe program is the dynamic kernel loader for Linux. Linux does not support + incorporation of AFS modifications during a kernel build. - For AFS to function correctly, the kernel extension facility must run each time the machine reboots, so the AFS - initialization script (included in the AFS distribution) invokes it automatically. In this section you copy the script to the - conventional location and edit it to select the appropriate options depending on whether NFS is also to run. + For AFS to function correctly, the modprobe program must run each time the machine + reboots, so your distribution's AFS initialization script invokes it automatically. The script also includes + commands that select the appropriate AFS library file automatically. In this section you run the script. - After editing the script, you run it to incorporate AFS into the kernel. In later sections you verify that the script - correctly initializes all AFS components, then configure the AIX inittab file so that the - script runs automatically at reboot. + In later sections you verify that the script correctly initializes all AFS components, then activate a configuration + variable, which results in the script being incorporated into the Linux startup and shutdown sequence. + + The procedure for starting up OpenAFS depends upon your distribution + + Fedora and RedHat Enterprise Linux + OpenAFS provides RPMS for all current Fedora and RedHat Enterprise Linux (RHEL) releases on the OpenAFS web site and the OpenAFS yum repository. + - Unpack the distribution tarball. The examples below assume - that you have unpacked the files into the - /tmp/afsdist directory. If you - pick a different location, substitute this in all of the following - examples. Once you have unpacked the distribution, + Browse to + http://dl.openafs.org/dl/openafs/VERSION, + where VERSION is the latest stable release of + OpenAFS. Download the + openafs-repository-VERSION.noarch.rpm + file for Fedora systems or the + openafs-repository-rhel-VERSION.noarch.rpm + file for RedHat-based systems. + + + + Install the downloaded RPM file using the following command: + + # rpm -U openafs-repository*.rpm + + + + + Install the RPM set for your operating system using the yum command as follows: + + # yum -y install openafs-client openafs-server openafs-krb5 kmod-openafs + + + + Alternatively, you may use dynamically-compiled kernel + modules if you have the kernel headers, a compiler, and the + dkms package from + EPEL installed. + + + To use dynamically-compiled kernel modules instead of statically compiled modules, use the following command instead of the kmod-openafs as shown above: + + # yum install openafs-client openafs-server openafs-krb5 dkms-openafs + + + + + + + + + Systems packaged as tar files + If you are running a system where the OpenAFS Binary Distribution + is provided as a tar file, or where you have built the system from + source yourself, you need to install the relevant components by hand + + + + + Unpack the distribution tarball. The examples below assume + that you have unpacked the files into the + /tmp/afsdist directory. If you + pick a different location, substitute this in all of the following + examples. Once you have unpacked the distribution, change directory as indicated. - # cd /tmp/afsdist/rs_aix42/dest/root.client/usr/vice/etc + # cd /tmp/afsdist/linux/dest/root.client/usr/vice/etc - + - Copy the AFS kernel library files to the local /usr/vice/etc/dkload directory, - and the AFS initialization script to the /etc directory. - # cp -rp dkload /usr/vice/etc - # cp -p rc.afs /etc/rc.afs + Copy the AFS kernel library files to the local /usr/vice/etc/modload directory. + The filenames for the libraries have the format libafs-version.o, where + version indicates the kernel build level. The string .mp in + the version indicates that the file is appropriate for machines running a multiprocessor + kernel. + # cp -rp modload /usr/vice/etc - Edit the /etc/rc.afs script, setting the NFS - variable as indicated. - - If the machine is not to function as an NFS/AFS Translator, set the NFS variable - as follows. - - - NFS=$NFS_NONE - - - If the machine is to function as an NFS/AFS Translator and is running AIX 4.2.1 or higher, set the - NFS variable as follows. Note that NFS must already be loaded into the kernel, which - happens automatically on systems running AIX 4.1.1 and later, as long as the file /etc/exports exists. - - - NFS=$NFS_IAUTH - + Copy the AFS initialization script to the local directory for initialization files (by convention, /etc/rc.d/init.d on Linux machines). Note the removal of the .rc + extension as you copy the script. + # cp -p afs.rc /etc/rc.d/init.d/afs + + + configuring - + AFS server partition on first AFS machine - AIX + Linux @@ -547,7 +640,7 @@ configuring on first AFS machine - AIX + Linux @@ -555,30 +648,29 @@ AFS server partition - on AIX + on Linux - AIX + Linux AFS server partition on first AFS machine + - - Configuring Server Partitions on AIX Systems + + Configuring Server Partitions on Linux Systems Every AFS file server machine must have at least one partition or logical volume dedicated to storing AFS volumes. Each server partition is mounted at a directory named /vicepxx, where xx is one or two lowercase letters. The /vicepxx directories must reside in the file server machine's root directory, not in one of its subdirectories (for example, /usr/vicepa is not an acceptable - directory location). For additional information, see Performing Platform-Specific - Procedures. - - To configure server partitions on an AIX system, perform the following procedures: + directory location). For additional information, see Performing Platform-Specific Procedures. + Create a directory called /vicepxx for each AFS server partition you are configuring (there must be at least one). Repeat the command for each partition. @@ -587,95 +679,35 @@ - Use the SMIT program to create a journaling file system on each partition to be - configured as an AFS server partition. + Add a line with the following format to the file systems registry file, /etc/fstab, for each directory just created. The entry maps the directory name to the disk + partition to be mounted on it. + /dev/disk /vicepxx ext2 defaults 0 2 + + + The following is an example for the first partition being configured. + + + /dev/sda8 /vicepa ext2 defaults 0 2 + - Mount each partition at one of the /vicepxx - directories. Choose one of the following three methods: - - Use the SMIT program - + Create a file system on each partition that is to be mounted at a /vicepxx directory. The following command is probably appropriate, but + consult the Linux documentation for more information. + # mkfs -v /dev/disk + + - - Use the mount -a command to mount all partitions at once - - - - Use the mount command on each partition in turn - - - - Also configure the partitions so that they are mounted automatically at each reboot. For more information, refer - to the AIX documentation. - - - - - replacing fsck program - - first AFS machine - - AIX - - - - fsck program - - on first AFS machine - - AIX - - - - first AFS machine - - fsck program - - on AIX - - - - AIX - - fsck program - - on first AFS machine - - - - - Replacing the fsck Program Helper on AIX Systems - - The AFS modified fsck program is not required on AIX 5.1 - systems, and the v3fshelper program - refered to below is not shipped for these systems. - - In this section, you make modifications to guarantee that the appropriate fsck program - runs on AFS server partitions. The fsck program provided with the operating system must never - run on AFS server partitions. Because it does not recognize the structures that the File Server uses to organize volume data, - it removes all of the data. To repeat: - - Never run the standard fsck program on AFS server partitions. It discards AFS - volumes. - - On AIX systems, you do not replace the fsck binary itself, but rather the - program helper file included in the AIX distribution as /sbin/helpers/v3fshelper. - Move the AIX fsck program helper to a safe location and install the version from - the AFS distribution in its place. - - # cd /sbin/helpers - # mv v3fshelper v3fshelper.noafs - # cp -p /tmp/afsdist/rs_aix42/dest/root.server/etc/v3fshelper v3fshelper - + Mount each partition by issuing either the mount -a command to mount all + partitions at once or the mount command to mount each partition in turn. If you plan to retain client functionality on this machine after completing the installation, proceed to Enabling AFS Login on AIX Systems. Otherwise, proceed to Starting the + linkend="HDRWQ44">Enabling AFS Login on Linux Systems. Otherwise, proceed to Starting the BOS Server. @@ -685,7 +717,7 @@ file server machine - AIX + Linux @@ -693,7 +725,7 @@ on file server machine - AIX + Linux @@ -701,11 +733,11 @@ AFS login - on AIX + on Linux - AIX + Linux AFS login @@ -713,593 +745,477 @@ - secondary authentication system (AIX) + PAM - server machine + on Linux + + file server machine - - Enabling AFS Login on AIX Systems + + Enabling AFS Login on Linux Systems - If you plan to remove client functionality from this machine after completing the installation, skip this section and - proceed to Starting the BOS Server. + If you plan to remove client functionality from this machine + after completing the installation, skip this section and proceed + to Starting the BOS Server. - In modern AFS installations, you should be using Kerberos v5 - for user login, and obtaining AFS tokens following this authentication - step. - - There are currently no instructions available on configuring AIX to - automatically obtain AFS tokens at login. Following login, users can - obtain tokens by running the aklog - command - - Sites which still require kaserver - or external Kerberos v4 authentication should consult - Enabling kaserver based AFS login on AIX systems - for details of how to enable AIX login. - - Proceed to Starting the BOS Server - (or if referring to these instructions while installing an additional - file server machine, return to Starting Server - Programs). - - - - - Getting Started on Linux Systems + At this point you incorporate AFS into the operating system's + Pluggable Authentication Module (PAM) scheme. PAM integrates all + authentication mechanisms on the machine, including login, to provide + the security infrastructure for authenticated access to and from the + machine. - - replacing fsck program + You should first configure your system to obtain Kerberos v5 + tickets as part of the authentication process, and then run an AFS PAM + module to obtain tokens from those tickets after authentication. Many + Linux distributions come with a Kerberos v5 PAM module (usually called + pam-krb5 or pam_krb5), or you can download and install Russ Allbery's + Kerberos v5 PAM module, which is tested regularly with AFS. + See the instructions of whatever PAM module you use for how to + configure it. - not necessary on Linux - + Some Kerberos v5 PAM modules do come with native AFS support + (usually requiring the Heimdal Kerberos implementation rather than the + MIT Kerberos implementation). If you are using one of those PAM + modules, you can configure it to obtain AFS tokens. It's more common, + however, to separate the AFS token acquisition into a separate PAM + module. - - fsck program + The recommended AFS PAM module is Russ + Allbery's pam-afs-session module. It should work with any of + the Kerberos v5 PAM modules. To add it to the PAM configuration, you + often only need to add configuration to the session group: - on first AFS machine + + Linux PAM session example + session required pam_afs_session.so + - Linux - + If you also want to obtain AFS tokens for scp + and similar commands that don't open a session, you will also need to + add the AFS PAM module to the auth group so that the PAM + setcred call will obtain tokens. The + pam_afs_session module will always return success + for authentication so that it can be added to the auth group only for + setcred, so make sure that it's not marked as + sufficient. - - first AFS machine + + Linux PAM auth example +auth [success=ok default=1] pam_krb5.so +auth [default=done] pam_afs_session.so +auth required pam_unix.so try_first_pass + - fsck program + This example will work if you want to try Kerberos v5 first and + then fall back to regular Unix authentication. + success=ok for the Kerberos PAM module followed by + default=done for the AFS PAM module will cause a + successful Kerberos login to run the AFS PAM module and then skip the + Unix authentication module. default=1 on the + Kerberos PAM module causes failure of that module to skip the next + module (the AFS PAM module) and fall back to the Unix module. If you + want to try Unix authentication first and rearrange the order, be sure + to use default=die instead. - on Linux - + The PAM configuration is stored in different places in different + Linux distributions. On Red Hat, look in + /etc/pam.d/system-auth. On Debian and + derivatives, look in /etc/pam.d/common-session + and /etc/pam.d/common-auth. - - Linux + For additional configuration examples and the configuration + options of the AFS PAM module, see its documentation. For more + details on the available options for the PAM configuration, see the + Linux PAM documentation. - fsck program replacement not necessary - + Sites which still require kaserver or + external Kerberos v4 authentication should consult Enabling kaserver based AFS Login on Linux + Systems for details of how to enable AFS login on Linux. + + Proceed to Starting the BOS + Server (or if referring to these instructions while installing + an additional file server machine, return to Starting Server Programs). + + - Since this guide was originally written, the procedure for starting - OpenAFS has diverged significantly between different Linux distributions. - The instructions that follow are appropriate for both the Fedora and - RedHat Enterprise Linux packages distributed by OpenAFS. Additional - instructions are provided for those building from source. + + Getting Started on Solaris Systems - Begin by running the AFS client startup scripts, which call the - modprobe program to dynamically - load the AFS modifications into the kernel. Then create partitions for - storing AFS volumes. You do not need to replace the Linux fsck program. If the machine is to remain an - AFS client machine, incorporate AFS into the machine's Pluggable - Authentication Module (PAM) scheme. + Begin by running the AFS initialization script to call the modload program distributed by + Sun Microsystems, which dynamically loads AFS modifications into the kernel. Then create partitions for storing AFS volumes, and + install and configure the AFS-modified fsck program to run on AFS server partitions. If the + machine is to remain an AFS client machine, incorporate AFS into the machine's Pluggable Authentication Module (PAM) scheme. + incorporating AFS kernel extensions first AFS machine - Linux + Solaris AFS kernel extensions on first AFS machine - Linux + Solaris first AFS machine AFS kernel extensions - on Linux + on Solaris - Linux + Solaris AFS kernel extensions on first AFS machine - - Loading AFS into the Linux Kernel + + Loading AFS into the Solaris Kernel - The modprobe program is the dynamic kernel loader for Linux. Linux does not support - incorporation of AFS modifications during a kernel build. + The modload program is the dynamic kernel loader provided by Sun Microsystems for + Solaris systems. Solaris does not support incorporation of AFS modifications during a kernel build. - For AFS to function correctly, the modprobe program must run each time the machine - reboots, so your distribution's AFS initialization script invokes it automatically. The script also includes - commands that select the appropriate AFS library file automatically. In this section you run the script. + For AFS to function correctly, the modload program must run each time the machine + reboots, so the AFS initialization script (included on the AFS CD-ROM) invokes it automatically. In this section you copy the + appropriate AFS library file to the location where the modload program accesses it and then + run the script. - In later sections you verify that the script correctly initializes all AFS components, then activate a configuration - variable, which results in the script being incorporated into the Linux startup and shutdown sequence. - - The procedure for starting up OpenAFS depends upon your distribution - - Fedora and RedHat Enterprise Linux - OpenAFS provides RPMS for all current Fedora and RedHat Enterprise Linux (RHEL) releases on the OpenAFS web site and the OpenAFS yum repository. - - - Browse to - http://dl.openafs.org/dl/openafs/VERSION, - where VERSION is the latest stable release of - OpenAFS. Download the - openafs-repository-VERSION.noarch.rpm - file for Fedora systems or the - openafs-repository-rhel-VERSION.noarch.rpm - file for RedHat-based systems. - - - - Install the downloaded RPM file using the following command: - - # rpm -U openafs-repository*.rpm - - - - - Install the RPM set for your operating system using the yum command as follows: - - # yum -y install openafs-client openafs-server openafs-krb5 kmod-openafs - - - - Alternatively, you may use dynamically-compiled kernel - modules if you have the kernel headers, a compiler, and the - dkms package from - EPEL installed. - - - To use dynamically-compiled kernel modules instead of statically compiled modules, use the following command instead of the kmod-openafs as shown above: - - # yum install openafs-client openafs-server openafs-krb5 dkms-openafs - - - - - - - - - Systems packaged as tar files - If you are running a system where the OpenAFS Binary Distribution - is provided as a tar file, or where you have built the system from - source yourself, you need to install the relevant components by hand - - - + In later sections you verify that the script correctly initializes all AFS components, then create the links that + incorporate AFS into the Solaris startup and shutdown sequence. - Unpack the distribution tarball. The examples below assume - that you have unpacked the files into the - /tmp/afsdist directory. If you - pick a different location, substitute this in all of the following - examples. Once you have unpacked the distribution, - change directory as indicated. + Unpack the OpenAFS Solaris distribution tarball. The examples + below assume that you have unpacked the files into the + /tmp/afsdist directory. If you + pick a diferent location, substitute this in all of the following + exmaples. Once you have unpacked the distribution, change directory + as indicated. - # cd /tmp/afsdist/linux/dest/root.client/usr/vice/etc - - - - - Copy the AFS kernel library files to the local /usr/vice/etc/modload directory. - The filenames for the libraries have the format libafs-version.o, where - version indicates the kernel build level. The string .mp in - the version indicates that the file is appropriate for machines running a multiprocessor - kernel. - # cp -rp modload /usr/vice/etc + # cd /tmp/afsdist/sun4x_56/dest/root.client/usr/vice/etc Copy the AFS initialization script to the local directory for initialization files (by convention, /etc/rc.d/init.d on Linux machines). Note the removal of the .rc + role="bold">/etc/init.d on Solaris machines). Note the removal of the .rc extension as you copy the script. - # cp -p afs.rc /etc/rc.d/init.d/afs + # cp -p afs.rc /etc/init.d/afs - - - - - configuring - - AFS server partition on first AFS machine - - Linux - - - - AFS server partition - - configuring on first AFS machine + Copy the appropriate AFS kernel library file to the local file /kernel/fs/afs. - Linux - + If the machine is running Solaris 11 on the x86_64 platform: - - first AFS machine + + # cp -p modload/libafs64.o /kernel/drv/amd64/afs + - AFS server partition + If the machine is running Solaris 10 on the x86_64 platform: - on Linux - + + # cp -p modload/libafs64.o /kernel/fs/amd64/afs + - - Linux + If the machine is running Solaris 2.6 or the 32-bit version of Solaris 7, its kernel supports NFS server + functionality, and the nfsd process is running: - AFS server partition + + # cp -p modload/libafs.o /kernel/fs/afs + - on first AFS machine - - - + If the machine is running Solaris 2.6 or the 32-bit version of Solaris 7, and its kernel does not support NFS + server functionality or the nfsd process is not running: - - Configuring Server Partitions on Linux Systems + + # cp -p modload/libafs.nonfs.o /kernel/fs/afs + - Every AFS file server machine must have at least one partition or logical volume dedicated to storing AFS volumes. Each - server partition is mounted at a directory named /vicepxx, where - xx is one or two lowercase letters. The /vicepxx directories must reside in the file server machine's root - directory, not in one of its subdirectories (for example, /usr/vicepa is not an acceptable - directory location). For additional information, see Performing Platform-Specific Procedures. - - - Create a directory called /vicepxx for each AFS server - partition you are configuring (there must be at least one). Repeat the command for each partition. - # mkdir /vicepxx - - + If the machine is running the 64-bit version of Solaris 7, its kernel supports NFS server functionality, and the + nfsd process is running: - - Add a line with the following format to the file systems registry file, /etc/fstab, for each directory just created. The entry maps the directory name to the disk - partition to be mounted on it. - /dev/disk /vicepxx ext2 defaults 0 2 - + + # cp -p modload/libafs64.o /kernel/fs/sparcv9/afs + - The following is an example for the first partition being configured. + If the machine is running the 64-bit version of Solaris 7, and its kernel does not support NFS server + functionality or the nfsd process is not running: - /dev/sda8 /vicepa ext2 defaults 0 2 + # cp -p modload/libafs64.nonfs.o /kernel/fs/sparcv9/afs - Create a file system on each partition that is to be mounted at a /vicepxx directory. The following command is probably appropriate, but - consult the Linux documentation for more information. - # mkfs -v /dev/disk + Run the AFS initialization script to load AFS modifications into the kernel. You can ignore any error messages + about the inability to start the BOS Server or the Cache Manager or AFS client. + # /etc/init.d/afs start - - - Mount each partition by issuing either the mount -a command to mount all - partitions at once or the mount command to mount each partition in turn. - + When an entry called afs does not already exist in the local /etc/name_to_sysnum file, the script automatically creates it and reboots the machine to start + using the new version of the file. If this happens, log in again as the superuser root + after the reboot and run the initialization script again. This time the required entry exists in the /etc/name_to_sysnum file, and the modload program runs. - - If you plan to retain client functionality on this machine after completing the installation, proceed to Enabling AFS Login on Linux Systems. Otherwise, proceed to Starting the - BOS Server. + + login: root + Password: root_password + # /etc/init.d/afs start + - enabling AFS login + replacing fsck program - file server machine + first AFS machine - Linux + Solaris - AFS login + fsck program - on file server machine + on first AFS machine - Linux + Solaris first AFS machine - AFS login - - on Linux - - - - Linux - - AFS login + fsck program - on file server machine + on Solaris - PAM + Solaris - on Linux + fsck program - file server machine + on first AFS machine - - Enabling AFS Login on Linux Systems + + Configuring the AFS-modified fsck Program on Solaris Systems - - If you plan to remove client functionality from this machine - after completing the installation, skip this section and proceed - to Starting the BOS Server. - + In this section, you make modifications to guarantee that the appropriate fsck program + runs on AFS server partitions. The fsck program provided with the operating system must never + run on AFS server partitions. Because it does not recognize the structures that the File Server uses to organize volume data, + it removes all of the data. To repeat: - At this point you incorporate AFS into the operating system's - Pluggable Authentication Module (PAM) scheme. PAM integrates all - authentication mechanisms on the machine, including login, to provide - the security infrastructure for authenticated access to and from the - machine. - - You should first configure your system to obtain Kerberos v5 - tickets as part of the authentication process, and then run an AFS PAM - module to obtain tokens from those tickets after authentication. Many - Linux distributions come with a Kerberos v5 PAM module (usually called - pam-krb5 or pam_krb5), or you can download and install Russ Allbery's - Kerberos v5 PAM module, which is tested regularly with AFS. - See the instructions of whatever PAM module you use for how to - configure it. + Never run the standard fsck program on AFS server partitions. It discards AFS volumes. + + + Create the /usr/lib/fs/afs directory to house the AFS-modified fsck program and related files. + # mkdir /usr/lib/fs/afs + # cd /usr/lib/fs/afs + + - Some Kerberos v5 PAM modules do come with native AFS support - (usually requiring the Heimdal Kerberos implementation rather than the - MIT Kerberos implementation). If you are using one of those PAM - modules, you can configure it to obtain AFS tokens. It's more common, - however, to separate the AFS token acquisition into a separate PAM - module. + + Copy the vfsck binary to the newly created directory, changing the name as you do + so. + # cp /tmp/afsdist/sun4x_56/dest/root.server/etc/vfsck fsck + + - The recommended AFS PAM module is Russ - Allbery's pam-afs-session module. It should work with any of - the Kerberos v5 PAM modules. To add it to the PAM configuration, you - often only need to add configuration to the session group: + + Working in the /usr/lib/fs/afs directory, create the following links to Solaris + libraries: + # ln -s /usr/lib/fs/ufs/clri + # ln -s /usr/lib/fs/ufs/df + # ln -s /usr/lib/fs/ufs/edquota + # ln -s /usr/lib/fs/ufs/ff + # ln -s /usr/lib/fs/ufs/fsdb + # ln -s /usr/lib/fs/ufs/fsirand + # ln -s /usr/lib/fs/ufs/fstyp + # ln -s /usr/lib/fs/ufs/labelit + # ln -s /usr/lib/fs/ufs/lockfs + # ln -s /usr/lib/fs/ufs/mkfs + # ln -s /usr/lib/fs/ufs/mount + # ln -s /usr/lib/fs/ufs/ncheck + # ln -s /usr/lib/fs/ufs/newfs + # ln -s /usr/lib/fs/ufs/quot + # ln -s /usr/lib/fs/ufs/quota + # ln -s /usr/lib/fs/ufs/quotaoff + # ln -s /usr/lib/fs/ufs/quotaon + # ln -s /usr/lib/fs/ufs/repquota + # ln -s /usr/lib/fs/ufs/tunefs + # ln -s /usr/lib/fs/ufs/ufsdump + # ln -s /usr/lib/fs/ufs/ufsrestore + # ln -s /usr/lib/fs/ufs/volcopy + + - - Linux PAM session example - session required pam_afs_session.so - + + Append the following line to the end of the file /etc/dfs/fstypes. + + afs AFS Utilities + + - If you also want to obtain AFS tokens for scp - and similar commands that don't open a session, you will also need to - add the AFS PAM module to the auth group so that the PAM - setcred call will obtain tokens. The - pam_afs_session module will always return success - for authentication so that it can be added to the auth group only for - setcred, so make sure that it's not marked as - sufficient. + + Edit the /sbin/mountall file, making two changes. + + Add an entry for AFS to the case statement for option 2, so that it reads + as follows: + case "$2" in + ufs) foptions="-o p" + ;; + afs) foptions="-o p" + ;; + s5) foptions="-y -t /var/tmp/tmp$$ -D" + ;; + *) foptions="-y" + ;; + + - - Linux PAM auth example -auth [success=ok default=1] pam_krb5.so -auth [default=done] pam_afs_session.so -auth required pam_unix.so try_first_pass - + + Edit the file so that all AFS and UFS partitions are checked in parallel. Replace the following section of + code: + # For fsck purposes, we make a distinction between ufs and + # other file systems + # + if [ "$fstype" = "ufs" ]; then + ufs_fscklist="$ufs_fscklist $fsckdev" + saveentry $fstype "$OPTIONS" $special $mountp + continue + fi + - This example will work if you want to try Kerberos v5 first and - then fall back to regular Unix authentication. - success=ok for the Kerberos PAM module followed by - default=done for the AFS PAM module will cause a - successful Kerberos login to run the AFS PAM module and then skip the - Unix authentication module. default=1 on the - Kerberos PAM module causes failure of that module to skip the next - module (the AFS PAM module) and fall back to the Unix module. If you - want to try Unix authentication first and rearrange the order, be sure - to use default=die instead. + with the following section of code: - The PAM configuration is stored in different places in different - Linux distributions. On Red Hat, look in - /etc/pam.d/system-auth. On Debian and - derivatives, look in /etc/pam.d/common-session - and /etc/pam.d/common-auth. + + # For fsck purposes, we make a distinction between ufs/afs + # and other file systems. + # + if [ "$fstype" = "ufs" -o "$fstype" = "afs" ]; then + ufs_fscklist="$ufs_fscklist $fsckdev" + saveentry $fstype "$OPTIONS" $special $mountp + continue + fi + + + + + - For additional configuration examples and the configuration - options of the AFS PAM module, see its documentation. For more - details on the available options for the PAM configuration, see the - Linux PAM documentation. + + configuring - Sites which still require kaserver or - external Kerberos v4 authentication should consult Enabling kaserver based AFS Login on Linux - Systems for details of how to enable AFS login on Linux. - - Proceed to Starting the BOS - Server (or if referring to these instructions while installing - an additional file server machine, return to Starting Server Programs). - - + AFS server partition on first AFS machine - - Getting Started on Solaris Systems + Solaris + - Begin by running the AFS initialization script to call the modload program distributed by - Sun Microsystems, which dynamically loads AFS modifications into the kernel. Then create partitions for storing AFS volumes, and - install and configure the AFS-modified fsck program to run on AFS server partitions. If the - machine is to remain an AFS client machine, incorporate AFS into the machine's Pluggable Authentication Module (PAM) scheme. - - incorporating AFS kernel extensions + + AFS server partition - first AFS machine + configuring on first AFS machine Solaris - - AFS kernel extensions - - on first AFS machine + - Solaris - + first AFS machine - AFS kernel extensions + AFS server partition on Solaris - + + + Solaris - AFS kernel extensions + AFS server partition on first AFS machine - - - - Loading AFS into the Solaris Kernel - - The modload program is the dynamic kernel loader provided by Sun Microsystems for - Solaris systems. Solaris does not support incorporation of AFS modifications during a kernel build. + + - For AFS to function correctly, the modload program must run each time the machine - reboots, so the AFS initialization script (included on the AFS CD-ROM) invokes it automatically. In this section you copy the - appropriate AFS library file to the location where the modload program accesses it and then - run the script. + + Configuring Server Partitions on Solaris Systems - In later sections you verify that the script correctly initializes all AFS components, then create the links that - incorporate AFS into the Solaris startup and shutdown sequence. + Every AFS file server machine must have at least one partition or logical volume dedicated to storing AFS volumes. Each + server partition is mounted at a directory named /vicepxx, where + xx is one or two lowercase letters. The /vicepxx directories must reside in the file server machine's root + directory, not in one of its subdirectories (for example, /usr/vicepa is not an acceptable + directory location). For additional information, see Performing Platform-Specific Procedures. + - Unpack the OpenAFS Solaris distribution tarball. The examples - below assume that you have unpacked the files into the - /tmp/afsdist directory. If you - pick a diferent location, substitute this in all of the following - exmaples. Once you have unpacked the distribution, change directory - as indicated. - - # cd /tmp/afsdist/sun4x_56/dest/root.client/usr/vice/etc + Create a directory called /vicepxx for each AFS server + partition you are configuring (there must be at least one). Repeat the command for each partition. + # mkdir /vicepxx - Copy the AFS initialization script to the local directory for initialization files (by convention, /etc/init.d on Solaris machines). Note the removal of the .rc - extension as you copy the script. - # cp -p afs.rc /etc/init.d/afs + Add a line with the following format to the file systems registry file, /etc/vfstab, for each partition to be mounted on a directory created in the previous step. Note + the value afs in the fourth field, which tells Solaris to use the AFS-modified + fsck program on this partition. + /dev/dsk/disk /dev/rdsk/disk /vicepxx afs boot_order yes - - - - Copy the appropriate AFS kernel library file to the local file /kernel/fs/afs. - - If the machine is running Solaris 11 on the x86_64 platform: - - - # cp -p modload/libafs64.o /kernel/drv/amd64/afs - - - If the machine is running Solaris 10 on the x86_64 platform: - - - # cp -p modload/libafs64.o /kernel/fs/amd64/afs - - - If the machine is running Solaris 2.6 or the 32-bit version of Solaris 7, its kernel supports NFS server - functionality, and the nfsd process is running: - - - # cp -p modload/libafs.o /kernel/fs/afs - - If the machine is running Solaris 2.6 or the 32-bit version of Solaris 7, and its kernel does not support NFS - server functionality or the nfsd process is not running: - - - # cp -p modload/libafs.nonfs.o /kernel/fs/afs - - - If the machine is running the 64-bit version of Solaris 7, its kernel supports NFS server functionality, and the - nfsd process is running: - - - # cp -p modload/libafs64.o /kernel/fs/sparcv9/afs - - - If the machine is running the 64-bit version of Solaris 7, and its kernel does not support NFS server - functionality or the nfsd process is not running: + The following is an example for the first partition being configured. - # cp -p modload/libafs64.nonfs.o /kernel/fs/sparcv9/afs + /dev/dsk/c0t6d0s1 /dev/rdsk/c0t6d0s1 /vicepa afs 3 yes - Run the AFS initialization script to load AFS modifications into the kernel. You can ignore any error messages - about the inability to start the BOS Server or the Cache Manager or AFS client. - # /etc/init.d/afs start + Create a file system on each partition that is to be mounted at a /vicepxx directory. The following command is probably appropriate, but + consult the Solaris documentation for more information. + # newfs -v /dev/rdsk/disk + - When an entry called afs does not already exist in the local /etc/name_to_sysnum file, the script automatically creates it and reboots the machine to start - using the new version of the file. If this happens, log in again as the superuser root - after the reboot and run the initialization script again. This time the required entry exists in the /etc/name_to_sysnum file, and the modload program runs. + + Issue the mountall command to mount all partitions at once. + - - login: root - Password: root_password - # /etc/init.d/afs start - + + If you plan to retain client functionality on this machine after completing the installation, proceed to Enabling AFS Login and Editing the File Systems Clean-up Script on Solaris Systems. Otherwise, + proceed to Starting the BOS Server. + + + Enabling AFS Login on Solaris Systems - replacing fsck program + enabling AFS login - first AFS machine + file server machine Solaris - fsck program + AFS login - on first AFS machine + on file server machine Solaris @@ -1307,7 +1223,7 @@ auth required pam_unix.so try_first_pass first AFS machine - fsck program + AFS login on Solaris @@ -1315,424 +1231,508 @@ auth required pam_unix.so try_first_pass Solaris - fsck program + AFS login - on first AFS machine + on file server machine - - - Configuring the AFS-modified fsck Program on Solaris Systems + + PAM - In this section, you make modifications to guarantee that the appropriate fsck program - runs on AFS server partitions. The fsck program provided with the operating system must never - run on AFS server partitions. Because it does not recognize the structures that the File Server uses to organize volume data, - it removes all of the data. To repeat: + on Solaris - Never run the standard fsck program on AFS server partitions. It discards AFS volumes. - - - Create the /usr/lib/fs/afs directory to house the AFS-modified fsck program and related files. - # mkdir /usr/lib/fs/afs - # cd /usr/lib/fs/afs - - + file server machine + - - Copy the vfsck binary to the newly created directory, changing the name as you do - so. - # cp /tmp/afsdist/sun4x_56/dest/root.server/etc/vfsck fsck - - + + If you plan to remove client functionality from this machine after completing the installation, skip this section and + proceed to Starting the BOS Server. + - - Working in the /usr/lib/fs/afs directory, create the following links to Solaris - libraries: - # ln -s /usr/lib/fs/ufs/clri - # ln -s /usr/lib/fs/ufs/df - # ln -s /usr/lib/fs/ufs/edquota - # ln -s /usr/lib/fs/ufs/ff - # ln -s /usr/lib/fs/ufs/fsdb - # ln -s /usr/lib/fs/ufs/fsirand - # ln -s /usr/lib/fs/ufs/fstyp - # ln -s /usr/lib/fs/ufs/labelit - # ln -s /usr/lib/fs/ufs/lockfs - # ln -s /usr/lib/fs/ufs/mkfs - # ln -s /usr/lib/fs/ufs/mount - # ln -s /usr/lib/fs/ufs/ncheck - # ln -s /usr/lib/fs/ufs/newfs - # ln -s /usr/lib/fs/ufs/quot - # ln -s /usr/lib/fs/ufs/quota - # ln -s /usr/lib/fs/ufs/quotaoff - # ln -s /usr/lib/fs/ufs/quotaon - # ln -s /usr/lib/fs/ufs/repquota - # ln -s /usr/lib/fs/ufs/tunefs - # ln -s /usr/lib/fs/ufs/ufsdump - # ln -s /usr/lib/fs/ufs/ufsrestore - # ln -s /usr/lib/fs/ufs/volcopy - - + At this point you incorporate AFS into the operating system's + Pluggable Authentication Module (PAM) scheme. PAM integrates all + authentication mechanisms on the machine, including login, to provide + the security infrastructure for authenticated access to and from the + machine. + + Explaining PAM is beyond the scope of this document. It is + assumed that you understand the syntax and meanings of settings in the + PAM configuration file (for example, how the + other entry works, the effect of + marking an entry as required, + optional, or + sufficient, and so on). + + You should first configure your system to obtain Kerberos v5 + tickets as part of the authentication process, and then run an AFS PAM + module to obtain tokens from those tickets after authentication. + Current versions of Solaris come with a Kerberos v5 PAM module that + will work, or you can download and install Russ Allbery's + Kerberos v5 PAM module, which is tested regularly with AFS. + See the instructions of whatever PAM module you use for how to + configure it. + + Some Kerberos v5 PAM modules do come with native AFS support + (usually requiring the Heimdal Kerberos implementation rather than the + MIT Kerberos implementation). If you are using one of those PAM + modules, you can configure it to obtain AFS tokens. It's more common, + however, to separate the AFS token acquisition into a separate PAM + module. + + The recommended AFS PAM module is Russ + Allbery's pam-afs-session module. It should work with any of + the Kerberos v5 PAM modules. To add it to the PAM configuration, you + often only need to add configuration to the session group in + pam.conf: + + + Solaris PAM session example + login session required pam_afs_session.so + + + This example enables PAM authentication only for console login. + You may want to add a similar line for the ssh service and for any + other login service that you use, including possibly the + other service (which serves as a catch-all). You + may also want to add options to the AFS PAM session module + (particularly retain_after_close, which is + necessary for some versions of Solaris. + + For additional configuration examples and the configuration + options of the AFS PAM module, see its documentation. For more + details on the available options for the PAM configuration, see the + pam.conf manual page. + + Sites which still require kaserver or external Kerberos v4 authentication + should consult "Enabling kaserver based AFS + Login on Solaris Systems" for details of how to enable AFS + login on Solaris. + + Proceed to Editing the File Systems + Clean-up Script on Solaris Systems + + + Editing the File Systems Clean-up Script on Solaris Systems + + Solaris + + file systems clean-up script + + on file server machine + + + + file systems clean-up script (Solaris) + + file server machine + + + + scripts + + file systems clean-up (Solaris) + + file server machine + + + - Append the following line to the end of the file /etc/dfs/fstypes. + Some Solaris distributions include a script that locates and removes unneeded files from various file systems. Its + conventional location is /usr/lib/fs/nfs/nfsfind. The script generally uses an argument + to the find command to define which file systems to search. In this step you modify the + command to exclude the /afs directory. Otherwise, the command traverses the AFS + filespace of every cell that is accessible from the machine, which can take many hours. The following alterations are + possibilities, but you must verify that they are appropriate for your cell. + + The first possible alteration is to add the -local flag to the existing command, + so that it looks like the following: + - afs AFS Utilities - - + find $dir -local -name .nfs\* -mtime +7 -mount -exec rm -f {} \; + - - Edit the /sbin/mountall file, making two changes. - - Add an entry for AFS to the case statement for option 2, so that it reads - as follows: - case "$2" in - ufs) foptions="-o p" - ;; - afs) foptions="-o p" - ;; - s5) foptions="-y -t /var/tmp/tmp$$ -D" - ;; - *) foptions="-y" - ;; - - + Another alternative is to exclude any directories whose names begin with the lowercase letter a or a non-alphabetic character. - - Edit the file so that all AFS and UFS partitions are checked in parallel. Replace the following section of - code: - # For fsck purposes, we make a distinction between ufs and - # other file systems - # - if [ "$fstype" = "ufs" ]; then - ufs_fscklist="$ufs_fscklist $fsckdev" - saveentry $fstype "$OPTIONS" $special $mountp - continue - fi - + + find /[A-Zb-z]* remainder of existing command + - with the following section of code: + Do not use the following command, which still searches under the /afs directory, + looking for a subdirectory of type 4.2. - - # For fsck purposes, we make a distinction between ufs/afs - # and other file systems. - # - if [ "$fstype" = "ufs" -o "$fstype" = "afs" ]; then - ufs_fscklist="$ufs_fscklist $fsckdev" - saveentry $fstype "$OPTIONS" $special $mountp - continue - fi + + find / -fstype 4.2 /* do not use */ - - - + + + Proceed to Starting the BOS Server (or if referring to these instructions while + installing an additional file server machine, return to Starting Server + Programs). + + - configuring + Basic OverSeer Server - AFS server partition on first AFS machine + BOS Server + - Solaris + + BOS Server + + starting + + first AFS machine - AFS server partition + starting - configuring on first AFS machine + BOS Server - Solaris + first AFS machine first AFS machine - AFS server partition + BOS Server + - on Solaris + + authorization checking (disabling) + + first AFS machine - Solaris + disabling authorization checking - AFS server partition + first AFS machine + - on first AFS machine + + first AFS machine + + authorization checking (disabling) + - - Configuring Server Partitions on Solaris Systems + + Getting Started on AIX Systems - Every AFS file server machine must have at least one partition or logical volume dedicated to storing AFS volumes. Each - server partition is mounted at a directory named /vicepxx, where - xx is one or two lowercase letters. The /vicepxx directories must reside in the file server machine's root - directory, not in one of its subdirectories (for example, /usr/vicepa is not an acceptable - directory location). For additional information, see Performing Platform-Specific Procedures. - + Begin by running the AFS initialization script to call the AIX kernel extension facility, which dynamically loads AFS + modifications into the kernel. Then use the SMIT program to configure partitions for storing + AFS volumes, and replace the AIX fsck program helper with a version that correctly handles AFS + volumes. If the machine is to remain an AFS client machine, incorporate AFS into the AIX secondary authentication system. + + incorporating AFS kernel extensions + + first AFS machine + + AIX + + AFS kernel extensions + + on first AFS machine + + AIX + + first AFS machine + + AFS kernel extensions + + on AIX + + AIX + + AFS kernel extensions + + on first AFS machine + + + + Loading AFS into the AIX Kernel + + The AIX kernel extension facility is the dynamic kernel loader + provided by IBM Corporation. AIX does not support incorporation of + AFS modifications during a kernel build. + + For AFS to function correctly, the kernel extension facility must run each time the machine reboots, so the AFS + initialization script (included in the AFS distribution) invokes it automatically. In this section you copy the script to the + conventional location and edit it to select the appropriate options depending on whether NFS is also to run. + + After editing the script, you run it to incorporate AFS into the kernel. In later sections you verify that the script + correctly initializes all AFS components, then configure the AIX inittab file so that the + script runs automatically at reboot. - Create a directory called /vicepxx for each AFS server - partition you are configuring (there must be at least one). Repeat the command for each partition. - # mkdir /vicepxx + Unpack the distribution tarball. The examples below assume + that you have unpacked the files into the + /tmp/afsdist directory. If you + pick a different location, substitute this in all of the following + examples. Once you have unpacked the distribution, + change directory as indicated. + + # cd /tmp/afsdist/rs_aix42/dest/root.client/usr/vice/etc - Add a line with the following format to the file systems registry file, /etc/vfstab, for each partition to be mounted on a directory created in the previous step. Note - the value afs in the fourth field, which tells Solaris to use the AFS-modified - fsck program on this partition. - /dev/dsk/disk /dev/rdsk/disk /vicepxx afs boot_order yes + Copy the AFS kernel library files to the local /usr/vice/etc/dkload directory, + and the AFS initialization script to the /etc directory. + # cp -rp dkload /usr/vice/etc + # cp -p rc.afs /etc/rc.afs + - The following is an example for the first partition being configured. + + Edit the /etc/rc.afs script, setting the NFS + variable as indicated. + + If the machine is not to function as an NFS/AFS Translator, set the NFS variable + as follows. - /dev/dsk/c0t6d0s1 /dev/rdsk/c0t6d0s1 /vicepa afs 3 yes + NFS=$NFS_NONE - - - Create a file system on each partition that is to be mounted at a /vicepxx directory. The following command is probably appropriate, but - consult the Solaris documentation for more information. - # newfs -v /dev/rdsk/disk - - + If the machine is to function as an NFS/AFS Translator and is running AIX 4.2.1 or higher, set the + NFS variable as follows. Note that NFS must already be loaded into the kernel, which + happens automatically on systems running AIX 4.1.1 and later, as long as the file /etc/exports exists. - - Issue the mountall command to mount all partitions at once. + + NFS=$NFS_IAUTH + - If you plan to retain client functionality on this machine after completing the installation, proceed to Enabling AFS Login and Editing the File Systems Clean-up Script on Solaris Systems. Otherwise, - proceed to Starting the BOS Server. + Invoke the /etc/rc.afs script to load AFS modifications into the kernel. You can + ignore any error messages about the inability to start the BOS Server or the Cache Manager or AFS client. + + # /etc/rc.afs + - - - - Enabling AFS Login on Solaris Systems - - enabling AFS login - - file server machine - - Solaris - - AFS login + configuring - on file server machine + AFS server partition on first AFS machine - Solaris + AIX - first AFS machine + AFS server partition - AFS login + configuring on first AFS machine - on Solaris + AIX - Solaris + first AFS machine - AFS login + AFS server partition - on file server machine + on AIX - PAM + AIX - on Solaris + AFS server partition - file server machine + on first AFS machine + - - If you plan to remove client functionality from this machine after completing the installation, skip this section and - proceed to Starting the BOS Server. - - - At this point you incorporate AFS into the operating system's - Pluggable Authentication Module (PAM) scheme. PAM integrates all - authentication mechanisms on the machine, including login, to provide - the security infrastructure for authenticated access to and from the - machine. - - Explaining PAM is beyond the scope of this document. It is - assumed that you understand the syntax and meanings of settings in the - PAM configuration file (for example, how the - other entry works, the effect of - marking an entry as required, - optional, or - sufficient, and so on). + + Configuring Server Partitions on AIX Systems - You should first configure your system to obtain Kerberos v5 - tickets as part of the authentication process, and then run an AFS PAM - module to obtain tokens from those tickets after authentication. - Current versions of Solaris come with a Kerberos v5 PAM module that - will work, or you can download and install Russ Allbery's - Kerberos v5 PAM module, which is tested regularly with AFS. - See the instructions of whatever PAM module you use for how to - configure it. + Every AFS file server machine must have at least one partition or logical volume dedicated to storing AFS volumes. Each + server partition is mounted at a directory named /vicepxx, where + xx is one or two lowercase letters. The /vicepxx directories must reside in the file server machine's root + directory, not in one of its subdirectories (for example, /usr/vicepa is not an acceptable + directory location). For additional information, see Performing Platform-Specific + Procedures. - Some Kerberos v5 PAM modules do come with native AFS support - (usually requiring the Heimdal Kerberos implementation rather than the - MIT Kerberos implementation). If you are using one of those PAM - modules, you can configure it to obtain AFS tokens. It's more common, - however, to separate the AFS token acquisition into a separate PAM - module. + To configure server partitions on an AIX system, perform the following procedures: + + Create a directory called /vicepxx for each AFS server + partition you are configuring (there must be at least one). Repeat the command for each partition. + # mkdir /vicepxx + + - The recommended AFS PAM module is Russ - Allbery's pam-afs-session module. It should work with any of - the Kerberos v5 PAM modules. To add it to the PAM configuration, you - often only need to add configuration to the session group in - pam.conf: + + Use the SMIT program to create a journaling file system on each partition to be + configured as an AFS server partition. + - - Solaris PAM session example - login session required pam_afs_session.so - + + Mount each partition at one of the /vicepxx + directories. Choose one of the following three methods: + + Use the SMIT program + - This example enables PAM authentication only for console login. - You may want to add a similar line for the ssh service and for any - other login service that you use, including possibly the - other service (which serves as a catch-all). You - may also want to add options to the AFS PAM session module - (particularly retain_after_close, which is - necessary for some versions of Solaris. + + Use the mount -a command to mount all partitions at once + - For additional configuration examples and the configuration - options of the AFS PAM module, see its documentation. For more - details on the available options for the PAM configuration, see the - pam.conf manual page. + + Use the mount command on each partition in turn + + - Sites which still require kaserver or external Kerberos v4 authentication - should consult "Enabling kaserver based AFS - Login on Solaris Systems" for details of how to enable AFS - login on Solaris. + Also configure the partitions so that they are mounted automatically at each reboot. For more information, refer + to the AIX documentation. + + - Proceed to Editing the File Systems - Clean-up Script on Solaris Systems - - - Editing the File Systems Clean-up Script on Solaris Systems - Solaris + replacing fsck program - file systems clean-up script + first AFS machine - on file server machine + AIX - file systems clean-up script (Solaris) + fsck program - file server machine + on first AFS machine + + AIX - scripts + first AFS machine - file systems clean-up (Solaris) + fsck program - file server machine + on AIX - - - - Some Solaris distributions include a script that locates and removes unneeded files from various file systems. Its - conventional location is /usr/lib/fs/nfs/nfsfind. The script generally uses an argument - to the find command to define which file systems to search. In this step you modify the - command to exclude the /afs directory. Otherwise, the command traverses the AFS - filespace of every cell that is accessible from the machine, which can take many hours. The following alterations are - possibilities, but you must verify that they are appropriate for your cell. + + AIX - The first possible alteration is to add the -local flag to the existing command, - so that it looks like the following: + fsck program - - find $dir -local -name .nfs\* -mtime +7 -mount -exec rm -f {} \; - + on first AFS machine + + - Another alternative is to exclude any directories whose names begin with the lowercase letter a or a non-alphabetic character. + + Replacing the fsck Program Helper on AIX Systems - - find /[A-Zb-z]* remainder of existing command - + The AFS modified fsck program is not required on AIX 5.1 + systems, and the v3fshelper program + refered to below is not shipped for these systems. + + In this section, you make modifications to guarantee that the appropriate fsck program + runs on AFS server partitions. The fsck program provided with the operating system must never + run on AFS server partitions. Because it does not recognize the structures that the File Server uses to organize volume data, + it removes all of the data. To repeat: - Do not use the following command, which still searches under the /afs directory, - looking for a subdirectory of type 4.2. + Never run the standard fsck program on AFS server partitions. It discards AFS + volumes. - - find / -fstype 4.2 /* do not use */ - + On AIX systems, you do not replace the fsck binary itself, but rather the + program helper file included in the AIX distribution as /sbin/helpers/v3fshelper. + + Move the AIX fsck program helper to a safe location and install the version from + the AFS distribution in its place. + + # cd /sbin/helpers + # mv v3fshelper v3fshelper.noafs + # cp -p /tmp/afsdist/rs_aix42/dest/root.server/etc/v3fshelper v3fshelper + - Proceed to Starting the BOS Server (or if referring to these instructions while - installing an additional file server machine, return to Starting Server - Programs). + If you plan to retain client functionality on this machine after completing the installation, proceed to Enabling AFS Login on AIX Systems. Otherwise, proceed to Starting the + BOS Server. - - - - Basic OverSeer Server - - BOS Server - + - BOS Server + enabling AFS login - starting + file server machine - first AFS machine + AIX - starting + AFS login - BOS Server + on file server machine - first AFS machine + AIX first AFS machine - BOS Server + AFS login + + on AIX - authorization checking (disabling) + AIX - first AFS machine + AFS login + + on file server machine - disabling authorization checking + secondary authentication system (AIX) - first AFS machine + server machine + - - first AFS machine + + Enabling AFS Login on AIX Systems - authorization checking (disabling) - + + If you plan to remove client functionality from this machine after completing the installation, skip this section and + proceed to Starting the BOS Server. + + + In modern AFS installations, you should be using Kerberos v5 + for user login, and obtaining AFS tokens following this authentication + step. + + There are currently no instructions available on configuring AIX to + automatically obtain AFS tokens at login. Following login, users can + obtain tokens by running the aklog + command + + Sites which still require kaserver + or external Kerberos v4 authentication should consult + Enabling kaserver based AFS login on AIX systems + for details of how to enable AIX login. + + Proceed to Starting the BOS Server + (or if referring to these instructions while installing an additional + file server machine, return to Starting Server + Programs). -- 1.9.4