forked from pool/openafs
| .gitattributes | ||
| .gitignore | ||
| 0f6a3a402f4a66114da9231032bd68cdc4dee7bc | ||
| 03b280649f5e22ed74c217d7c98c3416a2fa9052 | ||
| 7097eec17bc01bcfc12c4d299136b2d3b94ec3d7 | ||
| 658942f2791fad5e33ec7542158c16dfc66eed39 | ||
| afs3-bos.xml | ||
| afs3-callback.xml | ||
| afs3-fileserver.xml | ||
| afs3-prserver.xml | ||
| afs3-rmtsys.xml | ||
| afs3-update.xml | ||
| afs3-vlserver.xml | ||
| afs3-volser.xml | ||
| ChangeLog | ||
| d8b56f21994ce66d8daebb7d69e792f34c1a19ed | ||
| handle_backports.diff | ||
| kernel-source.build-modules.sh | ||
| kmp_only.files | ||
| logrotate.openafs-server | ||
| openafs-client.service | ||
| openafs-client.service.allow_unsupported | ||
| openafs-fuse-client.service | ||
| openafs-server.service | ||
| openafs-stable-1_8_x-doc.tar.bz2 | ||
| openafs-stable-1_8_x-doc.tar.bz2.md5 | ||
| openafs-stable-1_8_x-doc.tar.bz2.sha256 | ||
| openafs-stable-1_8_x-src.tar.bz2 | ||
| openafs-stable-1_8_x-src.tar.bz2.md5 | ||
| openafs-stable-1_8_x-src.tar.bz2.sha256 | ||
| openafs.cacheinfo | ||
| openafs.CellAlias | ||
| openafs.changes | ||
| openafs.spec | ||
| openafs.SuidCells | ||
| openafs.ThisCell | ||
| preamble | ||
| README.SUSE.openafs | ||
| RELNOTES-stable-1_8_x | ||
| sysconfig.openafs-client | ||
| sysconfig.openafs-fuse-client | ||
| sysconfig.openafs-server | ||
Here is described installation of openafs server and client on SUSE linux. This text is based on AFS Quick Start Guide. The differences are: - paths are adapted to SUSE installation - uses Kerberos 5 authentization Complete OpenAFS documentation is at http://openafs.org SERVER SETUP ============ # choose an AFS cell name and a Kerberos realm name, the simplest setup is: # - AFS cell name equal to DNS domain name # - Kerberos realm name equal to uppercase AFS cell name # create a partition for AFS filesystem and mount it under /vicepa # start bosserver /usr/sbin/bosserver -noauth & # setup basic cell information bos setcellname your.afs.server your.cell.name -noauth # setup database servers processes bos create your.afs.server ptserver simple /usr/lib/openafs/ptserver -cell your.cell.name -noauth bos create your.afs.server buserver simple /usr/lib/openafs/buserver -cell your.cell.name -noauth bos create your.afs.server vlserver simple /usr/lib/openafs/vlserver -cell your.cell.name -noauth # If you want to use the old afs authentization (not recommended): # bos addkey your.afs.server -kvno 0 -cell your.cell.name -noauth # Authentication against heimdal krb5 server # Here you can set up kerberos realm if you dont have any, # see documentation in package krb5-doc # restart kdc rckrb5kdc restart rckrb524d restart # create afs principal in kerberos database kadmin.local add_principal afs@YOUR.KERBEROS.REALM # create afs key, use random password ktremove -k /etc/krb5.keytab afs all # delete old afs key if any # export the afs key to external keytab # note the key version number (kvno), you will need it later for asetkey ktadd -e des-cbc-crc:v4 afs@YOUR.KERBEROS.REALM add_principal admin@YOUR.KERBEROS.REALM # create admin principal quit # end kadmin.local rm /etc/openafs/server/KeyFile # delete the old afs key file if any # convert the afs key from /etc/krb5.keytab to /etc/openafs/server/KeyFile # use <kvno> displayed by ktadd asetkey add <kvno> /etc/krb5.keytab afs # give admin the permissions to control bosserver bos adduser your.afs.server admin -cell your.cell.name -noauth # add admin to group system:administrators pts createuser -name admin -id <user id> -cell your.cell.name -noauth pts adduser admin system:administrators -cell your.cell.name -noauth # restart bos server bos restart your.afs.server -all -cell your.cell.name -noauth # create fileserver processes bos create your.afs.server fs fs /usr/lib/openafs/fileserver /usr/lib/openafs/volserver /usr/lib/openafs/salvager -cell your.cell.name -noauth # create root volume vos create your.afs.server /vicepa root.afs -cell your.cell.name -noauth # restart bosserver with security enabled rcopenafs-fileserver restart CLIENT SETUP ============ IMPORTANT: Unfortunately, openafs client for linux kernel 2.6 has not reached stable state yet. There may be problems. edit /etc/sysconfig/openafs-client, set at least REGENERATE_CELL_INFO="yes" THIS_CELL="your.cell.name" THIS_CELL_SERVER="your.afs.server" If you are configuring first afs server and the volume root.cell does not exist yet, you have to set also DYNROOT=no. After finishing the server installaton it is better to change DYNROOT back to 'yes' as the client behaves better on startup with network outage. # start afs client rcopenafs-client start # login as admin kinit admin aklog -d # convert Kerberos 5 ticket to AFS token To enable transparent login via pam, install package pam_krb5 and add 'call_modules=krb5afs' to /etc/security/pam_unix2.conf For details look at pam_krb5afs(5), pam_krb5afs(8) and pam_unix2(8) manpages. Now you have working afs server and client. You can continue with chapter "Configuring the Top Levels of the AFS Filespace" of AFS Quick Start Guide.