EDV:OpenAFS/Install sun4x 59
Installation des OpenAFS-Clients auf Solaris 9
Dieses Beispiel bezieht sich auf:
#hostname kipfire
#uname -a SunOS kipfire 5.9 Generic_118558-28 sun4u sparc SUNW,Sun-Fire-V440
Installationsdateien holen
mkdir /janus/misc/afs cd /janus/misc/afs wget http://openafs.org/dl/openafs/1.4.2/solaris-9/sun4x_59.tar.gz gtar -xvzf sun4x_59.tar.gz
Erzeugen der AFS Verzeichnisse
mkdir /usr/vice mkdir /usr/vice/etc
AFS in den Solaris Kernel laden
Zu den Binaries gehen:
cd /janus/misc/afs/sun4x_59/dest/root.client/usr/vice/etc/
Init-skript installieren:
cp -p modload/afs.rc /etc/init.d/afs chown root:sys /etc/init.d/afs chmod 755 /etc/init.d/afs
Kernel Modul kopieren (hier 64bit kein NFS-export):
cp -p modload/libafs64.nonfs.o /kernel/fs/sparcv9/afs chown root:sys /kernel/fs/sparcv9/afs chmod 755 /kernel/fs/sparcv9/afs
AFS Starten: ( Dies erzeugt automatisch beim 1. mail einen reboot!
/etc/init.d/afs start
Nach dem Neustart nochmal AFS starten (Warnungen erstmal ignorieren):
/etc/init.d/afs start
Wichtigsten Binaries kopieren
Dateien kopieren:
cd /janus/misc/afs/sun4x_59/dest/root.client/usr/vice/etc/ cp -p * /usr/vice/etc cp -rp C /usr/vice
Das init-skript nicht doppelt:
rm /usr/vice/etc/afs.rc ln -s /etc/init.d/afs /usr/vice/etc/afs.rc
ThisCell erzeugen:
echo "kip.uni-heidelberg.de" >/usr/vice/etc/ThisCell
CellServDB erzeugen (oder von einem anderen Server/Client holen):
echo ">kip.uni-heidelberg.de # Kichhoff-Institut für Physik 129.206.176.40 # ldap.kip.uni-heidelberg.de 129.206.176.149 # ldap2.kip.uni-heidelberg.de >urz.uni-heidelberg.de # Universitaet Heidelberg 129.206.119.10 #afsdb.urz.uni-heidelberg.de 129.206.119.16 #afsdb1.urz.uni-heidelberg.de 129.206.119.17 #afsdb2.urz.uni-heidelberg.de " >/usr/vice/etc/CellServDB
Die CellServDB und die ThisCell ist auch im AFS unter /afs/kip/common/etc. |
Cache konfigurieren
Cache- und AFS-Verzeichnis erzeugen:
mkdir /usr/vice/cache mkdir /afs
Cache Eintrag erzeugen (in Kilobyte):
echo "/afs:/usr/vice/cache:300000" > /usr/vice/etc/cacheinfo
Evtl. die Einstellungen in der /etc/init.d/afs überprüfen, bzgl. '-stat 2500 -daemons 4 -volume 100' ...
AFS Starten
Dazu am besten noch einmal einen reboot:
cd / shutdown -i6 -g0 -y
Dann den AFS-Client starten:
/etc/init.d/afs start
Nun sollte auch AFS gehen:
ls -l /afs
AFS automatisch beim booten starten:
cd /etc/init.d ln -s ../init.d/afs /etc/rc3.d/S99afs ln -s ../init.d/afs /etc/rc0.d/K66afs
AFS Client Binaries verlinken
Sobald AFS läuft können wir auch die Binaries von dort verwenden:
ln -s /afs/kip.uni-heidelberg.de/@sys/usr/afsws /usr/afsws
Enable AFS login
Perform the following steps to enable AFS login.
1. Mount the AFS CD-ROM for Solaris on the /cdrom directory, if it is not already. Then change directory as indicated.
cd /usr/lib/security
2. Copy the AFS authentication library file to the /usr/lib/security directory. Then create a symbolic link to it whose name does not mention the version. Omitting the version eliminates the need to edit the PAM configuration file if you later update the library file.
If you use the AFS Authentication Server (kaserver process):
cp /janus/misc/afs/sun4x_59/dest/lib/pam_afs.so.1 . cp /janus/misc/afs/sun4x_59/dest/lib/pam_afs.krb.so.1 . ln -s pam_afs.so.1 pam_afs.so
If you use a Kerberos implementation of AFS authentication:
cp /cdrom/sun4x_56/lib/pam_afs.krb.so.1 . ln -s pam_afs.krb.so.1 pam_afs.so
3. Edit the Authentication management section of the Solaris PAM configuration file, /etc/pam.conf by convention. The entries in this section have the value auth in their second field.
First edit the standard entries, which refer to the Solaris PAM module (usually, the file /usr/lib/security/pam_unix.so.1) in their fourth field. For each service for which you want to use AFS authentication, edit the third field of its entry to read optional. The pam.conf file in the Solaris distribution usually includes standard entries for the login, rlogin, and rsh services, for instance.
If there are services for which you want to use AFS authentication, but for which the pam.conf file does not already include a standard entry, you must create that entry and place the value optional in its third field. For instance, the Solaris pam.conf file does not usually include standard entries for the ftp or telnet services.
Then create an AFS-related entry for each service, placing it immediately below the standard entry. The following example shows what the Authentication Management section looks like after you have you edited or created entries for the services mentioned previously. Note that the example AFS entries appear on two lines only for legibility.
login auth optional /usr/lib/security/pam_unix.so.1 login auth optional /usr/lib/security/pam_afs.so \
try_first_pass ignore_root setenv_password_expires
rlogin auth optional /usr/lib/security/pam_unix.so.1 rlogin auth optional /usr/lib/security/pam_afs.so \
try_first_pass ignore_root setenv_password_expires
rsh auth optional /usr/lib/security/pam_unix.so.1 rsh auth optional /usr/lib/security/pam_afs.so \
try_first_pass ignore_root
ftp auth optional /usr/lib/security/pam_unix.so.1 ftp auth optional /usr/lib/security/pam_afs.so \
try_first_pass ignore_root
telnet auth optional /usr/lib/security/pam_unix.so.1 telnet auth optional /usr/lib/security/pam_afs.so \
try_first_pass ignore_root setenv_password_expires
4. If you use the Common Desktop Environment (CDE) on the
machine and want users to obtain an AFS token as they log in,
also add or edit the following four entries in the Authentication
management section. Note that the AFS-related entries appear on
two lines here only for legibility.
dtlogin auth optional /usr/lib/security/pam_unix.so.1 dtlogin auth optional /usr/lib/security/pam_afs.so \
try_first_pass ignore_root
dtsession auth optional /usr/lib/security/pam_unix.so.1 dtsession auth optional /usr/lib/security/pam_afs.so \
try_first_pass ignore_root