EDV:OpenAFS/Install sun4x 59

From KIP Wiki
⧼kip-jumptonavigation⧽⧼kip-jumptosearch⧽

Installation des OpenAFS-Clients auf Solaris 9

Dieses Beispiel bezieht sich auf:

#hostname
kipfire
#uname -a
SunOS kipfire 5.9 Generic_118558-28 sun4u sparc SUNW,Sun-Fire-V440

Installationsdateien holen

mkdir /janus/misc/afs
cd /janus/misc/afs
wget http://openafs.org/dl/openafs/1.4.2/solaris-9/sun4x_59.tar.gz 
gtar -xvzf sun4x_59.tar.gz

Erzeugen der AFS Verzeichnisse

mkdir /usr/vice
mkdir /usr/vice/etc

AFS in den Solaris Kernel laden

Zu den Binaries gehen:

cd /janus/misc/afs/sun4x_59/dest/root.client/usr/vice/etc/

Init-skript installieren:

cp -p modload/afs.rc /etc/init.d/afs
chown root:sys /etc/init.d/afs
chmod 755 /etc/init.d/afs

Kernel Modul kopieren (hier 64bit kein NFS-export):

cp -p modload/libafs64.nonfs.o /kernel/fs/sparcv9/afs
chown root:sys /kernel/fs/sparcv9/afs
chmod 755 /kernel/fs/sparcv9/afs

AFS Starten: (Achtung.svg Dies erzeugt automatisch beim 1. mail einen reboot!

/etc/init.d/afs start

Nach dem Neustart nochmal AFS starten (Warnungen erstmal ignorieren):

/etc/init.d/afs start

Wichtigsten Binaries kopieren

Dateien kopieren:

cd /janus/misc/afs/sun4x_59/dest/root.client/usr/vice/etc/
cp -p * /usr/vice/etc
cp -rp C /usr/vice

Das init-skript nicht doppelt:

rm /usr/vice/etc/afs.rc
ln -s /etc/init.d/afs /usr/vice/etc/afs.rc

ThisCell erzeugen:

echo "kip.uni-heidelberg.de" >/usr/vice/etc/ThisCell

CellServDB erzeugen (oder von einem anderen Server/Client holen):

echo ">kip.uni-heidelberg.de  # Kichhoff-Institut für Physik
129.206.176.40          # ldap.kip.uni-heidelberg.de
129.206.176.149         # ldap2.kip.uni-heidelberg.de
>urz.uni-heidelberg.de  # Universitaet Heidelberg
129.206.119.10          #afsdb.urz.uni-heidelberg.de
129.206.119.16          #afsdb1.urz.uni-heidelberg.de
129.206.119.17          #afsdb2.urz.uni-heidelberg.de
" >/usr/vice/etc/CellServDB
Die CellServDB und die ThisCell ist auch im AFS unter /afs/kip/common/etc.

Cache konfigurieren

Cache- und AFS-Verzeichnis erzeugen:

mkdir /usr/vice/cache
mkdir /afs

Cache Eintrag erzeugen (in Kilobyte):

echo "/afs:/usr/vice/cache:300000" > /usr/vice/etc/cacheinfo

Evtl. die Einstellungen in der /etc/init.d/afs überprüfen, bzgl. '-stat 2500 -daemons 4 -volume 100' ...

AFS Starten

Dazu am besten noch einmal einen reboot:

cd /
shutdown -i6 -g0 -y

Dann den AFS-Client starten:

/etc/init.d/afs start

Nun sollte auch AFS gehen:

ls -l /afs

AFS automatisch beim booten starten:

cd /etc/init.d
ln -s ../init.d/afs /etc/rc3.d/S99afs
ln -s ../init.d/afs /etc/rc0.d/K66afs

AFS Client Binaries verlinken

Sobald AFS läuft können wir auch die Binaries von dort verwenden:

ln -s /afs/kip.uni-heidelberg.de/@sys/usr/afsws /usr/afsws

Enable AFS login

Perform the following steps to enable AFS login.

1. Mount the AFS CD-ROM for Solaris on the /cdrom directory, if it is not already. Then change directory as indicated.

 cd /usr/lib/security

2. Copy the AFS authentication library file to the /usr/lib/security directory. Then create a symbolic link to it whose name does not mention the version. Omitting the version eliminates the need to edit the PAM configuration file if you later update the library file.

If you use the AFS Authentication Server (kaserver process):

 cp /janus/misc/afs/sun4x_59/dest/lib/pam_afs.so.1 .
 cp /janus/misc/afs/sun4x_59/dest/lib/pam_afs.krb.so.1 .
 ln -s pam_afs.so.1 pam_afs.so	

If you use a Kerberos implementation of AFS authentication:

 cp /cdrom/sun4x_56/lib/pam_afs.krb.so.1 .
 ln -s pam_afs.krb.so.1 pam_afs.so
     

3. Edit the Authentication management section of the Solaris PAM configuration file, /etc/pam.conf by convention. The entries in this section have the value auth in their second field.

First edit the standard entries, which refer to the Solaris PAM module (usually, the file /usr/lib/security/pam_unix.so.1) in their fourth field. For each service for which you want to use AFS authentication, edit the third field of its entry to read optional. The pam.conf file in the Solaris distribution usually includes standard entries for the login, rlogin, and rsh services, for instance.

If there are services for which you want to use AFS authentication, but for which the pam.conf file does not already include a standard entry, you must create that entry and place the value optional in its third field. For instance, the Solaris pam.conf file does not usually include standard entries for the ftp or telnet services.

Then create an AFS-related entry for each service, placing it immediately below the standard entry. The following example shows what the Authentication Management section looks like after you have you edited or created entries for the services mentioned previously. Note that the example AFS entries appear on two lines only for legibility.


     login   auth  optional  /usr/lib/security/pam_unix.so.1
     login   auth  optional  /usr/lib/security/pam_afs.so      try_first_pass  ignore_root  setenv_password_expires
     rlogin  auth  optional  /usr/lib/security/pam_unix.so.1
     rlogin  auth  optional  /usr/lib/security/pam_afs.so	try_first_pass  ignore_root  setenv_password_expires
     rsh     auth  optional  /usr/lib/security/pam_unix.so.1
     rsh     auth  optional  /usr/lib/security/pam_afs.so	try_first_pass  ignore_root 	     
     ftp     auth  optional  /usr/lib/security/pam_unix.so.1
     ftp     auth  optional  /usr/lib/security/pam_afs.so	try_first_pass  ignore_root
     telnet  auth  optional  /usr/lib/security/pam_unix.so.1
     telnet  auth  optional  /usr/lib/security/pam_afs.so	try_first_pass  ignore_root  setenv_password_expires
     

4. If you use the Common Desktop Environment (CDE) on the machine and want users to obtain an AFS token as they log in, also add or edit the following four entries in the Authentication management section. Note that the AFS-related entries appear on two lines here only for legibility.


     dtlogin	auth  optional  /usr/lib/security/pam_unix.so.1
     dtlogin	auth  optional  /usr/lib/security/pam_afs.so	try_first_pass  ignore_root
     dtsession  auth  optional /usr/lib/security/pam_unix.so.1
     dtsession  auth  optional /usr/lib/security/pam_afs.so	try_first_pass  ignore_root