[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: setting up an openafs server on Debian



On Thu, 24 Jul 2003 16:06:37 -0400 (EDT)
Faheem Mitha <faheem@email.unc.edu> wrote:

> Also, I'm using AFS on the University of North Carolina campus.

Much about AFS is specific to your institution. I'll make some guesses,
but you need to talk to your IT department.

> 1) When using an afs client, the command `klog' fetches tokens from
>    the campus server. Am I correct in thinking that this fetching
>    involves use of kerberos on the campus server? I don't have
>    kerberos installed on my client machine, though I have seen
>    descriptions which involve installation of kerberos on the client
>    machine. Is kerberos not required at the client end?

Kerberos is always required for AFS.  However, AFS works with all major
Kerberos distributions - MIT, Heimdal, MS Active Directory - and also
includes its own.  If you're using klog, that means you're using the AFS
built-in Kerberos.  These days, that's considered to not be the best way
to do things, but switching over to a newer Kerberos from the old is
difficult.  

> 2) I'm considering trying to install a Openafs server on a Debian
>    machine. I am not completely clear from the documentation whether
>    it is actually nececssary to install and configure kerberos
>    (kerberos 5 seems to be the preferred version). Parts of the
>    documentation suggest that one could use the `afs authentication
>    system', whatever this is. Adding to my confusion is that the
>    openafs debian packages openafs-dbserver and openafs-fileserver do
>    not mention kerberos even as a recommends.

As stated above, you appear to be using the original "afs authentication
system", as described in the IBM/OpenAFS docs.  I believe Debian has a
separate package you'll need to deal with the old authentication system.
If you hope to join your uni's cell, you'll need to speak with them and
follow procedure - you can't just jump in on your own.  If you just want
to set up your own private cell to play around with, then you're best
off ditching the old AFS Kerberos and using MIT Kerb 5.  But that may
get tricky if you try to use the same machine that's already on the
university network.  If you have a test box that isn't hooked into the
existing AFS cell, that will make your life easier.
 
> Does a tutorial for AFS server installation on Debian exist anywhere?
> My impression is no.

There's a decent write-up in the docs for one of the AFS packages - I
don't remember which one specifically.  Those docs assume that you'll
be setting AFS with MIT Kerb 5, which is recommended these days, so
they won't quite apply to your university network.  But in any case, AFS
isn't something that you'll just pick up in a day, especially if you're
not familiar with Kerberos already.  If you have the machines to spare,
I would strongly recommend setting up a private Kerberos realm before
you get into AFS.

--Todd



Reply to: