Re: setting up an openafs server on Debian

To: debian-user@lists.debian.org, Faheem Mitha <faheem@email.unc.edu>
Subject: Re: setting up an openafs server on Debian
From: David Z Maze <dmaze@debian.org>
Date: Fri, 25 Jul 2003 10:49:31 -0400
Message-id: <[🔎] y68k7a6d5l0.fsf@nerd-xing.mit.edu>
In-reply-to: <[🔎] Pine.LNX.4.44.0307241602460.29023-100000@Chrestomanci> (Faheem Mitha's message of "Thu, 24 Jul 2003 16:06:37 -0400 (EDT)")
References: <[🔎] Pine.LNX.4.44.0307241602460.29023-100000@Chrestomanci>

To add, in somewhat more gory detail, to what Todd said:

Faheem Mitha <faheem@email.unc.edu> writes:

> 1) When using an afs client, the command `klog' fetches tokens from
>    the campus server. Am I correct in thinking that this fetching
>    involves use of kerberos on the campus server?

There's some Kerberos involved, yes, but if you use 'klog' directly
it's hidden from you.  I don't believe you can use klog if you're not
running a kaserver (that is, if you have a separate Kerberos setup);
in this case, you can use 'kinit' to get Kerberos tickets, and then
'aklog' (from the openafs-krb5 package) to get AFS tokens from those
tickets.  (I think there are PAM modules that do this, like
libpam-krb5 and libpam-openafs-session.)

> 2) I'm considering trying to install a Openafs server on a Debian
>    machine. I am not completely clear from the documentation whether
>    it is actually nececssary to install and configure kerberos
>    (kerberos 5 seems to be the preferred version). Parts of the
>    documentation suggest that one could use the `afs authentication
>    system', whatever this is.

Hmm, this is probably referring to AFS tokens, which you use to access
files and other AFS services.  When I set up a test cell, it was
recommended that I set up a krb5 KDC with a krb524d rather than trying
to use kaserver.  I found this fairly straightforward to do, but I
also think I know what's going on and have people around I can ask for
help.  :-)

> Does a tutorial for AFS server installation on Debian exist anywhere?
> My impression is no.

Poking around on my stable machine (which still apparently is a KDC
and an AFS db/pts/fileserver), reading what's in
/usr/share/doc/openafs-client is a win.  The generic OpenAFS
documentation is also quite applicable, but assumes you want to use
all of the AFS pieces (some can be ignored or replaced with better
alternatives).

(It'd be interesting to know what your actual goals are here.  You're
probably not going to be able to use your disk to randomly add volumes
to the cs.unc.edu cell.  I've found it useful to set up a personal cell
before on the "AFS is better than NFS" mantra, but accessing it from
outside meant reconfiguring machines to know about my Kerberos realm
and AFS cell, which was a pain.  It seems like my current research
group at MIT would benefit from having AFS, but deploying that would
be pretty tricky, and we're sufficiently xenophobic and demanding that
we don't we to use the main athena.mit.edu AFS cell, so we'd have to
come up with hardware and admins to run our own cell.  "AFS server in
a box" would be neat, but I don't think anyone makes one.)

-- 
David Maze         dmaze@debian.org      http://people.debian.org/~dmaze/
"Theoretical politics is interesting.  Politicking should be illegal."
	-- Abra Mitchell

Reply to:

Follow-Ups:
- Re: setting up an openafs server on Debian
  - From: Faheem Mitha <faheem@email.unc.edu>

References:
- setting up an openafs server on Debian
  - From: Faheem Mitha <faheem@email.unc.edu>

Prev by Date: Re: flphoto program to deb?
Next by Date: Re: Some shell's problem
Previous by thread: pam authentication (Re: setting up an openafs server on Debian)
Next by thread: Re: setting up an openafs server on Debian
Index(es):
- Date
- Thread