[OpenAFS] A general overview?

Peter Schuller peter.schuller@infidyne.com
Sun, 25 Feb 2001 17:58:52 -0500


I've began to experiment with OpenAFS. Besides the openafs.mp.o not working
(complainging about a missing symbol kernel_flag when I try to insert it;
openafs.o works though), I've got the modules compiled for my kernel, and
I've installed the client/fileserver/dbserver Debian packages.

Now the config files make sense and all; but what exactly do I do now? There
were no docs installed in /usr/share/doc/openafs-client except for the
how-to-compile README. Almost no man-pages exist.

I know I should use afs-newcell to initialize a cell on the server. But it
needs a KeyFile and talks about kerberose realm stuff - which makes sense to
me conceptually but I don't know how to set it up!

For example, I tried generating the keyfile. So asetkey says its usage is:

	setkey: usage is 'setkey <opcode> options, e.g.
		setkey add <kvno> <keyfile> <princ>
		setkey delete <kvno>
	        setkey list
But what is "kvno" supposed to be? I tried, just for kicks, to do
"asetkey 123456789 KeyFile afs" (in /etc/openafs/server, persuant to the
instruction printed by afs-newcell). But it complains about "no such file or
directory while extracting AFS service key". The only file I gave is suppose
dto be created, not read, right?

So I'm generally lost. Where do I start?

On the 'net I've only found various version of the same big FAQ (which is
useful, but not omnipotent in scope).

Is there any HOWTO style dokument or something I can read?

Besides setting things up in general, I'm also interested in how to get host
based authentication. I.e., I might have a cluster of machines, all working
against the same LDAP based password database, and I'd like access to central
AFS cells to be automatic without every user/daemon having to fiddle with AFS
tokens. Is this possible? I know of at least one system which does this,
although I'm sure they don't use OpenAFS, but a commercial version. I don't
know *how* they did it though.

/ Peter Schuller, InfiDyne Technologies HB

PGP userID: 0x5584BD98 or 'Peter Schuller <peter.schuller@infidyne.com>'
Key retrival: Send an E-Mail to getpgpkey@scode.infidyne.com
E-Mail: peter.schuller@infidyne.com Web: http://scode.infidyne.com