[OpenAFS] A general overview?

Derek Atkins warlord@MIT.EDU
26 Feb 2001 09:38:22 -0500 

Peter Schuller <peter.schuller@infidyne.com> writes:

> I've read it, along with alrge parts of the admin guide. I think I've got it
> down pretty well, assuming OpenAFS doesn't diverge too much from the
> commercial AFS. That is, for the parts that apply.

OpenAFS really doesn't diverge at all, especially under Linux...

> going. There's talk about Kerberos realms, which makes sense, but I find no
> kerberos related stuff beyon a* version of the AFS utilities - I see no
> central kerberos handling stuff - so how is a "realm" managed?

Did you install the kerberos server packages?  Kerberos is _NOT_ a
part of OpenAFS.

> Is there any documentation (even if only 50 lines worth) on this?

I believe there are docs with the kerberos packages.

> So there's aklog and asetkey and supposedly some other stuff (such as
> atokens) which doesn't seem to be part of OpenAFS. I'm still at the

Nope, no atokens.  There is 'klist' which lists kerberos tickets, but
you still use 'tokens' to list AFS tokens.  But again, 'klist',
'kinit' etc. are all part of the Kerberos package.

> "now what?" stage though. The IBM guides do a thorough job indeed, but
> since the details are not applicable to OpenAFS (OpenAFS doesn't include the
> exact same set of tools for example) I'm not sure what to do exactly in my
> particular environment (Debian, OpenAFS).

What tools don't you have?  You should have pretty much just about
everything (that's reasonable) that you get from commercial AFS.
True, you don't get the r* commands, but that's because you shouldn't
be using them :)

> Also, the guide mentions kerberos/afs PAM modules. That's the perfect
> solution; but I can't find any. Are there any such modules available? It
> doesn't seem to be part of OpenAFS, at any rate.

Yes, they are.  You probably just didn't install the correct Debian
package that contains them.  But they do exist, and they are packaged.

> (If I sound confused, it's because I am. Everything I read makes sense, but
> the hands-on practical matters that needs to get done are still a fuzzy
> cloud... It's as if I've read a 50 k page book on the theory behind cars but
> I still don't know how to drive.)

I think Sam may have some documentation..  Check the logs on this (and
the linux-afs) list for Sam's Debian announcement.  IIRC, setting up a
cell is REALLY EASY using the Debian packages.. You just run a script
to configure your servers.

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available