[OpenAFS-devel] Mac OS X 10.4.6 and OpenAFS server issues

Jon Allen Boone ipmonger@delamancha.org
Sat, 8 Jul 2006 23:25:51 -0400 

On Jun 23, 2006, at 12:26, Academician Kula wrote:

> On Fri, Jun 23, 2006 at 11:37:21AM -0400, Jon Allen Boone wrote:
>
>>
>>   By the way, the answers to your questions regarding Finder, etc.  
>> are:
>>
>>   1.  mount /vicepa as /vicepa - edit /etc/fstab as follows:
>>
>>       UUID=<UUID of partition here>	/vicepa		ufs	rw
>
>
> Huh, I could not get that to work reliably, although on the one  
> machine
> I just tried it on, it did. But that could have simply been me being
> stupid.

It can be tricky figuring out which UUID to use sometimes.

For example, diskutil info /dev/disk15 on my Mac-mini Core-Duo yields  
two different UUIDs:  one for the UFS file system itself and a  
separate one for the under-lying RAID volume.  If you don't have a  
large enough terminal window, the first one can easily scroll off the  
screen and since the second one is visible, it may not be obvious  
that it's the wrong one.  This is exacerbated by the UUID of the UFS  
system changing with each format.

>>
>>   2.  make /vicepa invisible to Finder:
>>
>> 	/Developer/Tools/bin/SetFile -a V /vicepa
>>
>>       (You either have to relaunch the finder or logout/login again
>> to see the effect.)
>
>
> Ah, useful.

   This has to be done once the volume is mounted, of course.  :-)


>>   By the way, I am not using OS X Server for this, just regular OS
>> X.  This means I have to rely on the OpenAFS KAS and some additional
>
> Eww. Regular OS X should run an MIT KDC just fine, if you download and
> install it. Using KAS any more, especially for new sites, just seems
> like a bad idea to me.

   I looked at installing it using Darwin ports and realized that the  
entire KDC setup is present under regular OS X - without the nifty  
administration tools that make setting it up (presumably) easier.  A  
quick perusal of the on-line docs, though, and I had a MIT KDC setup  
and running.

   I went ahead and re-installed AFS from scratch (no KAS this time)  
and even got automatic token grabbing (via afsloginLogout hooks)  
working, if you're interested in any of that info.

> I demoed OS X Server because I thought that's what most sites using
> OS X to deploy these services would use. As far as I can tell, though,
> the OpenAFS stuff should work just fine on regular OS X, and it should
> run the MIT KDC just fine as well. If you wanted some sort of sane SSO
> you'd need to add some sort of directory service as well.

   You don't even need to resort to using Open Directory, though that  
may have made things easier in terms of setting up the KDC and the sso.

> I can't say I'd use OS X for this, but it does seem to work for those
> that would.

   It's working fine for me.  The only niggling detail is having to  
get a new token occasionally if you don't logout before it expires.   
No problem for me, but my other user(s) don't use the Terminal window  
at all.  I'm guessing a small AppleScript wrapper over aklog will do  
the trick, though.

--jon