[OpenAFS] SuSe 9.0 &Heimdal.6

Sun, 21 Dec 2003 12:24:17 -0800

This is a multi-part message in MIME format.

------=_NextPart_000_0009_01C3C7BD.5A665C70
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Any one having luck with the following instructions buried in the =
sources
for openafs from SuSe:

=20

SuSE.txt tells how to  create tickets for afs, deletes the sha1 =
encryption
for afs and exports them to the KeyFile

=20

Running tokens does show an afs token and the everything seems to work =
until
one does

=20

kinit admin

=20

shemya: fs setacl /afs system:anyuser rl
fs: You don't have the required access rights on '/afs'

=20

not only does system not have fs rights you can't ls /afs either - you =
get a
permission denied error

=20

Any clues? Could it be that /afs is in a reiserfs?
=20

Thanks

=20

Tedc

=20

SuSE>TXT=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Here is described installation of openafs server and client on SuSE =
linux.

This text is based on AFS Quick Start Guide. The differences are:
  - paths are adapted to SuSE installation
  - uses Kerberos 5 authentization

Complete OpenAFS documentation is at http://openafs.org

SERVER SETUP
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

# create a partition for AFS filesystem and mount it under /vicepa

# start bosserver
/usr/sbin/bosserver -noauth &

# setup basic cell information
bos setcellname your.afs.server your.cell.name -noauth=20

# setup database servers processes
bos create your.afs.server ptserver simple /usr/lib/openafs/ptserver =
-cell
your.cell.name -noauth
bos create your.afs.server buserver simple /usr/lib/openafs/buserver =
-cell
your.cell.name -noauth
bos create your.afs.server vlserver simple /usr/lib/openafs/vlserver =
-cell
your.cell.name -noauth

#bos addkey your.afs.server -kvno 0 -cell your.cell.name -noauth

# setup authentication against heimdal krb5 server

# Here you can set up kerberos realm if you dont have any
# kstash
# kadmin -l
#   init YOUR.KERBEROS.REALM

# enable 524 protocol in heimdal
# edit /etc/krb5.conf and add these lines:
----------------cut--------------------
[kdc]

enable-524 =3D true=20
use_2b =3D {
                afs@YOUR.KERBEROS.REALM =3D yes
        }
----------------cut--------------------

# restart kdc
rckdc restart

# create afs principal in kerberos database
kadmin -l
  add -r afs@YOUR.KERBEROS.REALM
  del_enctype afs@YOUR.KERBEROS.REALM des3-cbc-sha1
  ext_keytab afs@YOUR.KERBEROS.REALM # write afs key to /etc/krb5.keytab
  ext_keytab -k AFSKEYFILE:/etc/openafs/server/KeyFile
afs@YOUR.KERBEROS.REALM # give the afs key to bosserver
  add admin #create user admin

# give admin the permissions to control bosserver
bos adduser your.afs.server admin -cell your.cell.name -noauth

# add admin to group system:administrators
pts createuser -name admin -id <user id> -cell your.cell.name -noauth
pts adduser admin system:administrators -cell your.cell.name -noauth

# restart bos server
bos restart your.afs.server -all -cell your.cell.name -noauth

# create fileserver processes
bos create your.afs.server fs fs /usr/lib/openafs/fileserver
/usr/lib/openafs/volserver /usr/lib/openafs/salvager -cell =
your.cell.name
-noauth

# create root volume
vos create your.afs.server /vicepa root.afs -cell your.cell.name -noauth

# restart bosserver with security enabled
rcafs-server restart

CLIENT SETUP
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

edit /etc/sysconfig/afs-client, set at least
  REGENERATE_CELL_INFO=3D"yes"
  THIS_CELL=3D"your.cell.name"
  THIS_CELL_SERVER=3D"your.afs.server"

  If you are configuring first afs server and the volume root.cell does =
not
  exist yet, you have to set also DYNROOT=3Dno. After finishing the =
server=20
  installaton it is better to change DYNROOT back to 'yes' as the client
  behaves better on startup with network outage.

# start afs client
rcafs-client start

# login as admin
kinit admin

To enable transparent login via pam, install package pam_krb5
and add 'call_modules=3Dkrb5afs' to /etc/security/pam_unix2.conf
For details look at pam_krb5afs(5), pam_krb5afs(8) and pam_unix2(8)
manpages.

Now you have working afs server and client. You can continue with =
chapter
"Configuring the Top Levels of the AFS Filespace" of AFS Quick Start =
Guide.
=20

END =
SUSE.TXT=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

/etc/pam.d/login=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D\

#%PAM-1.0
auth     requisite      pam_unix2.so            nullok #set_secrpc
auth  required   pam_securetty.so
auth     required       pam_nologin.so
auth  required   pam_krb5afs.so          try_first_pass #ignore root =
left
out tgc
#auth sufficient  pam_afs.so        try_first_pass #ignore root left out =
tgc
#auth required   pam_homecheck.so
auth     required       pam_env.so
auth  required   pam_mail.so
account  required       pam_unix2.so
password required pam_pwcheck.so          nullok
password required       pam_unix2.so            nullok use_first_pass
use_authtok
session  required       pam_unix2.so            none # debug or trace
session  required       pam_limits.so
session     optional   pam_krb5.so       debug

END
/etc/pam.d/login=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

/etc/sysconfig/afs-client=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D

## Path:        Network/File systems/AFS client
## Description: AFS client configuration
## Type:        yesno
## Default:     no
#
# Set to "yes" if you want to generate CellServDB and ThisCell files
# from THIS_CELL and THIS_CELL_SERVER variables.
# If you want more complicated setting, set REGENERATE_CELL_INFO to "no"
# and edit the files manually.
#
REGENERATE_CELL_INFO=3D"yes"

## Type:        string
## Default:     ""
#
# This cell name
#
THIS_CELL=3D"ted-cell"

## Type:        string
## Default:     ""
#
# IP address of afs server for this cell
#
THIS_CELL_SERVER=3D"10.1.1.116"

## Type:        string
## Default:     ""
#
# DNS name of afs server for this cell
#
THIS_CELL_SERVER_NAME=3D"shemya"

## Type:        yesno
## Default:     yes
#
# Set to "yes" if you want to use data encription (secure, slower)
#
DATA_ENCRYPTION=3D"yes"

## Type:        yesno
## Default:     yes
#
# Set to "yes" if you want to generate cacheinfo file
#
REGENERATE_CACHE_INFO=3D"yes"

## Type:        string
## Default:     ""
#
# AFS client configuration options
#
XXLARGE=3D"-stat 4000 -dcache 4000 -daemons 6 -volumes 256 -files 50000"
XLARGE=3D"-stat 3600 -dcache 3600 -daemons 5 -volumes 196 -files 50000"
LARGE=3D"-stat 2800 -dcache 2400 -daemons 5 -volumes 128"
MEDIUM=3D"-stat 2000 -dcache 800 -daemons 3 -volumes 70"
SMALL=3D"-stat 300 -dcache 100 -daemons 2 -volumes 50"

## Type:        yesno
## Default:     yes
#
# Instead of mounting the home cell's root.afs volume at the AFS mount=20
# point (typically /afs) a fake root is constructed from information=20
# available in the client's CellServDB.
# With this option enabled openafs can start up even on network outage.
#
DYNROOT=3D"no"

## Type:        yesno
## Default:     yes
#
# use memory-only cache
#
MEMCACHE=3D"yes"

## Type:        string(AUTOMATIC)
## Default:     AUTOMATIC
#
# if you set CACHESIZE to "AUTOMATIC", it will automatically be chosen
# deduced by parition sizes (does not work if your cache is on / or=20
# /usr or /var) or by machine memory size for memory-only cache,
# otherwise the values specified here will be used.
#
CACHESIZE=3D"AUTOMATIC"

## Type:        string(AUTOMATIC,$XXLARGE,$XLARGE,$LARGE,$MEDIUM,$SMALL)
## Default:     AUTOMATIC
#
# If you set OPTIONS to "AUTOMATIC", the init script will choose a set
# of options based on the cache size, otherwise the values specified =
here=20
# will be used.
#
OPTIONS=3D"AUTOMATIC"

## Type:        string(/var/cache/openafs)
## Default:     /var/cache/openafs
#
# Path to cache directory, it is recommended to use separate partition.
# It does not work on reiserfs. A valid directory must be specified=20
# even if memory only cache is used.
# Recommended cache directory is "/var/cache/openafs"
#
CACHEDIR=3D"/var/cache/openafs"

## Type:        string(/afs)
## Default:     /afs
#
# AFS directory. You should never need to change this=20
#
AFSDIR=3D"/afs"

## Type:        yesno
## Default:     no=20
#
# Set to "yes" for a lot of debugging information from afsd. Only
# useful for debugging as it prints _a lot_ of information.
#
VERBOSE=3D"no"
END
/etc/sysconfig/afs-client=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D=3D=3D=3D=3D

/etc/security/pam_unix2.conf=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D

# pam_unix2 config file
#
# This file contains options for the pam_unix2.so module.
# It contains a list of options for every type of management group,
# which will be used for authentication, account management and
# password management. Not all options will be used from all types of
# management groups.
#
# At first, pam_unix2 will read this file and then uses the local
# options. Not all options can be set her global.
#
# Allowed options are:
#
# debug                 (account, auth, password, session)
# nullok          (auth)
# md5             (password)
# bigcrypt        (password)
# blowfish        (password)
# crypt_rounds=3DXX
# none                  (session)
# trace                 (session)
# call_modules=3Dx,y,z    (account, auth, password)
#
#  Example:
#  auth:    nullok
#  account:
#  password:      nullok blowfish crypt_rounds=3D8
#  session: none
#
auth: use_ldap nullok call_modules=3Dkrb5afs
account:    use_ldap
password:   use_ldap nullok
session:    none
END/etc/security/pam_unix2.conf=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
=3D=3D=3D=3D=3D=3D

/var/heimdal/kdc.conf=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D

[libdefaults]
      default_realm =3D TED-DORIS.FAM

[realms]
TED-DORIS.FAM =3D {
      kdc =3D 10.1.1.116:88
      admin_server =3D 10.1.1.116:749
      default_domain =3D ted-doris.fam
}

[domain_realm]
      ted-doris.fam =3D TED-DORIS.FAM
      .ted-doris.fam =3D TED-DORIS.FAM
END
/var/heimdal/kdc.conf=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D

/etc/krb5.conf=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D=3D=3D=3D=3D

[libdefaults]
      default_realm =3D TED-DORIS.FAM
      clockskew =3D 300
     =20
[realms]
TED-DORIS.FAM =3D {
      admin_server =3D shemya
      kpasswd_server =3D shemya
      default_domain =3D ted-doris.fam
      kdc =3D shemya
}

[domain_realm]
      .ted-doris.fam =3D TED-DORIS.FAM
      ted-doris.fam =3D TED-DORIS.FAM

[logging]
      default =3D SYSLOG:NOTICE:DAEMON
      kdc =3D FILE:/var/log/kdc.log
      kadmind =3D FILE:/var/log/kadmind.log

[appdefaults]
pam =3D {
      ticket_lifetime =3D 1d
      renew_lifetime =3D 1d
      forwardable =3D true
      proxiable =3D false
      retain_after_close =3D false
      minimum_uid =3D 0
      afs_cells =3D ted_cell
}
=20

END
/etc/krb5.conf=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D=3D=3D=3D=3D

=20

     =20

=20

=20

=20

=20

=20

=20

=20

=20

------=_NextPart_000_0009_01C3C7BD.5A665C70
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html>

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">

<meta name=3DGenerator content=3D"Microsoft Word 10 (filtered)">

<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:10.0pt;
	font-family:"Courier New";}
span.EmailStyle17
	{font-family:Arial;
	color:windowtext;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
	{page:Section1;}
-->
</style>

</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Any one having luck with the following instructions =
buried
in the sources for openafs from SuSe:</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>SuSE.txt tells how to &nbsp;create tickets for afs, =
deletes
the sha1 encryption for afs and exports them to the =
KeyFile</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Running tokens does show an afs token and the =
everything
seems to work until one does</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>kinit admin</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>shemya: fs setacl /afs system:anyuser rl<br>
fs: You don't have the required access rights on =
'/afs'</span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>&nbsp;</span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>not only does system not have fs rights you can&#8217;t ls /afs =
either -
you get a permission denied error</span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>&nbsp;</span></font></p>

Any clues? Could it be that /afs is in a reiserfs? 
&nbsp;

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Thanks</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Tedc</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>SuSE&gt;TXT=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</sp=
an></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>Here is described installation of openafs server and client on =
SuSE
linux.<br>
<br>
This text is based on AFS Quick Start Guide. The differences are:<br>
&nbsp; - paths are adapted to SuSE installation<br>
&nbsp; - uses Kerberos 5 authentization<br>
<br>
Complete OpenAFS documentation is at http://openafs.org<br>
<br>
SERVER SETUP<br>
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br>
<br>
# create a partition for AFS filesystem and mount it under /vicepa<br>
<br>
# start bosserver<br>
/usr/sbin/bosserver -noauth &amp;<br>
<br>
# setup basic cell information<br>
bos setcellname your.afs.server your.cell.name -noauth <br>
<br>
# setup database servers processes<br>
bos create your.afs.server ptserver simple /usr/lib/openafs/ptserver =
-cell
your.cell.name -noauth<br>
bos create your.afs.server buserver simple /usr/lib/openafs/buserver =
-cell
your.cell.name -noauth<br>
bos create your.afs.server vlserver simple /usr/lib/openafs/vlserver =
-cell
your.cell.name -noauth<br>
<br>
#bos addkey your.afs.server -kvno 0 -cell your.cell.name -noauth<br>
<br>
# setup authentication against heimdal krb5 server<br>
<br>
# Here you can set up kerberos realm if you dont have any<br>
# kstash<br>
# kadmin -l<br>
#&nbsp;&nbsp; init YOUR.KERBEROS.REALM<br>
<br>
# enable 524 protocol in heimdal<br>
# edit /etc/krb5.conf and add these lines:<br>
----------------cut--------------------<br>
[kdc]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;<br>
enable-524 =3D true <br>
use_2b =3D {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;
afs@YOUR.KERBEROS.REALM =3D yes<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
----------------cut--------------------<br>
<br>
# restart kdc<br>
rckdc restart<br>
<br>
# create afs principal in kerberos database<br>
kadmin -l<br>
&nbsp; add -r afs@YOUR.KERBEROS.REALM<br>
&nbsp; del_enctype afs@YOUR.KERBEROS.REALM des3-cbc-sha1<br>
&nbsp; ext_keytab afs@YOUR.KERBEROS.REALM # write afs key to =
/etc/krb5.keytab<br>
&nbsp; ext_keytab -k AFSKEYFILE:/etc/openafs/server/KeyFile
afs@YOUR.KERBEROS.REALM # give the afs key to bosserver<br>
&nbsp; add admin #create user admin<br>
<br>
# give admin the permissions to control bosserver<br>
bos adduser your.afs.server admin -cell your.cell.name -noauth<br>
<br>
# add admin to group system:administrators<br>
pts createuser -name admin -id &lt;user id&gt; -cell your.cell.name =
-noauth<br>
pts adduser admin system:administrators -cell your.cell.name -noauth<br>
<br>
# restart bos server<br>
bos restart your.afs.server -all -cell your.cell.name -noauth<br>
<br>
# create fileserver processes<br>
bos create your.afs.server fs fs /usr/lib/openafs/fileserver
/usr/lib/openafs/volserver /usr/lib/openafs/salvager -cell =
your.cell.name
-noauth<br>
<br>
# create root volume<br>
vos create your.afs.server /vicepa root.afs -cell your.cell.name =
-noauth<br>
<br>
# restart bosserver with security enabled<br>
rcafs-server restart<br>
<br>
<br>
CLIENT SETUP<br>
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br>
<br>
edit /etc/sysconfig/afs-client, set at least<br>
&nbsp; REGENERATE_CELL_INFO=3D&quot;yes&quot;<br>
&nbsp; THIS_CELL=3D&quot;your.cell.name&quot;<br>
&nbsp; THIS_CELL_SERVER=3D&quot;your.afs.server&quot;<br>
<br>
&nbsp; If you are configuring first afs server and the volume root.cell =
does
not<br>
&nbsp; exist yet, you have to set also DYNROOT=3Dno. After finishing the =
server <br>
&nbsp; installaton it is better to change DYNROOT back to 'yes' as the =
client<br>
&nbsp; behaves better on startup with network outage.<br>
<br>
# start afs client<br>
rcafs-client start<br>
<br>
# login as admin<br>
kinit admin<br>
<br>
To enable transparent login via pam, install package pam_krb5<br>
and add 'call_modules=3Dkrb5afs' to /etc/security/pam_unix2.conf<br>
For details look at pam_krb5afs(5), pam_krb5afs(8) and pam_unix2(8) =
manpages.<br>
<br>
Now you have working afs server and client. You can continue with =
chapter<br>
&quot;Configuring the Top Levels of the AFS Filespace&quot; of AFS Quick =
Start
Guide.<br>
 &nbsp;</span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>END =
SUSE.TXT=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>/etc/pam.d/login=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D\</span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>#%PAM-1.0<br>
auth&nbsp;&nbsp;&nbsp;&nbsp; requisite&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
pam_unix2.so&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp; nullok
#set_secrpc<br>
auth&nbsp;  required&nbsp;&nbsp; pam_securetty.so<br>
auth&nbsp;&nbsp;&nbsp;&nbsp; =
required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
pam_nologin.so<br>
auth&nbsp;  required&nbsp;&nbsp; =
pam_krb5afs.so&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
try_first_pass
#ignore root left out tgc<br>
#auth sufficient&nbsp; =
pam_afs.so&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; try_first_pass
#ignore root left out tgc<br>
#auth  required&nbsp;&nbsp; pam_homecheck.so<br>
auth&nbsp;&nbsp;&nbsp;&nbsp; =
required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
pam_env.so<br>
auth&nbsp;  required&nbsp;&nbsp; pam_mail.so<br>
account&nbsp; required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
pam_unix2.so<br>
password required =
pam_pwcheck.so&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
nullok<br>
password required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
pam_unix2.so&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp; nullok
use_first_pass use_authtok<br>
session&nbsp; required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
pam_unix2.so&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp; none
# debug or trace<br>
session&nbsp; required&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
pam_limits.so<br>
session&nbsp;&nbsp;&nbsp;&nbsp;  optional&nbsp;&nbsp; =
pam_krb5.so&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; debug</span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>END =
/etc/pam.d/login=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>/etc/sysconfig/afs-client=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D</span></font></p>

## Path:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Network/File
systems/AFS client 
## Description: AFS client configuration 
## Type:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; yesno 
## Default:&nbsp;&nbsp;&nbsp;&nbsp; no 
# 
# Set to &quot;yes&quot; if you want to generate CellServDB and ThisCell
files 
# from THIS_CELL and THIS_CELL_SERVER variables. 
# If you want more complicated setting, set REGENERATE_CELL_INFO to
&quot;no&quot; 
# and edit the files manually. 
# 
REGENERATE_CELL_INFO=3D&quot;yes&quot; 
 
## Type:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; string 
## Default:&nbsp;&nbsp;&nbsp;&nbsp; &quot;&quot; 
# 
# This cell name 
# 
THIS_CELL=3D&quot;ted-cell&quot; 
 
## Type:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; string 
## Default:&nbsp;&nbsp;&nbsp;&nbsp; &quot;&quot; 
# 
# IP address of afs server for this cell 
# 
THIS_CELL_SERVER=3D&quot;10.1.1.116&quot; 
 
## Type:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; string 
## Default:&nbsp;&nbsp;&nbsp;&nbsp; &quot;&quot; 
# 
# DNS name of afs server for this cell 
# 
THIS_CELL_SERVER_NAME=3D&quot;shemya&quot; 
 
## Type:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; yesno 
## Default:&nbsp;&nbsp;&nbsp;&nbsp; yes 
# 
# Set to &quot;yes&quot; if you want to use data encription (secure, =
slower) 
# 
DATA_ENCRYPTION=3D&quot;yes&quot; 
 
## Type:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; yesno 
## Default:&nbsp;&nbsp;&nbsp;&nbsp; yes 
# 
# Set to &quot;yes&quot; if you want to generate cacheinfo file 
# 
REGENERATE_CACHE_INFO=3D&quot;yes&quot; 
 
## Type:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; string 
## Default:&nbsp;&nbsp;&nbsp;&nbsp; &quot;&quot; 
# 
# AFS client configuration options 
# 
XXLARGE=3D&quot;-stat 4000 -dcache 4000 -daemons 6 -volumes 256 -files
50000&quot; 
XLARGE=3D&quot;-stat 3600 -dcache 3600 -daemons 5 -volumes 196 -files =
50000&quot; 
LARGE=3D&quot;-stat 2800 -dcache 2400 -daemons 5 -volumes 128&quot; 
MEDIUM=3D&quot;-stat 2000 -dcache 800 -daemons 3 -volumes 70&quot; 
SMALL=3D&quot;-stat 300 -dcache 100 -daemons 2 -volumes 50&quot; 
 
## Type:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; yesno 
## Default:&nbsp;&nbsp;&nbsp;&nbsp; yes 
# 
# Instead of mounting the home cell's root.afs volume at the AFS mount =
 
# point (typically /afs) a fake root is constructed from information =
 
# available in the client's CellServDB. 
# With this option enabled openafs can start up even on network =
outage. 
# 
DYNROOT=3D&quot;no&quot; 
 
## Type:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; yesno 
## Default:&nbsp;&nbsp;&nbsp;&nbsp; yes 
# 
# use memory-only cache 
# 
MEMCACHE=3D&quot;yes&quot; 
 
## Type:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; string(AUTOMATIC) 
## Default:&nbsp;&nbsp;&nbsp;&nbsp; AUTOMATIC 
# 
# if you set CACHESIZE to &quot;AUTOMATIC&quot;, it will automatically =
be
chosen 
# deduced by parition sizes (does not work if your cache is on / or 
# /usr or /var) or by machine memory size for memory-only cache, 
# otherwise the values specified here will be used. 
# 
CACHESIZE=3D&quot;AUTOMATIC&quot; 
 
## Type:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
string(AUTOMATIC,$XXLARGE,$XLARGE,$LARGE,$MEDIUM,$SMALL) 
## Default:&nbsp;&nbsp;&nbsp;&nbsp; AUTOMATIC 
# 
# If you set OPTIONS to &quot;AUTOMATIC&quot;, the init script will =
choose a
set 
# of options based on the cache size, otherwise the values specified =
here 
# will be used. 
# 
OPTIONS=3D&quot;AUTOMATIC&quot; 
 
## Type:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
string(/var/cache/openafs) 
## Default:&nbsp;&nbsp;&nbsp;&nbsp; /var/cache/openafs 
# 
# Path to cache directory, it is recommended to use separate =
partition. 
# It does not work on reiserfs. A valid directory must be specified 
# even if memory only cache is used. 
# Recommended cache directory is &quot;/var/cache/openafs&quot; 
# 
CACHEDIR=3D&quot;/var/cache/openafs&quot; 
 
## Type:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; string(/afs) 
## Default:&nbsp;&nbsp;&nbsp;&nbsp; /afs 
# 
# AFS directory. You should never need to change this 
# 
AFSDIR=3D&quot;/afs&quot; 
 
## Type:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; yesno 
## Default:&nbsp;&nbsp;&nbsp;&nbsp; no 
# 
# Set to &quot;yes&quot; for a lot of debugging information from afsd. =
Only 
# useful for debugging as it prints _a lot_ of information. 
# 
VERBOSE=3D&quot;no&quot; 
END =
/etc/sysconfig/afs-client=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>/etc/security/pam_unix2.conf=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</span></font></p>

# pam_unix2 config file 
# 
# This file contains options for the pam_unix2.so module. 
# It contains a list of options for every type of management group, 
# which will be used for authentication, account management and 
# password management. Not all options will be used from all types =
of 
# management groups. 
# 
# At first, pam_unix2 will read this file and then uses the local 
# options. Not all options can be set her global. 
# 
# Allowed options are: 
# 
# =
debug&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp; (account,
auth, password, session) 
# nullok&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
(auth) 
# md5&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp; =
(password) 
# bigcrypt&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp; (password) 
# blowfish&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp; (password) 
# crypt_rounds=3DXX 
# =
none&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (session) 
# =
trace&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp; (session) 
# call_modules=3Dx,y,z&nbsp;&nbsp;&nbsp; (account, auth, password) 
# 
#&nbsp; Example: 
#&nbsp; auth:&nbsp;&nbsp;&nbsp; nullok 
#&nbsp; account: 
#&nbsp; password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; nullok blowfish =
crypt_rounds=3D8 
#&nbsp; session: none 
# 
auth: use_ldap nullok call_modules=3Dkrb5afs 
account:&nbsp;&nbsp;&nbsp; use_ldap 
password:&nbsp;&nbsp; use_ldap nullok 
session:&nbsp;&nbsp;&nbsp; none 
END/etc/security/pam_unix2.conf=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>/var/heimdal/kdc.conf=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>[libdefaults]<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; default_realm =3D TED-DORIS.FAM<br>
<br>
[realms]<br>
TED-DORIS.FAM =3D {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; kdc =3D 10.1.1.116:88<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; admin_server =3D 10.1.1.116:749<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; default_domain =3D ted-doris.fam<br>
}<br>
<br>
[domain_realm]<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ted-doris.fam =3D TED-DORIS.FAM<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .ted-doris.fam =3D TED-DORIS.FAM<br>
END =
/var/heimdal/kdc.conf=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>/etc/krb5.conf=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D</span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>[libdefaults]<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; default_realm =3D TED-DORIS.FAM<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; clockskew =3D 300<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br>
[realms]<br>
TED-DORIS.FAM =3D {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; admin_server =3D shemya<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; kpasswd_server =3D shemya<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; default_domain =3D ted-doris.fam<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; kdc =3D shemya<br>
}<br>
<br>
[domain_realm]<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .ted-doris.fam =3D TED-DORIS.FAM<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ted-doris.fam =3D TED-DORIS.FAM<br>
<br>
[logging]<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; default =3D SYSLOG:NOTICE:DAEMON<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; kdc =3D FILE:/var/log/kdc.log<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; kadmind =3D FILE:/var/log/kadmind.log<br>
<br>
[appdefaults]<br>
pam =3D {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ticket_lifetime =3D 1d<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; renew_lifetime =3D 1d<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; forwardable =3D true<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; proxiable =3D false<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; retain_after_close =3D false<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; minimum_uid =3D 0<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; afs_cells =3D ted_cell<br>
}<br>
 &nbsp;</span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>END =
/etc/krb5.conf=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<=
/span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>&nbsp;</span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>&nbsp;</span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>&nbsp;</span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>&nbsp;</span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>&nbsp;</span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>&nbsp;</span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>&nbsp;</span></font></p>

<p class=3DMsoPlainText><font size=3D2 face=3D"Courier New"><span =
style=3D'font-size:
10.0pt'>&nbsp;</span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

</div>

</body>

</html>

------=_NextPart_000_0009_01C3C7BD.5A665C70--