[OpenAFS] some simple openafs questions
Christian Ospelkaus
christian@core-coutainville.org
Thu, 24 Jul 2003 22:23:58 +0200
> 1) When using an afs client, the command `klog' fetches tokens from
> the campus server. Am I correct in thinking that this fetching
> involves use of kerberos on the campus server? I don't have
> kerberos installed on my client machine, though I have seen
> descriptions which involve installation of kerberos on the client
> machine. Is kerberos not required at the client end?
AFS comes along with some parts of a special Kerberos 4 implementation which
klog is parts of and which you have installed... Alternatively, there are
Kerberos packages token fetching via Kerberos V if your site provides it.
This involves installing some Kerberos libs etc.
> 2) I'm considering trying to install a Openafs server on a Debian
> machine. I am not completely clear from the documentation whether
> it is actually nececssary to install and configure kerberos
> (kerberos 5 seems to be the preferred version). Parts of the
> documentation suggest that one could use the `afs authentication
> system', whatever this is. Adding to my confusion is that the
> openafs debian packages openafs-dbserver and openafs-fileserver do
> not mention kerberos even as a recommends.
Well, it all depends. If you want to set up a server, you can either join
your University's AFS cell with your new server. This requires, however, that
the UNC admins would completely trust you because you would have to install
their AFS key on your server. I don't know how likely that is.
Otherwise, you could start setting up your own cell. This will however
involve setting up a Kerberos KDC; KV is indeed preferred - you can use
Heimdal or MIT. Both are nicely packaged for Debian. Heimdal has the
advantage that it can also provide support for V4 clients.
> If it is not necessary, is it still desirable to use kerberos?
If you are setting up a new cell, you _really_ need it, either some K5
(preferred), or the kaserver which is mentioned in the AFS documentation.
> Does a tutorial for AFS server installation on Debian exist anywhere?
> My impression is no.
/usr/doc/openafs-fileserver/README.Debian from the openafs-fileserver
package. When setting up a new cell, you will also need other packages. Below
the list of packages installed on one of my file- and dbservers:
openafs-client
openafs-dbserver
openafs-fileserver
openafs-kpasswd
openafs-krb5
openafs-modules-2. 1.2.9-0.woody1...
openafs-modules-source...
openafs-ptutil
Best regards,
Christian