[OpenAFS] some simple openafs questions

Christian Ospelkaus christian@core-coutainville.org
Thu, 24 Jul 2003 22:23:58 +0200


> 1) When using an afs client, the command `klog' fetches tokens from
>    the campus server. Am I correct in thinking that this fetching
>    involves use of kerberos on the campus server? I don't have
>    kerberos installed on my client machine, though I have seen
>    descriptions which involve installation of kerberos on the client
>    machine. Is kerberos not required at the client end?

AFS comes along with some parts of a special Kerberos 4 implementation which 
klog is parts of and which you have installed... Alternatively, there are 
Kerberos packages token fetching via Kerberos V if your site provides it. 
This involves installing some Kerberos libs etc.

> 2) I'm considering trying to install a Openafs server on a Debian
>    machine. I am not completely clear from the documentation whether
>    it is actually nececssary to install and configure kerberos
>    (kerberos 5 seems to be the preferred version). Parts of the
>    documentation suggest that one could use the `afs authentication
>    system', whatever this is. Adding to my confusion is that the
>    openafs debian packages openafs-dbserver and openafs-fileserver do
>    not mention kerberos even as a recommends.

Well, it all depends. If you want to set up a server, you can either join 
your University's AFS cell with your new server. This requires, however, that 
the UNC admins would completely trust you because you would have to install 
their AFS key on your server. I don't know how likely that is.

Otherwise, you could start setting up your own cell. This will however 
involve setting up a Kerberos KDC; KV is indeed preferred - you can use 
Heimdal or MIT. Both are nicely packaged for Debian. Heimdal has the 
advantage that it can also provide support for V4 clients. 

> If it is not necessary, is it still desirable to use kerberos?

If you are setting up a new cell, you _really_ need it, either some K5 
(preferred), or the kaserver which is mentioned in the AFS documentation.

> Does a tutorial for AFS server installation on Debian exist anywhere?
> My impression is no.

/usr/doc/openafs-fileserver/README.Debian from the openafs-fileserver 
package. When setting up a new cell, you will also need other packages. Below 
the list of packages installed on one of my file- and dbservers:

openafs-client 
openafs-dbserver 
openafs-fileserver 
openafs-kpasswd  
openafs-krb5
openafs-modules-2. 1.2.9-0.woody1...
openafs-modules-source...
openafs-ptutil

Best regards,

Christian