[OpenAFS] Last very few steps: hints please!

Sensei senseiwa@tin.it
Wed, 31 Mar 2004 16:02:26 +0200 

Hi. I'm back to terrorize you with my questions :)

In my dept, we've done this:

- Kerberos 5 authentication (MIT)
- LDAP for information retreiving (over kerberos/gssapi) like home
   directories, preferred shell, office number, email... (OpenLDAP)

Now, I was setting up a cell *against* kerberos. This is what I've done:

On kadmin:

addprinc -randkey afs
addprinc -randkey afs/host.name

ktadd -e des-cbc-crc:v4 afs
ktadd -e des-cbc-crc:v4 afs/host.name

=== OK (Look at the KVNOs)

asetkey add <KVNO> /etc/krb5.keytab afs/host.name
asetkey add <KVNO> /etc/krb5.keytab afs

=== OK

asetkey list
kvno   <KVNO>: key is <HEX_NUMBER>
kvno   <KVNO>: key is <HEX_NUMBER>
All done.

=== OK

./bosserver -noauth &
[1] 1360
[1]+ Done      ./bosserver -noauth

=== OK

./bos setcellname host.name plm.cell

=== OK

./bos create -server host.name -instance ptserver -type simple -cmd 
/usr/afs/bin/ptserver -cell plm.cell

=== OK

./bos create -server host.name -instance vlserver -type simple -cmd 
/usr/afs/bin/vlserver -cell plm.cell

=== OK

./bos addhost -server host.name -host host.name -cell plm.cell -noauth

=== OK

bos adduser -server host.name admin -cell plm.cell -noauth

=== OK

./bos listhosts host.name -noauth
Cell name is plm.cell
     Host 1 is host.name

=== OK

./bos listkeys servername -cell plm.cell -noauth
key <KVNO> has cksum <HEX_NUMBER>
key <KVNO> has cksum <HEX_NUMBER>
Key last chaged on Wed Mar <THE DATE AND TIME>
All done.

=== OK

./pts createuser -name admin -cell plm.cell -noauth
User admin has id 1

=== OK

./pts adduser admin system:administrators -cell plm.cell -noauth

=== OK

./pts membership admin -cell plm.cell -noauth
Groups admin (id: 1) is a member of:
    system:administrators

=== OK

./bos restart host.name -all -cell plm.cell -noauth

=== OK

./bos create -server host.name -instance fs -type fs -cmd 
/usr/afs/bin/fileserver -cmd /usr/afs/bin/volserver -cmd 
/usr/afs/bin/salvager -cell plm.cell -noauth

 >>> REMOVED vlserver from -cmd sequence

=== OK

./bos status host.name fs -long -noauth

=== OK

./vos create -server host.name -partition /vicepa -name root.afs -cell 
plm.cell -noauth
Volume 274141546154 created on partition /vicepa of host.name

=== OK

./bos shutdown host.name -wait
bos: a pioctl failed (getting tickets)
bos: running unauthenticated
File server restart/shutdown received at Thu Mar 18 14:55:43 2004
File server has terminated normally at Thu Mar 18 14:55:43 2004

=== OK

pkill bosserver

=== OK

Edited afs.conf in order to start afs server

=== OK

Reboot.

Now, what should I do? I'd like to login from the shell (using pam) and 
get my ticket along with my token...

I have to setup a client, right? I'm using debian woody (stable) and I 
have no pam_krb5afs module. I should download it right? There's no way 
to remain in woody?

-- 
Sensei <senseiwa:tin.it> <icq:241572242> <msn:Sensei_Sen:hotmail.com>

f u cn rd ths u r usng unx