[OpenAFS] Debian - openafs -noauth problems

[Russ Allbery]

Sergio Gelato <Sergio.Gelato@astro.su.se> writes:

> One aspect that I found to be insufficiently documented is the need to
> write your realm name in /etc/openafs/server/krb.conf . It's been
> mentioned before on this mailing list, but seems to be missing from both
> Debian's and Gentoo's instructions, presumably because it's only needed
> when your cell name doesn't match your realm name.

This is now in the Debian instructions in Subversion and will be there in
the next upload.  (I'm hoping to upload a new package in a week or so; I'm
not sure yet if it will be 1.3.87-2 or a 1.4 RC -- probably the latter.)

>> There is a tool called pt_util for initially creating a
>> PTDB-Database-file without any tokens needed (The first space in the
>> 3rd line is important!):

> (And afs-newcell obfuscates that space.)

Oh, and so it does.  I missed that.  It will be unobfuscated in the next
upload.

> 1. "bos addhost" put my server's IP address between square brackets in
> /etc/openafs/server/CellServDB. This caused the server (the only one in
> the cell at this point) not to count for quorum, and "vos create ...
> root.afs" to fail. Edit the file, remove the brackets, "bos restart",
> continue.

This one is odd.  I've worked around it by avoiding bos addhost in the
next version of afs-newcell, but I need to track down why bos addhost
didn't work.  It should have.

> 2. I'm not 100% sure that this would have been a problem, but as my
> afsd starts with -dynroot by default I chose to stop it and restart
> it with a static root before running afs-rootvol. 

Sergio since wrote a patch to allow afs-rootvol to work with -dynroot, and
that has been applied and will be in the next release.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>