[OpenAFS] mac install instructions

Dave Botsch botsch@cnf.cornell.edu
Thu, 1 Nov 2007 13:35:26 -0400 

See below...

On Thu, Nov 01, 2007 at 10:20:54AM -0700, David Bear wrote:
> On Thu, Nov 01, 2007 at 12:25:58PM -0400, Derrick Brashear wrote:
> > On 11/1/07, David Bear <David.Bear@asu.edu> wrote:
> > >
> 
> thanks. I was worried about other issues like 'integrated logon', ie.
> will the user need to klog from a term, or is there some kind of pam
> integration for afs -- or do I need to intall MIT kerb for mac ...
> etc.

Integrated login still needs to be configured separately. Depending on what
version of OS X you tried to do it on, it's quite easy now.

PAM is only used by ssh, in which case you would need a pam_krb auth module and
a pam-openafs-session session module.

For gui console logins, you edit /etc/authorization to enable Krb5
authentication (and make sure your kerberos realm is set up in
edu.mit.Kerberos). 

To also get tokens on logging in, there are two main choices. The first is a
Kerberos login_logout plugin. The second is to put aklog in the
/etc/mach_init_per_user.d

For working with AFS while logged in, you want to get two different tools:
1. Finder plugin which adds an AFS context menu for messing with things like
ACLs on directories
2. AFSTokens gui app for obtaining/destroying tokens and working with group
membership/owned groups.


> Also, last time we use openafs on a mac, finder would hang on occasion
> when accessing afs volumes so I assumed I had done something wrong on
> the install.

Finder still sometimes has issues... usually with either a firewall getting in
the way or if you are switching ip addresses.

> 
> last, since everyone has their own idea about where to put things, I
> was curious if there was something like transarc-paths or mac-paths or
> whatever .. I will just assume that need to look in
> /var/db/openafs/etc/ for configuration items -- also that openafs
> client with auto-start (when I install openafs on suse it does not
> auto-generate the start links in /etc/init.d/rcN.d ( or since mac is
> bsd would it be /usr/local/etc/rc?? )
> 
> 

Well, the openafs package for Mac puts stuff in /var/db/openafs and in
/Library/OpenAFS .. the startup script should also go in the right place for
Mac and start openafs on boot.

Config stuff is /var/db/openafs/etc


> -- 
> David Bear
> phone: 	602-496-0424
> fax: 	602-496-0955
> College of Public Programs/ASU
> University Center Rm 622
> 411 N Central
> Phoenix, AZ 85007-0685
>  "Beware the IP portfolio, everyone will be suspect of trespassing"
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
> 

-- 
********************************
David William Botsch
Programmer/Analyst
CNF Computing
botsch@cnf.cornell.edu
********************************