| Getting Started on Linux Systems | ||
|---|---|---|
 | Chapter 4. Installing Additional Client Machines |  |
| Getting Started on Linux Systems | ||
|---|---|---|
| | Chapter 4. Installing Additional Client Machines | |
In this section you load AFS into the Linux kernel. Then incorporate AFS modifications into the machine's Pluggable Authentication Module (PAM) system, if you wish to enable AFS login.
The modprobe program is the dynamic kernel loader for Linux. Linux does not support incorporation of AFS modifications during a kernel build.
For AFS to function correctly, the modprobe program must run each time the machine reboots, so your distributions's AFS initialization script invokes it automatically. The script also includes commands that select the appropriate AFS library file automatically. In this section you run the script.
In a later section you also verify that the script correctly initializes the Cache Manager, then activate a configuration variable, which results in the script being incorporated into the Linux startup and shutdown sequence.
The procedure for starting up OpenAFS depends upon your distribution
OpenAFS ships RPMS for all current Fedora and RHEL releases.
Download and install the RPM set for your operating system. RPMs are available from the OpenAFS web site. You will need the openafs, openafs-server, openafs-client and openafs-krb5 packages, along with an kmod-openafs package matching your current, running ,kernel.
You can find the version of your current kernel by running
# uname -r
2.6.20-1.2933.fc6
Once downloaded, the packages may be installed with the rpm command
# rpm -U openafs-* openafs-client-* openafs-server-* openafs-krb5-* kmod-openafs-*
If you are running a system where the OpenAFS Binary Distribution is provided as a tar file, or where you have built the system from source yourself, you need to install the relevant components by hand
Unpack the distribution tarball. The examples below assume that you have unpacked the files into the /tmp/afsdistdirectory. If you pick a different location, substitute this in all of the following examples. Once you have unpacked the distribution, change directory as indicated.
# cd /tmp/afsdist/linux/dest/root.client/usr/vice/etc
Copy the AFS kernel library files to the local /usr/vice/etc/modload directory.
The filenames for the libraries have the format libafs-version.o, where
version indicates the kernel build level. The string .mp in
the version indicates that the file is appropriate for machines running a multiprocessor
kernel.
# cp -rp modload /usr/vice/etc
Copy the AFS initialization script to the local directory for initialization files (by convention, /etc/rc.d/init.d on Linux machines). Note the removal of the .rc extension as you copy the script.
# cp -p afs.rc /etc/rc.d/init.d/afs
At this point you incorporate AFS into the operating system's Pluggable Authentication Module (PAM) scheme. PAM integrates all authentication mechanisms on the machine, including login, to provide the security infrastructure for authenticated access to and from the machine.
At this time, we recommend that new sites requiring AFS credentials
to be gained as part of PAM authentication use Russ Alberry's
pam_afs_session, rather than utilising the bundled pam_afs2 module.
A typical PAM stack should authenticate the user using an external
Kerberos V service, and then use the AFS PAM module to obtain AFS
credentials in the session section
If you are at a site which still requires kaserver or external Kerberos v4 based authentication, please consult Enabling kaserver based AFS Login on Linux Systems for further installation instructions.
Proceed to Loading and Creating Client Files.
| |  | |
| Performing Platform-Specific Procedures |  | Getting Started on Solaris Systems |