TWiki> DICE Web>OpenAFS (revision 4)EditAttach

Test OpenAFS installation

I'm throwing together an installation of OpenAFS, integrated as far as possible with the existing components of the DICE infrastructure.

Tiny acorns

AFSInstallationNotes details the steps required to get a minimal OpenAFS service for the inf.ed.ac.uk domain up and running. This is based on the 1.2.11 release from openafs.org, and integrates with our Kerberos V service for user authentication. Note that it requires a running krb524d, which must have access to the AFS server key. With the changes in MIT Kerberos with 1.2.6, this isn't doing 524 conversion, but just helping aklog construct Kerberos tokens.

We currently have two 'useful' AFS realms mounted at the top level, in addition to inf.ed.ac.uk * athena.mit.edu * grand.central.org If anyone would like to see other realms made available, let me know!

The current AFS test machine is dufus.inf.ed.ac.uk. Note that AFS files on dufus are not being backed up. That said, if you'd like an AFS homedirectory please let me know.

AFSUserManagement describes how to create new users in the AFS domain, and how to manage those users.

Notes

One step at a time

Next steps:

  • Write a component to configure a machine as an AFS client.
  • Look at moving the krb524 service local to the AFS server.
  • Look at adding additional servers.
  • Look at opening some firewall holes to duffus, to try AFS from home.

Open issues:

  • The AFS kernel module appears to not work, or sometimes even build, reliably against 2.6 kernels

Long term questions (if we decided to use AFS in a big way):

  • Could AFS account creation be integrated into the Account Management Toolset?
  • Could AFS group membership be controlled via LDAP?

How to BuildOpenAFSKerberosStuff

How to DestroyAFSCell

-- SimonWilkinson - 19 Jul 2004

Edit | Attach | Print version | History: r8 | r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r4 - 03 Apr 2005 - 23:00:21 - SimonWilkinson
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies