Hi again
Still trying to set op the OpenAFS server with Kerberos.
A few questions:
- Is a problem to have all kadmin, kdc, openafs server, and open afsclient
on same machine? Easier if I can very fy the server setup of
kerberos/openafs,
on just one machine.
- I have gotten to the part in your "krb5Scripts.txt" file with haedline
"Create an AFS principal in the Kerberos database. Call it:"
Ok then I do that but when I come to "asetkey list" command to list my
AFS KeyFile, it seems I have no such keyfile. How can I create that ?
- I got your fine "afs-client" script along with the aliases "startc", "stopc"
to work fine. But what do I need to have set up before trying to invoke
"afs-server". But perhaps it's the very final step :-) ?
My kdc.conf, kadm5.acl and krb5.conf files currently look like this:
-- kdc.conf --
[kdcdefaults]
acl_file = /var/lib/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/lib/kerberos/krb5kdc/kadm5.keytab
v4_mode = nopreauth
[realms]
DELTA.LOCAL = {
master_key_type = des-cbc-crc
supported_enctypes = arcfour-hmac:normal arcfour-hmac:norealm
arcfour-hmac:onlyrealm des3-hmac-sha1:normal des-hmac-sha1:normal
des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
}
-- kadm5.acl --
*/[EMAIL PROTECTED] *
root/[EMAIL PROTECTED] *
[EMAIL PROTECTED] ADMCIL
ml/[EMAIL PROTECTED] il */[EMAIL PROTECTED]
[EMAIL PROTECTED] cil *1/[EMAIL PROTECTED]
*/[EMAIL PROTECTED] i
-- krb5.conf --
[logging]
default = FILE:/var/log/krb5/krb5libs.log
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = DELTA.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
DELTA.LOCAL = {
kdc = afs1.delta.local:88
admin_server = afs1.delta.local:749
default_domain = delta.local
}
[domain_realm]
.delta.local = DELTA.LOCAL
delta.local = DELTA.LOCAL
[kdc]
profile = /var/lib/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
afs_krb5 = {
DELTA.LOCAL = {
afs = false
}
}
------------------
-Regards Martin Lütken
-----Original Message-----
From: ted creedon [mailto:[EMAIL PROTECTED]
Sent: Mon 4/2/2007 4:18 PM
To: Martin Lütken
Subject: RE: [OpenAFS] Initial server setup
/usr/vice/cache is a directory under /usr/vice along with /usr/vice/etc, and
/vicepa should be on the same drive for small systems (e.g. /usr/vice is
/dev/sda1 and /vicepa is /dev/sda2)
You want /usr/vice/etc preserved in case you unplug the drives and relocate
them en-masse to another box. That way you don't have to set anything up -
in fact I'd recommend putting /usr/afs on its own partition, say /dev/sda3,
so all of afs moves with /dev/sda. That's why I use the scripts to set up
trial afs systems, takes about 5 minutes for a total re-do.
There's no hard and fast rule, except that the /vicepxx's be on individual
partitions.
Roll your own.
Tedc
_____
From: Martin Lütken [mailto:[EMAIL PROTECTED]
Sent: Monday, April 02, 2007 3:40 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [OpenAFS] Initial server setup
ted creedon wrote:
PS if you make a new opensuse system use ext3 filesystems and make a
partition:
/usr/afs 1gig #client cache
/vicepa however many gig you want , I use 250gig #server volumes and data
This way if you blow the os away, you'll probably be able to save the client
and server data
I created the /usr/afs partition, but it seems to me that we directed the
cache to /usr/vice/cache ?
Should I instead have created the /usr/vice as a seperate partition?
-Martin
_____
From: openafs-info-admin
@openafs.org [mailto:[EMAIL PROTECTED] On Behalf Of Martin
Lütken
Sent: Tuesday, March 20, 2007 8:40 AM
To: [email protected]
Subject: Re: [OpenAFS] Initial server setup
