Jacques Delsemme

Installing OpenAFS Client in Linux/Ubuntu at UCSC

This has been verified to work with Ubuntu 16.04.

It assumes that you have already installed Kerberos correctly, and that you authenticate through it when you login. You will also need to sync your clock with the local ntp server ntp.ucsc.edu (Kerberos/AFS is sensitive to time discrepancies).

  1. Verify that you have the following packages installed (with synaptic or apt-get): 
      krb5-config
  krb5-user
  libpam-krb5
  ntp
  2. Check that your /etc/ntp.conf file contains the line server ntp.ucsc.edu.
  3. Be sure that you use both the same username and userid as those used by UCSC (if you don't know your userid, check in /afs/cats.ucsc.edu/service/passwd).
  4. Insert this line in your /etc/krb5.conf file in the [libdefaults] section: 
       allow_weak_crypto = true

Initial installation (do this just once)

  1. Install the following packages via the command line: 
      sudo apt-get install openafs-client openafs-krb5 libpam-afs-session
  sudo apt-get install module-assistant
  2. Configure openAFS in /etc/openafs (the contents of the files ThisCell, CellAlias, and CellServDB are specific to UCSC):
    1. In the file ThisCell, insert the line: 
          cats.ucsc.edu
    2. In the file CellAlias, insert the line: 
          .cats.ucsc.edu cats
    3. You may want to simplify the content of the file CellServDB. By default it contains all AFS cells in the world, but if you only need to access the UCSC cell, your machine will boot faster if you remove all lines except those relevant to UCSC. Check that the IP addresses are correct too, as they may have changed. So keep and verify these 4 lines: 
        >cats.ucsc.edu		#UC Santa Cruz, Comm. and Tech. Services, California U.S.A
  128.114.123.8			#afs-prod-front-1.ucsc.edu
  128.114.123.9			#afs-prod-front-2.ucsc.edu
  128.114.123.10			#afs-prod-front-3.ucsc.edu

Installation (do this every time you install a new kernel)

  1. Install the openafs-modules with the correct kernel headers: 
      sudo module-assistant prepare openafs-modules
  sudo module-assistant auto-build openafs-modules
    This will create the openafs module package for your current kernel in /usr/src.
  2. Install the just created deb package: 
      sudo dpkg -i /usr/src/openafs-modules-*.deb
    As you do this several times, the kernel version changes, and you will need to be more specific so that you pick up only the latest module.
  3. Start the openafs client: 
      sudo service openafs-client start

How to use openafs

To use openafs at UCSC, you need VPN, otherwise you won’t be able to get your credentials from the kerberos server.

Login

To get the AFS credentials, use the commands: 

  kinit mycruzid
  aklog

Files

All files for UCSC are under /afs/cats.ucsc.edu.

W3C validators: check nu css links https://www.delsemme.org/jacques/howtos/openafs.php
Last modified Sunday, January 1, 2017 @ 09:44pm
Contact