Versions Compared

Old Version 89

changes.mady.by.user David William Botsch

Saved on

compared with

New Version 90

changes.mady.by.user David William Botsch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

CNF users with a Cornell GuestID (username begins with gid- will not be able to authenticate to CNF AFS unless connected to the Cornell VPN. To connect to the Cornell VPN, please follow the "CNF Group VPN - for users with a Cornell GuestID" instructions on our Coral from Off Campus webpage.

Installing

Linux

Kernel 4.4 (3.x for Debian/Ubuntu/Mint based distros)

OpenAFS is not currently compatible with Linux kernel 4.4 or higher – you will experience data corruption. Debian/Ubuntu/Mint based distros have backported the kernel patch breaking AFS to 3.x kernels.

OpenAFS or kAFS

We suggest first checking if an OpenAFS package is available from the OpenAFS.org website. If not, please check the packages distributed for your Linux distribution.

Keep in mind that sometimes the available packages for your linux distribution are several versions behind the current release on the OpenAFS.org website. If this is the case, double check that you are not installing an older version with known data corruption or security bugs. 

The linux kernel now includes an in-kernel version of afs called "kafs" . Check with your linux distribution if kafs is enabled and/or available. If you run into problems with kafs, please let the developer know, as kafs is still a work in progress. In addition to the previous links, there is kernel documentation on kafs. 

OpenAFS Kernel Module Patching

If you need to only rebuild an OpenAFS kernel module manually (eg patch), you will need to install additional devel tool Build an OpenAFS kernel module containing a workaround using the following instructions (you may need to install additional devel tools and libraries such as GIT and the Kernel kernel devel libraries on your system). The below snippits show cloning openafs from git and building just the kernel module:


Code Block
languagebash
git clone git://git.openafs.org/openafs.git

cd openafs

git checkout --track -b origin/openafs-stable-1_6_x

git fetch http://gerrit.openafs.org/openafs refs/changes/17/12217/1 && git cherry-pick FETCH_HEAD
git fetch http://gerrit.openafs.org/openafs refs/changes/70/12170/3 && git cherry-pick FETCH_HEAD
git fetch http://gerrit.openafs.org/openafs refs/changes/69/12169/2 && git cherry-pick FETCH_HEAD<tag_for_the_version_of_afs>

# Add any patches

sh regen.sh

./configure

make libafs

...

Linux installations vary by distribution. Some distributions may include versions of OpenAFS or kAFS either stock or as an add-on. Downloads are also available from the main www.openafs.org website.

For linux, be sure to use 1.6.17 or greater.

If you need to build your own OpenAFS RPMs from the OpenAFS git source tree, see this page.

Redhat Enterprise Linux and Fedora

The best source of RPMs for RHEL and for Fedora are the jsbillings Copr repositories. There are two repositories, and you will need both. First is the main OpenAFS client Copr repository and second is the OpenAFS kernel module repository . You should install both repositories on your system as the main repo depends on the kernel modules in the kmod repo. For the kernel modules, CNF recommends using dkms (and the dkms-openafs RPM) instead of individual kernel version specific modules.

Note that the JSBillings Copr repositories change from the old Transarc paths for OpenAFS binaries, config files, and cache partition locations to Linux Standard Base compatible locations.

is the OpenAFS website. You will download and rebuild the OpenAFS source rpm (SRPM). 

After bulding binary RPMs, you You will want to install the following RPMs:

...

Code Block
[libdefaults]
allow_weak_crypto = true
 ticket_lifetime = 30d
 renew_lifetime = 30d
 forwardable = true
 renewable = true

[realms]
 CIT.CORNELL.EDU = {
  kdc = kerberos.cit.cornell.edu:88
  kdc = kerberos2.cit.cornell.edu:88
  admin_server = kerberos.cit.cornell.edu:749
  default_domain = cit.cornell.edu
 }

CNF.CORNELL.EDU = {
        kdc = hole.cnf.cornell.edu:88
        kdc = smoke.cnf.cornell.edu:88
        kdc = mist.cnf.cornell.edu:88
        admin_server = hole.cnf.cornell.edu:749
        default_domain = cnf.cornell.edu
}

CORNELL.EDU = {
  kdc = ad7ad1.cornell.edu
  kdc = ad8ad2.cornell.edu
   default_domainkdc = ad3.cornell.edu
 }    

GUEST.CORNELL.EDU = {
  kdc  kdc = obsidian1ad4.cit.cornell.edu:88
         kdc = obsidian2ad9.cit.cornell.edu:88
     admin_serverkdc = obsidian1ad19.cit.cornell.edu
     defaultdefault_domain = guest.cornell.edu
 }    


[domain_realm]
 .cit.cornell.edu = CIT.CORNELL.EDU
 cit.cornell.edu = CIT.CORNELL.EDU
 .mail.cornell.edu = CIT.CORNELL.EDU
 mail.cornell.edu = CIT.CORNELL.EDU
.cnf.cornell.edu = CNF.CORNELL.EDU
 cnf.cornell.edu = CNF.CORNELL.EDU

If using MIT Kerberos, you must also set the following in your krb5.conf (Heimdal uses a different syntax for the capaths section):

Code Block
[capaths]
CIT.CORNELL.EDU = {
    CNF.CORNELL.EDU = .
}

GUEST.CORNELL.EDU = {
    CNF.CORNELL.EDU = .
}

CORNELL.EDU = {
    CNF.CORNELL.EDU = .
}

...