Begin by building AFS modifications into a new kernel; HP-UX does not support dynamic loading. Then create partitions for storing AFS volumes, and install and configure the AFS-modified fsck program to run on AFS server partitions. If the machine is to remain an AFS client machine, incorporate AFS into the machine's Pluggable Authentication Module (PAM) scheme.
Use the following instructions to build AFS modifications into the kernel on an HP-UX system.
Move the existing kernel-related files to a safe location.
# cp /stand/vmunix /stand/vmunix.noafs # cp /stand/system /stand/system.noafs
Unpack the OpenAFS HP-UX distribution tarball. The examples below assume that you have unpacked the files into the /tmp/afsdist directory. If you pick a different location, substitute this in all of the following examples. Once you have unpacked the distribution, change directory as indicated.
# cd /tmp/afsdist/hp_ux110/dest/root.client
Copy the AFS initialization file to the local directory for initialization files (by convention, /sbin/init.d on HP-UX machines). Note the removal of the .rc extension as you copy the file.
# cp usr/vice/etc/afs.rc /sbin/init.d/afs
Copy the file afs.driver to the local /usr/conf/master.d directory, changing its name to afs as you do.
# cp usr/vice/etc/afs.driver /usr/conf/master.d/afs
Copy the AFS kernel module to the local /usr/conf/lib directory.
If the machine's kernel supports NFS server functionality:
# cp bin/libafs.a /usr/conf/lib
If the machine's kernel does not support NFS server functionality, change the file's name as you copy it:
# cp bin/libafs.nonfs.a /usr/conf/lib/libafs.a
Incorporate the AFS driver into the kernel, either using the SAM program or a series of individual commands.
To use the SAM program:
Invoke the SAM program, specifying the hostname of the local machine
local_hostname. The SAM graphical user
interface pops up.
# sam -display
Choose the Kernel Configuration icon, then the Drivers icon. From the list of drivers, select afs.
Open the pull-down Actions menu and choose the Add Driver to Kernel option.
Open the Actions menu again and choose the Create a New Kernel option.
Confirm your choices by choosing Yes and OK when prompted by subsequent pop-up windows. The SAM program builds the kernel and reboots the system.
Login again as the superuser root.
login: root Password:
To use individual commands:
Edit the file /stand/system, adding an entry for afs to the
Change to the /stand/build directory and issue the mk_kernel command to build the kernel.
# cd /stand/build # mk_kernel
Move the new kernel to the standard location (/stand/vmunix), reboot the machine to start using it, and login again as the superuser root.
# mv /stand/build/vmunix_test /stand/vmunix # cd / # shutdown -r now login: root Password:
Every AFS file server machine must have at least one partition or logical volume dedicated to storing AFS volumes. Each
server partition is mounted at a directory named /vicep
xx is one or two lowercase letters. The /vicep
xx directories must reside in the file server machine's root
directory, not in one of its subdirectories (for example, /usr/vicepa is not an acceptable
directory location). For additional information, see Performing Platform-Specific Procedures.
Create a directory called /vicep
xx for each AFS server
partition you are configuring (there must be at least one). Repeat the command for each partition.
# mkdir /vicep
Use the SAM program to create a file system on each partition. For instructions, consult the HP-UX documentation.
On some HP-UX systems that use logical volumes, the SAM program automatically mounts the partitions. If it has not, mount each partition by issuing either the mount -a command to mount all partitions at once or the mount command to mount each partition in turn.
In this section, you make modifications to guarantee that the appropriate fsck program runs on AFS server partitions. The fsck program provided with the operating system must never run on AFS server partitions. Because it does not recognize the structures that the File Server uses to organize volume data, it removes all of the data. To repeat:
Never run the standard fsck program on AFS server partitions. It discards AFS volumes.
On HP-UX systems, there are several configuration files to install in addition to the AFS-modified fsck program (the vfsck binary).
Create the command configuration file /sbin/lib/mfsconfig.d/afs. Use a text editor to place the indicated two lines in it:
format_revision 1 fsck 0 m,P,p,d,f,b:c:y,n,Y,N,q,
Create and change directory to an AFS-specific command directory called /sbin/fs/afs.
# mkdir /sbin/fs/afs # cd /sbin/fs/afs
Copy the AFS-modified version of the fsck program (the vfsck binary) and related files from the distribution directory to the new AFS-specific command directory.
# cp -p /tmp/afsdist/hp_ux110/dest/root.server/etc/* .
Change the vfsck binary's name to fsck and set the mode bits appropriately on all of the files in the /sbin/fs/afs directory.
# mv vfsck fsck # chmod 755 *
Edit the /etc/fstab file, changing the file system type for each AFS server
afs. This ensures that the
AFS-modified fsck program runs on the appropriate partitions.
The sixth line in the following example of an edited file shows an AFS server partition, /vicepa.
/dev/vg00/lvol1 / hfs defaults 0 1 /dev/vg00/lvol4 /opt hfs defaults 0 2 /dev/vg00/lvol5 /tmp hfs defaults 0 2 /dev/vg00/lvol6 /usr hfs defaults 0 2 /dev/vg00/lvol8 /var hfs defaults 0 2 /dev/vg00/lvol9 /vicepa afs defaults 0 2 /dev/vg00/lvol7 /usr/vice/cache hfs defaults 0 2
If you plan to remove client functionality from this machine after completing the installation, skip this section and proceed to Starting the BOS Server.
At this point you incorporate AFS into the operating system's Pluggable Authentication Module (PAM) scheme. PAM integrates all authentication mechanisms on the machine, including login, to provide the security infrastructure for authenticated access to and from the machine.
In modern AFS installations, you should be using Kerberos v5 for user login, and obtaining AFS tokens subsequent to this authentication step. OpenAFS does not currently distribute a PAM module allowing AFS tokens to be automatically gained at login. Whilst there are a number of third party modules providing this functionality, it is not know if these have been tested with HP/UX.
Following login, users can obtain tokens by running the aklog command
Sites which still require kaserver or external Kerberos v4 authentication should consult Enabling kaserver based AFS login on HP-UX systems for details of how to enable HP-UX login.