In this section you build AFS into the HP-UX kernel. Then incorporate AFS modifications into the machine's Pluggable Authentication Module (PAM) system, if you wish to enable AFS login.
On HP-UX systems, you must build AFS modifications into a new static kernel; HP-UX does not support dynamic loading. If the machine's hardware and software configuration exactly matches another HP-UX machine on which AFS is already built into the kernel, you can choose to copy the kernel from that machine to this one. In general, however, it is better to build AFS modifications into the kernel on each machine according to the following instructions.
Move the existing kernel-related files to a safe location.
# cp /stand/vmunix /stand/vmunix.noafs # cp /stand/system /stand/system.noafs
Unpack the OpenAFS HP-UX distribution tarball. The examples below assume that you have unpacked the files into the /tmp/afsdist directory. If you pick a different location, substitute this in all of the following examples. Once you have unpacked the distribution, change directory as indicated.
# cd /tmp/afsdist/hp_ux110/dest/root.client
Copy the AFS initialization file to the local directory for initialization files (by convention, /sbin/init.d on HP-UX machines). Note the removal of the .rc extension as you copy the file.
# cp usr/vice/etc/afs.rc /sbin/init.d/afs
Copy the file afs.driver to the local /usr/conf/master.d directory, changing its name to afs as you do.
# cp usr/vice/etc/afs.driver /usr/conf/master.d/afs
Copy the AFS kernel module to the local /usr/conf/lib directory.
If the machine's kernel supports NFS server functionality:
# cp bin/libafs.a /usr/conf/lib
If the machine's kernel does not support NFS server functionality, change the file's name as you copy it:
# cp bin/libafs.nonfs.a /usr/conf/lib/libafs.a
Incorporate the AFS driver into the kernel, either using the SAM program or a series of individual commands.
To use the SAM program:
Invoke the SAM program, specifying the hostname of the local machine
local_hostname. The SAM graphical user
interface pops up.
# sam -display
Choose the Kernel Configuration icon, then the Drivers icon. From the list of drivers, select afs.
Open the pull-down Actions menu and choose the Add Driver to Kernel option.
Open the Actions menu again and choose the Create a New Kernel option.
Confirm your choices by choosing Yes and OK when prompted by subsequent pop-up windows. The SAM program builds the kernel and reboots the system.
Login again as the superuser root.
login: root Password:
To use individual commands:
Edit the file /stand/system, adding an entry for afs to the
Change to the /stand/build directory and issue the mk_kernel command to build the kernel.
# cd /stand/build # mk_kernel
Move the new kernel to the standard location (/stand/vmunix), reboot the machine to start using it, and login again as the superuser root.
# mv /stand/build/vmunix_test /stand/vmunix # cd / # shutdown -r now login: root Password:
At this point you incorporate AFS into the operating system's Pluggable Authentication Module (PAM) scheme. PAM integrates all authentication mechanisms on the machine, including login, to provide the security infrastructure for authenticated access to and from the machine.
In modern AFS installations, you should be using Kerberos v5 for user login, and obtaining AFS tokens subsequent to this authentication step. OpenAFS does not currently distribute a PAM module allowing AFS tokens to be automatically gained at login. Whilst there are a number of third party modules providing this functionality, it is not know if these have been tested with HP/UX.
Following login, users can obtain tokens by running the aklog command
If you are at a site which still requires kaserver or external Kerberos v4 based authentication, please consult Enabling kaserver based AFS Login on HP-UX systems for further installation instructions.
Proceed to Loading and Creating Client Files.