Getting Started on HP-UX Systems

In this section you build AFS into the HP-UX kernel. Then incorporate AFS modifications into the machine's Pluggable Authentication Module (PAM) system, if you wish to enable AFS login.

Building AFS into the HP-UX Kernel

On HP-UX systems, you must build AFS modifications into a new static kernel; HP-UX does not support dynamic loading. If the machine's hardware and software configuration exactly matches another HP-UX machine on which AFS is already built into the kernel, you can choose to copy the kernel from that machine to this one. In general, however, it is better to build AFS modifications into the kernel on each machine according to the following instructions.

  1. Move the existing kernel-related files to a safe location.

       # cp /stand/vmunix /stand/vmunix.noafs
       # cp /stand/system /stand/system.noafs
  2. Unpack the OpenAFS HP-UX distribution tarball. The examples below assume that you have unpacked the files into the /tmp/afsdist directory. If you pick a different location, substitute this in all of the following examples. Once you have unpacked the distribution, change directory as indicated.

       # cd /tmp/afsdist/hp_ux110/dest/root.client
  3. Copy the AFS initialization file to the local directory for initialization files (by convention, /sbin/init.d on HP-UX machines). Note the removal of the .rc extension as you copy the file.

       # cp usr/vice/etc/afs.rc  /sbin/init.d/afs
  4. Copy the file afs.driver to the local /usr/conf/master.d directory, changing its name to afs as you do.

       # cp  usr/vice/etc/afs.driver  /usr/conf/master.d/afs
  5. Copy the AFS kernel module to the local /usr/conf/lib directory.

    If the machine's kernel supports NFS server functionality:

       # cp bin/libafs.a /usr/conf/lib   

    If the machine's kernel does not support NFS server functionality, change the file's name as you copy it:

       # cp bin/libafs.nonfs.a /usr/conf/lib/libafs.a
  6. Incorporate the AFS driver into the kernel, either using the SAM program or a series of individual commands.

    • To use the SAM program:

      1. Invoke the SAM program, specifying the hostname of the local machine as local_hostname. The SAM graphical user interface pops up.

           # sam -display local_hostname:0 
      2. Choose the Kernel Configuration icon, then the Drivers icon. From the list of drivers, select afs.

      3. Open the pull-down Actions menu and choose the Add Driver to Kernel option.

      4. Open the Actions menu again and choose the Create a New Kernel option.

      5. Confirm your choices by choosing Yes and OK when prompted by subsequent pop-up windows. The SAM program builds the kernel and reboots the system.

      6. Login again as the superuser root.

           login: root
           Password: root_password
    • To use individual commands:

      1. Edit the file /stand/system, adding an entry for afs to the Subsystems section.

      2. Change to the /stand/build directory and issue the mk_kernel command to build the kernel.

           # cd /stand/build
           # mk_kernel
      3. Move the new kernel to the standard location (/stand/vmunix), reboot the machine to start using it, and login again as the superuser root.

           # mv /stand/build/vmunix_test /stand/vmunix
           # cd /
           # shutdown -r now             
           login: root
           Password: root_password

Enabling AFS Login on HP-UX Systems

At this point you incorporate AFS into the operating system's Pluggable Authentication Module (PAM) scheme. PAM integrates all authentication mechanisms on the machine, including login, to provide the security infrastructure for authenticated access to and from the machine.

In modern AFS installations, you should be using Kerberos v5 for user login, and obtaining AFS tokens subsequent to this authentication step. OpenAFS does not currently distribute a PAM module allowing AFS tokens to be automatically gained at login. Whilst there are a number of third party modules providing this functionality, it is not know if these have been tested with HP/UX.

Following login, users can obtain tokens by running the aklog command

If you are at a site which still requires kaserver or external Kerberos v4 based authentication, please consult Enabling kaserver based AFS Login on HP-UX systems for further installation instructions.