Getting Started on Linux Systems

In this section you load AFS into the Linux kernel. Then incorporate AFS modifications into the machine's Pluggable Authentication Module (PAM) system, if you wish to enable AFS login.

Loading AFS into the Linux Kernel

The modprobe program is the dynamic kernel loader for Linux. Linux does not support incorporation of AFS modifications during a kernel build.

For AFS to function correctly, the modprobe program must run each time the machine reboots, so your distributions's AFS initialization script invokes it automatically. The script also includes commands that select the appropriate AFS library file automatically. In this section you run the script.

In a later section you also verify that the script correctly initializes the Cache Manager, then activate a configuration variable, which results in the script being incorporated into the Linux startup and shutdown sequence.

The procedure for starting up OpenAFS depends upon your distribution

Fedora and RedHat Enterprise Linux

OpenAFS ships RPMS for all current Fedora and RHEL releases.

  1. Download and install the RPM set for your operating system. RPMs are available from the OpenAFS web site. You will need the openafs, openafs-server, openafs-client and openafs-krb5 packages, along with an kmod-openafs package matching your current, running ,kernel.

    You can find the version of your current kernel by running

      # uname -r
    2.6.20-1.2933.fc6
    

    Once downloaded, the packages may be installed with the rpm command

      # rpm -U openafs-* openafs-client-* openafs-server-* openafs-krb5-* kmod-openafs-*
    

Systems packaged as tar files

If you are running a system where the OpenAFS Binary Distribution is provided as a tar file, or where you have built the system from source yourself, you need to install the relevant components by hand

  1. Unpack the distribution tarball. The examples below assume that you have unpacked the files into the /tmp/afsdistdirectory. If you pick a different location, substitute this in all of the following examples. Once you have unpacked the distribution, change directory as indicated.

      # cd /tmp/afsdist/linux/dest/root.client/usr/vice/etc
    
  2. Copy the AFS kernel library files to the local /usr/vice/etc/modload directory. The filenames for the libraries have the format libafs-version.o, where version indicates the kernel build level. The string .mp in the version indicates that the file is appropriate for machines running a multiprocessor kernel.

       # cp -rp  modload  /usr/vice/etc
    
  3. Copy the AFS initialization script to the local directory for initialization files (by convention, /etc/rc.d/init.d on Linux machines). Note the removal of the .rc extension as you copy the script.

       # cp -p   afs.rc  /etc/rc.d/init.d/afs 
    

Enabling AFS Login on Linux Systems

At this point you incorporate AFS into the operating system's Pluggable Authentication Module (PAM) scheme. PAM integrates all authentication mechanisms on the machine, including login, to provide the security infrastructure for authenticated access to and from the machine.

At this time, we recommend that new sites requiring AFS credentials to be gained as part of PAM authentication use Russ Alberry's pam_afs_session, rather than utilising the bundled pam_afs2 module. A typical PAM stack should authenticate the user using an external Kerberos V service, and then use the AFS PAM module to obtain AFS credentials in the session section

If you are at a site which still requires kaserver or external Kerberos v4 based authentication, please consult Enabling kaserver based AFS Login on Linux Systems for further installation instructions.

Proceed to Loading and Creating Client Files.