Getting Started on Solaris Systems

In this section you load AFS into the Solaris kernel. Then incorporate AFS modifications into the machine's Pluggable Authentication Module (PAM) system, if you wish to enable AFS login.

Loading AFS into the Solaris Kernel

The modload program is the dynamic kernel loader provided by Sun Microsystems for Solaris systems. Solaris does not support incorporation of AFS modifications during a kernel build.

For AFS to function correctly, the modload program must run each time the machine reboots, so the AFS initialization script (included on the AFS CD-ROM) invokes it automatically. In this section you copy the appropriate AFS library file to the location where the modload program accesses it and then run the script.

In a later section you verify that the script correctly initializes the Cache Manager, then create the links that incorporate AFS into the Solaris startup and shutdown sequence.

  1. Unpack the OpenAFS Solaris distribution tarball. The examples below assume that you have unpacked the files into the /tmp/afsdist directory. If you pick a diferent location, substitute this in all of the following exmaples. Once you have unpacked the distribution, change directory as indicated.

       # cd  /tmp/afsdist/sun4x_56/dest/root.client/usr/vice/etc
    
  2. Copy the AFS initialization script to the local directory for initialization files (by convention, /etc/init.d on Solaris machines). Note the removal of the .rc extension as you copy the script.

       # cp -p  afs.rc  /etc/init.d/afs
    
  3. Copy the appropriate AFS kernel library file to the local file /kernel/fs/afs.

    If the machine is running Solaris 11 on the x86_64 platform:

       # cp -p modload/libafs64.o /kernel/drv/amd64/afs
    

    If the machine is running Solaris 10 on the x86_64 platform:

       # cp -p modload/libafs64.o /kernel/fs/amd64/afs
    

    If the machine is running Solaris 2.6 or the 32-bit version of Solaris 7, its kernel supports NFS server functionality, and the nfsd process is running:

       # cp -p modload/libafs.o /kernel/fs/afs   
    

    If the machine is running Solaris 2.6 or the 32-bit version of Solaris 7, and its kernel does not support NFS server functionality or the nfsd process is not running:

       # cp -p modload/libafs.nonfs.o /kernel/fs/afs   
    

    If the machine is running the 64-bit version of Solaris 7, its kernel supports NFS server functionality, and the nfsd process is running:

       # cp -p modload/libafs64.o /kernel/fs/sparcv9/afs   
    

    If the machine is running the 64-bit version of Solaris 7, and its kernel does not support NFS server functionality or the nfsd process is not running:

       # cp -p modload/libafs64.nonfs.o /kernel/fs/sparcv9/afs
    
  4. Run the AFS initialization script to load AFS modifications into the kernel. You can ignore any error messages about the inability to start the BOS Server or the Cache Manager or AFS client.

       # /etc/init.d/afs start   
    

    When an entry called afs does not already exist in the local /etc/name_to_sysnum file, the script automatically creates it and reboots the machine to start using the new version of the file. If this happens, log in again as the superuser root after the reboot and run the initialization script again. This time the required entry exists in the /etc/name_to_sysnum file, and the modload program runs.

       login: root
       Password: root_password
       # /etc/init.d/afs start
    

Enabling AFS Login on Solaris Systems

At this point you incorporate AFS into the operating system's Pluggable Authentication Module (PAM) scheme. PAM integrates all authentication mechanisms on the machine, including login, to provide the security infrastructure for authenticated access to and from the machine.

In modern AFS installations, you should be using Kerberos v5 for user login, and obtaining AFS tokens subsequent to this authentication step. OpenAFS does not currently distribute a PAM module allowing AFS tokens to be automatically gained at login. Some of these, such as pam-krb5 and pam-afs-session from http://www.eyrie.org/~eagle/software/ or pam_afs2 from ftp://achilles.ctd.anl.gov/pub/DEE/pam_afs2-0.1.tar, have been tested with Solaris.

If you are at a site which still requires kaserver or external Kerberos v4 based authentication, please consult Enabling kaserver based AFS Login on Solaris Systems for further installation instructions.

Editing the File Systems Clean-up Script on Solaris Systems

  1. Some Solaris distributions include a script that locates and removes unneeded files from various file systems. Its conventional location is /usr/lib/fs/nfs/nfsfind. The script generally uses an argument to the find command to define which file systems to search. In this step you modify the command to exclude the /afs directory. Otherwise, the command traverses the AFS filespace of every cell that is accessible from the machine, which can take many hours. The following alterations are possibilities, but you must verify that they are appropriate for your cell.

    The first possible alteration is to add the -local flag to the existing command, so that it looks like the following:

       find $dir -local -name .nfs\* -mtime +7 -mount -exec rm -f {} \;   
    

    Another alternative is to exclude any directories whose names begin with the lowercase letter a or a non-alphabetic character.

       find /[A-Zb-z]*  remainder of existing command   
    

    Do not use the following command, which still searches under the /afs directory, looking for a subdirectory of type 4.2.

       find / -fstype 4.2     /* do not use */
    
  2. Proceed to Loading and Creating Client Files.