From: Sam Hartman Date: Mon, 27 Nov 2000 08:25:54 +0000 (+0000) Subject: Changes for new version X-Git-Tag: debian/1.0.snap20001106-7~1 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=a21fc2e497c664e4ea67aa77226f564e6e5bfe8a;p=packages%2Fo%2Fopenafs.git Changes for new version --- diff --git a/debian/README.servers b/debian/README.servers index e518a5aa5..af6c16e43 100644 --- a/debian/README.servers +++ b/debian/README.servers @@ -1,9 +1,7 @@ Setting up a Debian OpennAFS Server -Currently, most of the configuration mechanisms are not present for -setting up a Debian server. These packages include the binaries with -appropriate FHS-compatible path names. Here is a rough map from the -AFS paths to the Debian paths: +These packages include binaries with FHS-compatible path names. Here +is a map from AFS paths to FHS paths: /usr/afs/etc /etc/openafs/server /usr/afs/local /etc/openafs/server-local @@ -11,9 +9,15 @@ AFS paths to the Debian paths: /usr/afs/logs /var/log/openafs /usr/afs/bin /usr/lib/openafs -The main problem linking the AFS configuration model into the Debian -model is how to deal with synchronization of servers. Once this is -resolved, support for configuring the servers directly will be added. + +Scripts are provided to configure a single database/file server. The +afs-newcell script sets up the initial databases and configures +bosserver. After running this script, get tokens in the cell and run +the afs-rootvol script to populate the root volume and root.cell. A +sample transcript of configuring an AFS cell can be found in +/usr/share/doc/openafs-dbserver/configuration-transcript.txt.gz. This +transcript assumes you are using MIT Kerberos and the openafs-krb5 +package. Similar steps could be taken with Heimdal. Another issue is upgrades. It is likely that futurue versions of this package will install for example /usr/lib/openafs/fileserver.package @@ -24,13 +28,20 @@ the new versions. The intent is that people could install the new package on all their servers and then quickly move the links before restarting the bosserver. - Things to do for manual config + Adding Additional Servers + +If you decide one server is not enough, here is roughly what needs to +happen: + +1) Copy securely (using scp , encrypted Kerberized rcp or some other + secure method) /etc/openafs/server to the new server. + +2) Start a bosserver. -* Create /etc/openafs/server/CellServDB only with the server's cell -* create /etc/openafs/server/KeyFile -- good luck finding out how -* start bosserver -* add ptserver and vlserver -* create prdb (again good luck without starting in noauth) -* Create vldb -* add fileserver process +3) If the machine is to be a file server, create an fs instance using + bos create. For file servers this is all you need to do. +4) For database servers, you also need to do a bos addhost on all + servers (including the new server) to add the new server to + /etc/openafs/server/CellServDB. Then create ptserver and vlserver + instances. diff --git a/debian/afs-newcell b/debian/afs-newcell index 3d622a919..79ad38981 100644 --- a/debian/afs-newcell +++ b/debian/afs-newcell @@ -3,12 +3,46 @@ use Term::ReadLine; use strict; use Debian::OpenAFS::ConfigUtils; +use Getopt::Long; use vars qw($admin $server $requirements_met $shutdown_needed); my $rl = new Term::ReadLine('afs-newcell'); $shutdown_needed = 1; + +=head1 NAME + + afs-newcell - Set up initial database server for AFS cell. + +=head1 SYNOPSIS + +B [B<--requirements-met>] [B<--admin> admin_user] + +=head1 DESCRIPTION + + +This script sets up the initial AFS database and configures the first +database/file server. + +The B option specifies that the initial requirements +have been met and that the script can proceed without displaying the +initial banner or asking for confirmation. + +The B option specifies the name of the administrative user. +This user will be given system:administrators and susers permission in +the cell. + +=head1 AUTHOR + +Sam Hartman + +=cut + # main script +GetOptions ( + "requirements-met" => \$requirements_met, + "admin=s" => \$admin); + unless ($requirements_met) { print <readline("What administrative principal should be used?"); +$admin = $rl->readline("What administrative principal should be used?") unless $admin; die "Please specify an administrative user\n" unless $admin; $admin =~ s:/:.:g; if($admin =~ /@/) { diff --git a/debian/changelog b/debian/changelog index 6d053bd9b..3d200a5fb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,15 @@ +openafs (1.0.snap20001106-7) unstable; urgency=low + + * Add command line options to afs-newcell + * Fix control.module for real this time. + * Add kpasswd and kas to the openafs-kpasswd package. + * Add manpage for afs-newcell and many undocumented links. + * Remove PAM module from libopenafs-dev. + * Instal udebug, pagsh, cmdebug. + * Remove execute bit from some includes in /usr/include. + + -- Sam Hartman Mon, 27 Nov 2000 03:02:57 -0500 + openafs (1.0.snap20001106-6) unstable; urgency=medium * Add config option to disable client on boot diff --git a/debian/configuration-transcript.txt b/debian/configuration-transcript.txt new file mode 100644 index 000000000..857bff32b --- /dev/null +++ b/debian/configuration-transcript.txt @@ -0,0 +1,413 @@ + +snorklewacker:/# apt-get -q install openafs-dbserver openafs-krb5 krb5-admin-server +Reading Package Lists... +Building Dependency Tree... +The following extra packages will be installed: + krb5-kdc krb5-user libkrb53 openafs-client openafs-fileserver openafs-ptutil +The following NEW packages will be installed: + krb5-admin-server krb5-kdc krb5-user libkrb53 openafs-client openafs-dbserver + openafs-fileserver openafs-krb5 openafs-ptutil +0 packages upgraded, 9 newly installed, 0 to remove and 22 not upgraded. +Need to get 2264kB of archives. After unpacking 5939kB will be used. +Do you want to continue? [Y/n] y +Get:1 http://www.mit.edu packages/ krb5-admin-server 1.2.1-5 [174kB] +Get:2 http://www.mit.edu packages/ krb5-kdc 1.2.1-5 [173kB] +Get:3 http://www.mit.edu packages/ krb5-user 1.2.1-5 [154kB] +Get:4 http://www.mit.edu packages/ libkrb53 1.2.1-5 [337kB] +Get:5 http://www.mit.edu packages/ openafs-client 1.0.snap20001106-6 [662kB] +Get:6 http://www.mit.edu packages/ openafs-dbserver 1.0.snap20001106-6 [211kB] +Get:7 http://www.mit.edu packages/ openafs-fileserver 1.0.snap20001106-6 [427kB] +Get:8 http://www.mit.edu packages/ openafs-krb5 1.3-3 [96.5kB] +Get:9 http://www.mit.edu packages/ openafs-ptutil 0.0.snap20001123-1 [30.3kB] +Fetched 2264kB in 8s (253kB/s) +Preconfiguring packages .. +Configuring Libkrb53 +-------------------- + + + When users attempt to use Kerberos and specify a principal or user + name without specifying what administrative Kerberos realm that + principal belongs to, the system appends the default realm. + Normally default realm is the upper case version of the local DNS + domain. + +What is the default Kerberos realm? [ATHENA.MIT.EDU] SNORKLEWACKER.MIT.EDU + +Configuring Krb5-kdc +-------------------- + +By default, Kerberos4 requests are allowed from principals that do not require +preauthentication. This allows Kerberos4 services to exist while requiring +most users to use Kerberos5 clients to get their initial tickets. These +tickets can then be converted to Kerberos4 tickets. Alternatively, the mode +can be set to full, allowing Kerberos4 to get initial tickets even when +preauthentication would normally be required, or to disable, which will +disable all Kerberos4 support. + + d. disable f. full n. nopreauth + +What Kerberos4 compatibility mode should be used? [n] + +Configuring Krb5-admin-server +----------------------------- + +Setting up a Kerberos Realm + + This package contains the administrative tools necessary to run on + the Kerberos master server. However, installing this package does + not automatically set up a Kerberos realm. Doing so requires + entering passwords and as such is not well-suited for package + installation. To create the realm, run the krb5_newrealm command. + You may also wish to read /usr/share/doc/krb5-kdc/README.KDC and the + administration guide found in the krb5-doc package. + . + Don't forget to set up DNS information so your clients can find your + KDC and admin servers. Doing so is documented in the administration + guide. + +Configuring Openafs-client +-------------------------- + + + AFS filespace is organized into cells or administrative domains. +[More] + Each workstation belongs to one cell. Usually the cell is the DNS + domain name of the workstation. + +What AFS cell does this workstation belong to? snorklewacker.mit.edu + + + AFS uses a area of the disk to cache remote files for faster + access. This cache will be mounted on /var/cache/openafs. It is + important that the cache not overfill the partition it is located + on. Often, people find it useful to dedicate a partition to their + AFS cache. + +How large is your AFS cache (kb)? [50000] 95000 + +Configuring Openafs-fileserver +------------------------------ + +Selecting previously deselected package libkrb53. +(Reading database ... 28342 files and directories currently installed.) +Unpacking libkrb53 (from .../libkrb53_1.2.1-5_i386.deb) ... +Selecting previously deselected package krb5-user. +Unpacking krb5-user (from .../krb5-user_1.2.1-5_i386.deb) ... +Selecting previously deselected package krb5-kdc. +Unpacking krb5-kdc (from .../krb5-kdc_1.2.1-5_i386.deb) ... +Selecting previously deselected package krb5-admin-server. +Unpacking krb5-admin-server (from .../krb5-admin-server_1.2.1-5_i386.deb) ... +Selecting previously deselected package openafs-client. +Unpacking openafs-client (from .../openafs-client_1.0.snap20001106-6_i386.deb) ... +Selecting previously deselected package openafs-fileserver. +Unpacking openafs-fileserver (from .../openafs-fileserver_1.0.snap20001106-6_i386.deb) ... +Selecting previously deselected package openafs-ptutil. +Unpacking openafs-ptutil (from .../openafs-ptutil_0.0.snap20001123-1_i386.deb) ... +Selecting previously deselected package openafs-dbserver. +Unpacking openafs-dbserver (from .../openafs-dbserver_1.0.snap20001106-6_i386.deb) ... +Selecting previously deselected package openafs-krb5. +Unpacking openafs-krb5 (from .../openafs-krb5_1.3-3_i386.deb) ... +Setting up openafs-client (1.0.snap20001106-6) ... +Configuring Openafs-client +-------------------------- + +AFS uses the file /etc/openafs/CellServDB to hold the list of servers that +should be contacted to find parts of a cell. The cell you claim this +workstation belongs to is not in that file. Enter the host names of the +database servers separated by spaces. IMPORTANT: If you are creating a new +cell and this machine is to be a database server in that cell, only enter this +machine's name; add the other servers later after they are functioning. Also, +do not enable the AFS client to start at boot on this server until the cell is +configured. When you are ready you can edit /etc/openafs/afs.conf.client to +enable the client. + +What hosts are DB servers for your home cell?snorklewacker.mit.edu + +Should the Openafs filesystem be started and mounted at boot? Normally, most +users who install the openafs-client package expect to run it at boot. +However, if you are planning on setting up a new cell or are on a laptop, you +may not want it started at boot time. If you answer no to this question, run +/etc/init.d/openafs-client force-start to run. + +Run Openafs client at boot? [yes] n + +Starting AFS services: +Setting up openafs-fileserver (1.0.snap20001106-6) ... +Starting AFS Server: ===================== U.S. Government Restricted Rights ====================== +If you are licensing the Software on behalf of the U.S. Government +("Government"), the following provisions apply to you. If the Software is +supplied to the Department of Defense ("DoD"), it is classified as "Commercial +Computer Software" under paragraph 252.227-7014 of the DoD Supplement to the +Federal Acquisition Regulations ("DFARS") (or any successor regulations) +and the Government is acquiring only the license rights granted herein (the +license rights customarily provided to non-Government users). If the Software +is supplied to any unit or agency of the Government other than DoD, it is +classified as "Restricted Computer Software" and the Government's rights in +the Software are defined in paragraph 52.227-19 of the Federal Acquisition +Regulations ("FAR") (or any successor regulations) or, in the case of NASA, +in paragraph 18.52.227-86 of the NASA Supplement in the FAR (or any successor +regulations). +bosserver. + +Setting up openafs-ptutil (0.0.snap20001123-1) ... + +Setting up openafs-dbserver (1.0.snap20001106-6) ... + +Setting up libkrb53 (1.2.1-5) ... + +Setting up krb5-user (1.2.1-5) ... + +Setting up krb5-kdc (1.2.1-5) ... + +Setting up krb5-admin-server (1.2.1-5) ... + +Setting up openafs-krb5 (1.3-3) ... + +snorklewacker:/# krb5_newrealm +This script should be run on the master KDC/admin server to initialize +a Kerberos realm. It will ask you to type in a master key password. +This password will be used to generate a key that is stored in +/etc/krb5kdc/stash. You should try to remember this password, but it +is much more important that it be a strong password than that it be +remembered. However, if you lose the password and /etc/krb5kdc/stash, +you cannot decrypt your Kerberos database. +Initializing database '/var/lib/krb5kdc/principal' for realm 'SNORKLEWACKER.MIT.EDU', +master key name 'K/M@SNORKLEWACKER.MIT.EDU' +You will be prompted for the database Master Password. +It is important that you NOT FORGET this password. +Enter KDC database master key:foo + +Re-enter KDC database master key to verify:foo + +Authenticating as principal hartmans/admin@ATHENA.MIT.EDU with password. +Entry for principal kadmin/admin with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5kdc/kadm5.keytab. +Entry for principal kadmin/admin with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5kdc/kadm5.keytab. +Authenticating as principal hartmans/admin@ATHENA.MIT.EDU with password. +Entry for principal kadmin/changepw with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5kdc/kadm5.keytab. +Entry for principal kadmin/changepw with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5kdc/kadm5.keytab. +Starting Kerberos KDC: krb5kdc krb524d. +Starting Kerberos Administration Servers: kadmind. + + +Now that your realm is set up you may wish to create an administrative +principal using the addprinc subcommand of the kadmin.local program. +Then, this principal can be added to /etc/krb5kdc/kadm5.acl so that +you can use the kadmin program on other computers. Kerberos admin +principals usually belong to a single user and end in /admin. For +example, if jruser is a Kerberos administrator, then in addition to +the normal jruser principal, a jruser/admin principal should be +created. + +Don't forget to set up DNS information so your clients can find your +KDC and admin servers. Doing so is documented in the administration +guide. +snorklewacker:/# kadmin.local -e des-cbc-crc:v4 +Authenticating as principal hartmans/admin@ATHENA.MIT.EDU with password. +kadmin.local: addprinc -randkey afs +addprinc -randkey afs +WARNING: no policy specified for afs@SNORKLEWACKER.MIT.EDU; defaulting to no policy +Principal "afs@SNORKLEWACKER.MIT.EDU" created. +kadmin.local: ktadd -k /tmp/snork.keytab afs +ktadd -k /tmp/snork.keytab afs +Entry for principal afs with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/tmp/snork.keytab. +kadmin.local: quit +quit +snorklewacker:/# kadmin.local +kadmin.local +Authenticating as principal hartmans/admin@ATHENA.MIT.EDU with password. +kadmin.local: addprinc hartmans +addprinc hartmans +WARNING: no policy specified for hartmans@SNORKLEWACKER.MIT.EDU; defaulting to no policy +Enter password for principal "hartmans@SNORKLEWACKER.MIT.EDU": foo + +Re-enter password for principal "hartmans@SNORKLEWACKER.MIT.EDU": foo + +Principal "hartmans@SNORKLEWACKER.MIT.EDU" created. +kadmin.local: quit +quit +snorklewacker:/# asetkey add 3 /tmp/snork.keytab afs +asetkey add 3 /tmp/snork.keytab afs +snorklewacker:/# snorklewacker:/# dd if=/dev/zero of=/var/lib/openafs/vicepa bs=1024k count=32 +32+0 records in +32+0 records out +snorklewacker:/# mke2fs /var/lib/openafs/vicepa +mke2fs 1.19, 13-Jul-2000 for EXT2 FS 0.5b, 95/08/09 +/var/lib/openafs/vicepa is not a block special device. +Proceed anyway? (y,n) y +Filesystem label= +OS type: Linux +Block size=1024 (log=0) +Fragment size=1024 (log=0) +8192 inodes, 32768 blocks +1638 blocks (5.00%) reserved for the super user +First data block=1 +4 block groups +8192 blocks per group, 8192 fragments per group +2048 inodes per group +Superblock backups stored on blocks: + 8193, 24577 + +Writing inode tables: 0/41/42/43/4done +Writing superblocks and filesystem accounting information: done +snorklewacker:/# mount -oloop /var/lib/openafs/vicepa /vicepa + +snorklewacker:/# afs-newcell + Prerequisites + +In order to set up a new AFS cell, you must meet the following: + +1) You need a working Kerberos realm with Kerberos4 support. You + should install Heimdal with Kth-kerberos compatibility or MIT + Kerberos5. + +2) You need to create the AFS key and load it into + /etc/openafs/server/KeyFile. If your cell's name is the same as + your Kerberos realm then create a principal called afs. Otherwise, + create a principal called afs/cellname in your realm. The cell + name should be all lower case, unlike Kerberos realms which are all + upper case. You can use asetkey from the openafs-krb5 package, or + if you used AFS3 salt to create the key, the bos addkey command. + +3) This machine should have a filesystem mounted on /vicepa. If you + do not have a free partition, then create a large file by using dd + to extract bytes from /dev/zero. Create a filesystem on this file + and mount it using -oloop. + +4) You will need an administrative principal created in a Kerberos +realm. This principal will be added to susers and +system:administrators and thus will be able to run administrative +commands. Generally the user is a root instance of some administravie +user. For example if jruser is an administrator then it would be +reasonable to create jruser/root and specify jruser/root as the user +to be added in this script. + +5) The AFS client must not be running on this workstation. It will be +at the end of this script. + +Do you meet these requirements? [y/n] y +If the fileserver is not running, this may hang for 30 seconds. +/etc/init.d/openafs-fileserver stop +Stopping AFS Server: bosserver. +What administrative principal should be used?hartmans +echo \>snorklewacker.mit.edu >/etc/openafs/server/CellServDB +/etc/init.d/openafs-fileserver start +Starting AFS Server: ===================== U.S. Government Restricted Rights ====================== +If you are licensing the Software on behalf of the U.S. Government +("Government"), the following provisions apply to you. If the Software is +supplied to the Department of Defense ("DoD"), it is classified as "Commercial +Computer Software" under paragraph 252.227-7014 of the DoD Supplement to the +Federal Acquisition Regulations ("DFARS") (or any successor regulations) +and the Government is acquiring only the license rights granted herein (the +license rights customarily provided to non-Government users). If the Software +is supplied to any unit or agency of the Government other than DoD, it is +classified as "Restricted Computer Software" and the Government's rights in +the Software are defined in paragraph 52.227-19 of the Federal Acquisition +Regulations ("FAR") (or any successor regulations) or, in the case of NASA, +in paragraph 18.52.227-86 of the NASA Supplement in the FAR (or any successor +regulations). +bosserver. +bos addhost snorklewacker snorklewacker -localauth ||true +bos adduser snorklewacker hartmans -localauth +pt_util: /var/lib/openafs/db/prdb.DB0: Bad UBIK_MAGIC. Is 0 should be 354545 +Ubik Version is: 2.0 +Error while creating system:administrators: Entry for id already exists +pt_util: Ubik Version number changed during execution. +Old Version = 2.0, new version = 33554432.0 +bos create snorklewacker ptserver simple /usr/lib/openafs/ptserver -localauth +bos create snorklewacker vlserver simple /usr/lib/openafs/vlserver -localauth +bos create snorklewacker fs fs -cmd /usr/lib/openafs/fileserver -cmd /usr/lib/openafs/volserver -cmd /usr/lib/openafs/salvager -localauth +Waiting for database elections: done. +vos create snorklewacker a root.afs -localauth +Volume 536870924 created on partition /vicepa of snorklewacker +echo snorklewacker.mit.edu >/etc/openafs/ThisCell +/etc/init.d/openafs-client force-start +Starting AFS services: ===================== U.S. Government Restricted Rights ====================== +If you are licensing the Software on behalf of the U.S. Government +("Government"), the following provisions apply to you. If the Software is +supplied to the Department of Defense ("DoD"), it is classified as "Commercial +Computer Software" under paragraph 252.227-7014 of the DoD Supplement to the +Federal Acquisition Regulations ("DFARS") (or any successor regulations) +and the Government is acquiring only the license rights granted herein (the +license rights customarily provided to non-Government users). If the Software +is supplied to any unit or agency of the Government other than DoD, it is +classified as "Restricted Computer Software" and the Government's rights in +the Software are defined in paragraph 52.227-19 of the Federal Acquisition +Regulations ("FAR") (or any successor regulations) or, in the case of NASA, +in paragraph 18.52.227-86 of the NASA Supplement in the FAR (or any successor +regulations). +afsd: All AFS daemons started. + afsd. +Now, get tokens as hartmans in the snorklewacker.mit.edu cell. Then, run +afs-rootvol. +snorklewacker:/# +snorklewacker:/# kinit hartmans +Password for hartmans@SNORKLEWACKER.MIT.EDU: foo + +snorklewacker:/# aklog snorklewacker.mit.edu -k SNORKLEWACKER.MIT.EDU +snorklewacker:/# afs-rootvol + Prerequisites + +In order to set up the root.afs volume, you must meet the following pre-conditions: + +1) The cell must be configured, running a database server with a + volume location and protection server. + +2) You must be logged into the cell with tokens in + system:administrators and with a principal that is in the susers + file of the servers in the cell. + +3) You need a fileserver in the cell with partitions mounted and a root.afs volume created. + Presumably, it has no volumes on it, although the script will work + so long as nothing besides root.afs exists. + +4) The AFS client must be running pointed at the new cell. +Do you meet these conditions? (Y/n) y +You will need to select a server (hostname) and AFS +partition on which to create the root volumes. +What AFS Server should volumes be placed on? snorklewacker +What partition? [a] +fs sa /afs system:anyuser rl +vos create snorklewacker a root.cell -localauth +Volume 536870927 created on partition /vicepa of snorklewacker +fs mkm /afs/snorklewacker.mit.edu root.cell -cell snorklewacker.mit.edu +fs mkm /afs/andrew.cmu.edu root.cell -cell andrew.cmu.edu +fs mkm /afs/cs.cmu.edu root.cell -cell cs.cmu.edu +fs mkm /afs/ece.cmu.edu root.cell -cell ece.cmu.edu +fs mkm /afs/athena.mit.edu root.cell -cell athena.mit.edu +fs mkm /afs/dev.mit.edu root.cell -cell dev.mit.edu +fs mkm /afs/net.mit.edu root.cell -cell net.mit.edu +fs mkm /afs/sipb.mit.edu root.cell -cell sipb.mit.edu +fs mkm /afs/ir.stanford.edu root.cell -cell ir.stanford.edu +fs mkm /afs/umr.edu root.cell -cell umr.edu +fs mkm /afs/dementia.org root.cell -cell dementia.org +fs sa /afs/snorklewacker.mit.edu system:anyuser rl +fs mkm /afs/.snorklewacker.mit.edu root.cell -cell snorklewacker.mit.edu -rw +fs mkm /afs/.root.afs root.afs -rw +vos create snorklewacker a user -localauth +Volume 536870930 created on partition /vicepa of snorklewacker +fs mkm /afs/snorklewacker.mit.edu/user user +fs sa /afs/snorklewacker.mit.edu/user system:anyuser rl +vos create snorklewacker a service -localauth +Volume 536870933 created on partition /vicepa of snorklewacker +fs mkm /afs/snorklewacker.mit.edu/service service +fs sa /afs/snorklewacker.mit.edu/service system:anyuser rl +ln -s /afs/snorklewacker.mit.edu /afs/snorklewacker +ln -s /afs/.snorklewacker.mit.edu /afs/.snorklewacker +vos addsite snorklewacker a root.afs -localauth +Added replication site snorklewacker /vicepa for volume root.afs +vos addsite snorklewacker a root.cell -localauth +Added replication site snorklewacker /vicepa for volume root.cell +vos release root.afs -localauth +Released volume root.afs successfully +vos release root.cell -localauth +Released volume root.cell successfully +snorklewacker:/# ls /afs +andrew.cmu.edu dementia.org ir.stanford.edu snorklewacker +athena.mit.edu dev.mit.edu net.mit.edu snorklewacker.mit.edu +cs.cmu.edu ece.cmu.edu sipb.mit.edu umr.edu +snorklewacker:/# ls /afs/athena.mit.edu +activity contrib dept project service system +astaff course org reference software user +snorklewacker:/# ls /afs/snorklewacker +service user +snorklewacker:/# \ No newline at end of file diff --git a/debian/control b/debian/control index 8d20d6aae..c3c76bdc3 100644 --- a/debian/control +++ b/debian/control @@ -17,20 +17,22 @@ Description: The AFS distributed filesystem- client support This package provides basic client support to mount and manipulate AFS. -Package: openafs-fileserver +Package: openafs-kpasswd +Priority: extra Architecture: i386 -Depends: ${shlibs:Depends}, debconf, openafs-client (= ${Source-Version}) -Description: The AFS distributed filesystem- file server +Depends: ${shlibs:Depends}, openafs-client (= ${Source-Version}) +Conflicts: krb5-user, heimdal-clients +Description: The AFS distributed filesystem- old password changing AFS is a distributed filesystem allowing cross-platform sharing of files among multiple computers. Facilities are provided for access control, authentication, backup and administrative management. . - This package provides the AFS fileserver binaries. It should be - installed on any machine that will export files into AFS. + This package provides kpasswd and kas, utilities needed by the + Transarc kaserver to create users and change passwords. Package: openafs-dbserver Architecture: i386 -Depends: ${shlibs:Depends}, debconf, openafs-fileserver (= ${Source-Version}), perl5, openafs-ptutil +Depends: ${shlibs:Depends}, debconf, openafs-fileserver (= ${Source-Version}), openafs-client (= ${Source-Version}), perl5, openafs-ptutil Description: The AFS distributed filesystem- database server AFS is a distributed filesystem allowing cross-platform sharing of files among multiple computers. Facilities are provided for access diff --git a/debian/control.module b/debian/control.module index 30e44abb5..1e22f336e 100644 --- a/debian/control.module +++ b/debian/control.module @@ -1,12 +1,11 @@ Source: openafs -Section: non-us +Section: non-us/main Priority: optional Maintainer: Sam Hartman Standards-Version: 3.1.1 Package: openafs-modules-=KVERS Conflicts: openafs-client (= 1.0.snap20001103-1) - Depends: openafs-client Provides: openafs-modules Architecture: any diff --git a/debian/control.module-image b/debian/control.module-image index 37e10d809..bcb35e5f0 100644 --- a/debian/control.module-image +++ b/debian/control.module-image @@ -1,5 +1,5 @@ Source: openafs -Section: non-us +Section: non-us/main Priority: optional Maintainer: Sam Hartman Standards-Version: 3.1.1 diff --git a/debian/filelist b/debian/filelist index 57264c7a4..eb2e82c80 100644 --- a/debian/filelist +++ b/debian/filelist @@ -1,7 +1,9 @@ openafs-client/usr/bin bin/fs bin/pts bin/bos etc/vos bin/tokens +openafs-client/usr/bin bin/udebug bin/cmdebug bin/pagsh openafs-client/usr/sbin root.client/usr/vice/etc/afsd openafs-client/usr/bin bin/klog bin/kpwvalid bin/unlog openafs-fileserver/usr/lib/openafs root.server/usr/afs/bin/fileserver root.server/usr/afs/bin/volserver +openafs-kpasswd/usr/bin bin/kpasswd etc/kas openafs-fileserver/usr/sbin root.server/usr/afs/bin/bosserver openafs-fileserver/usr/lib/openafs root.server/usr/afs/bin/salvager openafs-dbserver/usr/lib/openafs root.server/usr/afs/bin/vlserver diff --git a/debian/openafs-client.dirs b/debian/openafs-client.dirs index 4d84506fd..2df263703 100644 --- a/debian/openafs-client.dirs +++ b/debian/openafs-client.dirs @@ -1,4 +1,3 @@ -afs var/cache/openafs etc/openafs etc/init.d diff --git a/debian/openafs-client.postinst b/debian/openafs-client.postinst index 200339a17..7bffd1e66 100644 --- a/debian/openafs-client.postinst +++ b/debian/openafs-client.postinst @@ -15,7 +15,8 @@ set -e case "$1" in configure) - . /usr/share/debconf/confmodule + test -d /afs || mkdir /afs + . /usr/share/debconf/confmodule db_version 2.0 diff --git a/debian/openafs-client.postrm b/debian/openafs-client.postrm index 7c5b3e845..08fa0b564 100644 --- a/debian/openafs-client.postrm +++ b/debian/openafs-client.postrm @@ -18,6 +18,7 @@ set -e case "$1" in purge) + rmdir /afs 2>/dev/null || true rm /etc/openafs/cacheinfo 2>/dev/null ||true rm /etc/openafs/CellServDB 2>/dev/null ||true rm /etc/openafs/ThisCell 2>/dev/null ||true diff --git a/debian/openafs-client.undocumented b/debian/openafs-client.undocumented new file mode 100644 index 000000000..e95d61298 --- /dev/null +++ b/debian/openafs-client.undocumented @@ -0,0 +1,12 @@ +afsd.8 +bos.1 +cmdebug.1 +fs.1 +klog.1 +kpwvalid.1 +pagsh.1 +pts.1 +tokens.1 +udebug.1 +unlog.1 +vos.1 diff --git a/debian/openafs-dbserver.dirs b/debian/openafs-dbserver.dirs index 7906da13b..8d5356674 100644 --- a/debian/openafs-dbserver.dirs +++ b/debian/openafs-dbserver.dirs @@ -1,3 +1,4 @@ +usr/share/doc var/lib/openafs/db usr/share/man/man8 usr/sbin diff --git a/debian/openafs-fileserver.dirs b/debian/openafs-fileserver.dirs index 47613841b..719aa3cfd 100644 --- a/debian/openafs-fileserver.dirs +++ b/debian/openafs-fileserver.dirs @@ -1,3 +1,4 @@ +usr/share/doc var/log/openafs etc/openafs/server etc/openafs/server-local diff --git a/debian/openafs-fileserver.docs b/debian/openafs-fileserver.docs deleted file mode 100644 index 49fda707e..000000000 --- a/debian/openafs-fileserver.docs +++ /dev/null @@ -1 +0,0 @@ -debian/README.servers diff --git a/debian/openafs-fileserver.undocumented b/debian/openafs-fileserver.undocumented new file mode 100644 index 000000000..49eaaa453 --- /dev/null +++ b/debian/openafs-fileserver.undocumented @@ -0,0 +1 @@ +bosserver.8 diff --git a/debian/openafs-kpasswd.dirs b/debian/openafs-kpasswd.dirs new file mode 100644 index 000000000..7276ecdef --- /dev/null +++ b/debian/openafs-kpasswd.dirs @@ -0,0 +1 @@ +usr/share/doc diff --git a/debian/openafs-kpasswd.undocumented b/debian/openafs-kpasswd.undocumented new file mode 100644 index 000000000..bee593a96 --- /dev/null +++ b/debian/openafs-kpasswd.undocumented @@ -0,0 +1,2 @@ +kpasswd.1 +kas.1 diff --git a/debian/rules b/debian/rules index 5ca2a7023..385b51d13 100755 --- a/debian/rules +++ b/debian/rules @@ -75,6 +75,9 @@ install: build dh_clean -k dh_installdirs + for pkg in openafs-dbserver openafs-fileserver openafs-kpasswd; do \ + ln -s openafs-client debian/$$pkg/usr/share/doc/$$pkg; \ + done # Add here commands to install the package into debian/tmp. cat debian/filelist |sh debian/movefiles cp dest/root.client/usr/vice/etc/afs.rc debian/openafs-client.init @@ -82,10 +85,17 @@ install: build install -m 755 -o root -g root debian/afs-rootvol debian/openafs-dbserver/usr/sbin install -g root -o root -m 755 debian/afs-newcell \ debian/openafs-dbserver/usr/sbin - install -D debian/ConfigUtils.pm \ + install -D -m 644 debian/ConfigUtils.pm \ debian/openafs-dbserver/usr/lib/perl5/Debian/OpenAFS/ConfigUtils.pm (cd debian&&pod2man --section 8 --center "Debian GNU/Linux" \ afs-rootvol ) >debian/openafs-dbserver/usr/share/man/man8/afs-rootvol.8 + (cd debian&&pod2man --section 8 --center "Debian GNU/Linux" \ + afs-newcell ) >debian/openafs-dbserver/usr/share/man/man8/afs-newcell.8 + # No, includes should not have the x bit set + find debian/libopenafs-dev/usr/include -type f -print | \ + xargs chmod a-x + # And drop the pam modules + rm debian/libopenafs-dev/usr/lib/*pam* # Build architecture-independent files here. # Pass -i to all debhelper commands in this target to reduce clutter. @@ -105,7 +115,7 @@ binary-indep: build install binary-source dh_installcron # dh_installmanpages dh_installinfo -# dh_undocumented + dh_undocumented dh_installchangelogs dh_link dh_compress @@ -136,7 +146,7 @@ binary-arch: build install dh_installcron # dh_installmanpages dh_installinfo -# dh_undocumented + dh_undocumented dh_installchangelogs dh_strip dh_link