From ca66b1aff35b31a944679656ca71546768c91c47 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Wed, 5 Nov 2014 14:26:36 -0500 Subject: [PATCH] Deorbit HP-UX-specific QuickStartGuide bits Get the rest of them all at once. Change-Id: Idb33746d43a4a1a9f41e21d7f6d81360ecdd952e Reviewed-on: http://gerrit.openafs.org/11591 Reviewed-by: Chas Williams - CONTRACTOR Tested-by: BuildBot Reviewed-by: Benjamin Kaduk --- doc/xml/QuickStartUnix/appendix.xml | 208 ---------------- doc/xml/QuickStartUnix/auqbg005.xml | 71 ------ doc/xml/QuickStartUnix/auqbg006.xml | 356 ---------------------------- doc/xml/QuickStartUnix/auqbg007.xml | 317 ------------------------- 4 files changed, 952 deletions(-) diff --git a/doc/xml/QuickStartUnix/appendix.xml b/doc/xml/QuickStartUnix/appendix.xml index 612e6fc6d..412eef542 100644 --- a/doc/xml/QuickStartUnix/appendix.xml +++ b/doc/xml/QuickStartUnix/appendix.xml @@ -627,11 +627,6 @@ ll name> Enabling AFS Login on AIX Systems - - - Enabling AFS Login on HP-UX Systems - - Enabling AFS Login on Linux Systems @@ -784,209 +779,6 @@ ll name> - - Enabling kaserver based AFS Login on HP-UX systems - - At this point you incorporate AFS into the operating system's - Pluggable Authentication Module (PAM) scheme. PAM integrates all - authentication mechanisms on the machine, including login, to provide - the security infrastructure for authenticated access to and from the - machine. - - Explaining PAM is beyond the scope of this document. It is - assumed that you understand the syntax and meanings of settings in the - PAM configuration file (for example, how the - other entry works, the effect of - marking an entry as required, - optional, or - sufficient, and so on). - - The following instructions explain how to alter the entries in - the PAM configuration file for each service for which you - wish to use AFS authentication. Other configurations possibly also - work, but the instructions specify the recommended and - tested configuration. - - - The instructions specify that you mark each entry as - optional. However, marking some - modules as optional can mean that they grant access to the - corresponding service even when the user does not meet all of the - module's requirements. In some operating system revisions, for - example, if you mark as optional the module that controls - login via a dial-up connection, it allows users to login without - providing a password. See the OpenAFS Release - Notes for a discussion of any limitations that apply to - this operating system. - - Also, with some operating system versions you must install - patches for PAM to interact correctly with certain - authentication programs. For details, see the - OpenAFS Release Notes. - - - The recommended AFS-related entries in the PAM configuration - file make use of one or more of the following three - attributes. - - - try_first_pass - - - This is a standard PAM attribute that can be included on - entries after the first one for a service; it directs - the module to use the password that was provided to the first - module. For the AFS module, it means that AFS - authentication succeeds if the password provided to the module - listed first is the user's correct AFS password. For - further discussion of this attribute and its alternatives, see - the operating system's PAM documentation. - - - - - ignore_root - - - This attribute, specific to the AFS PAM module, directs it - to ignore not only the local superuser root, but also any user with UID 0 - (zero). - - - - - setenv_password_expires - - - This attribute, specific to the AFS PAM module, sets the - environment variable PASSWORD_EXPIRES to the expiration - date of the user's AFS password, which is recorded in the - Authentication Database. - - - - - - Perform the following steps to enable AFS login. - - - Unpack the OpenAFS Binary Distribution for HP-UX into the - /tmp/afsdist directory, if it is - not already. - Then change directory as indicated. - - # cd /usr/lib/security - - - - - Copy the AFS authentication library file to the - /usr/lib/security directory. Then - create a symbolic link to it whose name does not mention the - version. Omitting the version eliminates the need to edit - the PAM configuration file if you later update the library - file. - - If you use the AFS Authentication Server - (kaserver process) in the cell: - - - # cp /tmp/afsdist/hp_ux110/dest/lib/pam_afs.so.1 . - # ln -s pam_afs.so.1 pam_afs.so - - - If you use a Kerberos implementation of AFS authentication: - - - # cp /tmp/afsdist/hp_ux110/dest/lib/pam_afs.krb.so.1 . - # ln -s pam_afs.krb.so.1 pam_afs.so - - - - - Edit the - Authentication management - section of the HP-UX PAM configuration file, - /etc/pam.conf by convention. The - entries in this section have the value - auth in their second field. - - First edit the standard entries, which refer to the - HP-UX PAM module (usually, the file /usr/lib/security/libpam_unix.1) in their - fourth field. For each service for which you want to - use AFS authentication, edit the third field of its entry to read - optional. The - pam.conf file in the HP-UX - distribution usually includes standard entries for the - login and - ftp services, for instance. - - If there are services for which you want to use AFS - authentication, but for which the pam.conf file does not already include a - standard entry, you must create that entry and place the - value optional in its third field. - For instance, the HP-UX pam.conf - file does not usually include standard entries for the remsh or - telnet services. - - Then create an AFS-related entry for each service, placing it - immediately below the standard entry. The following - example shows what the - Authentication Management section - looks like after you have you - edited or created entries for the services mentioned previously. - Note that the example AFS entries appear on two lines - only for legibility. - - - login auth optional /usr/lib/security/libpam_unix.1 - login auth optional /usr/lib/security/pam_afs.so \ - try_first_pass ignore_root setenv_password_expires - ftp auth optional /usr/lib/security/libpam_unix.1 - ftp auth optional /usr/lib/security/pam_afs.so \ - try_first_pass ignore_root - remsh auth optional /usr/lib/security/libpam_unix.1 - remsh auth optional /usr/lib/security/pam_afs.so \ - try_first_pass ignore_root - telnet auth optional /usr/lib/security/libpam_unix.1 - telnet auth optional /usr/lib/security/pam_afs.so \ - try_first_pass ignore_root setenv_password_expires - - - - - If you use the Common Desktop Environment (CDE) on the - machine and want users to obtain an AFS token as they log - in, also add or edit the following four entries in the - Authentication management - section. Note that the AFS-related entries appear on two lines - here only for legibility. - - dtlogin auth optional /usr/lib/security/libpam_unix.1 - dtlogin auth optional /usr/lib/security/pam_afs.so \ - try_first_pass ignore_root - dtaction auth optional /usr/lib/security/libpam_unix.1 - dtaction auth optional /usr/lib/security/pam_afs.so \ - try_first_pass ignore_root - - - - - Proceed to - Starting the BOS Server if you - are installing your first file server; - Starting Server Programs if you - are installing an additional file server machine; or - Loading and Creating Client Files. - if you are installing a client. - - - - Enabling kaserver based AFS Login on Linux Systems diff --git a/doc/xml/QuickStartUnix/auqbg005.xml b/doc/xml/QuickStartUnix/auqbg005.xml index 806432fe3..ac6ade597 100644 --- a/doc/xml/QuickStartUnix/auqbg005.xml +++ b/doc/xml/QuickStartUnix/auqbg005.xml @@ -3712,10 +3712,6 @@ Password for you/admin@REALM: your_passw On AIX systems, /etc/rc.afs - - On HP-UX systems, /sbin/init.d/afs - - On Fedora and RHEL systems, /etc/sysconfg/openafs @@ -3921,30 +3917,6 @@ Password for you/admin@REALM: your_passw - - HP-UX - - AFS initialization script - - on first AFS machine - - - On HP-UX systems: - - Run the AFS initialization script. - # /sbin/init.d/afs start - - - - - - Linux - - AFS initialization script - - on first AFS machine - - On Linux systems: Reboot the machine and log in again as the local superuser root. @@ -4121,10 +4093,6 @@ Password for you/admin@REALM: your_passw Activating the Script on AIX Systems - - Activating the Script on HP-UX Systems - - Activating the Script on Linux Systems @@ -4169,45 +4137,6 @@ Password for you/admin@REALM: your_passw - - HP-UX - - AFS initialization script - - on first AFS machine - - - - - Activating the Script on HP-UX Systems - - - - Change to the /sbin/init.d directory and issue the ln - -s command to create symbolic links that incorporate the AFS initialization script into the HP-UX startup and - shutdown sequence. - # cd /sbin/init.d - # ln -s ../init.d/afs /sbin/rc2.d/S460afs - # ln -s ../init.d/afs /sbin/rc2.d/K800afs - - - - - (Optional) There are now copies of the AFS initialization file in both the - /usr/vice/etc and /sbin/init.d directories. If you want - to avoid potential confusion by guaranteeing that they are always the same, create a link between them. You can always - retrieve the original script from the AFS CD-ROM if necessary. - # cd /usr/vice/etc - # rm afs.rc - # ln -s /sbin/init.d/afs afs.rc - - - - - Proceed to Configuring the Top Levels of the AFS Filespace. - - - Linux diff --git a/doc/xml/QuickStartUnix/auqbg006.xml b/doc/xml/QuickStartUnix/auqbg006.xml index bc3948cf6..ec9074778 100644 --- a/doc/xml/QuickStartUnix/auqbg006.xml +++ b/doc/xml/QuickStartUnix/auqbg006.xml @@ -239,10 +239,6 @@ Getting Started on AIX Systems - - Getting Started on HP-UX Systems - - Getting Started on Linux Systems @@ -448,313 +444,6 @@ - - Getting Started on HP-UX Systems - - Begin by building AFS modifications into the kernel, then configure server partitions and replace the HP-UX fsck program with a version that correctly handles AFS volumes. - - If the machine's hardware and software configuration exactly matches another HP-UX machine on which AFS is already - built into the kernel, you can copy the kernel from that machine to this one. In general, however, it is better to build AFS - modifications into the kernel on each machine according to the following instructions. - - - incorporating AFS kernel extensions - - server machine after first - - HP-UX - - - - AFS kernel extensions - - on server machine after first - - HP-UX - - - - file server machine, additional - - AFS kernel extensions - - on HP-UX - - - - HP-UX - - AFS-modified kernel - - on add'l server machine - - - - Move the existing kernel-related files to a safe location. - # cp /stand/vmunix /stand/vmunix.noafs - # cp /stand/system /stand/system.noafs - - - - - Unpack the OpenAFS HP-UX distribution tarball. The examples - below assume that you have unpacked the files into the - /tmp/afsdist directory. If you - pick a different location, substitute this in all of the following - examples. Once you have unpacked the distribution, change - directory as indicated. - - # cd /tmp/afsdist/hp_ux110/dest/root.client - - - - - Copy the AFS initialization file to the local directory for initialization files (by convention, /sbin/init.d on HP-UX machines). Note the removal of the .rc - extension as you copy the file. - # cp usr/vice/etc/afs.rc /sbin/init.d/afs - - - - - Copy the file afs.driver to the local /usr/conf/master.d directory, changing its name to afs as you - do. - # cp usr/vice/etc/afs.driver /usr/conf/master.d/afs - - - - - Copy the AFS kernel module to the local /usr/conf/lib directory. - - If the machine's kernel supports NFS server functionality: - - - # cp bin/libafs.a /usr/conf/lib - - - If the machine's kernel does not support NFS server functionality, change the file's name as you copy it: - - - # cp bin/libafs.nonfs.a /usr/conf/lib/libafs.a - - - - - Incorporate the AFS driver into the kernel, either using the SAM program or a - series of individual commands. - - To use the SAM program: - - Invoke the SAM program, specifying the hostname of the local - machine as local_hostname. The SAM graphical - user interface pops up. - # sam -display local_hostname:0 - - - - - Choose the Kernel Configuration icon, then the Drivers icon. From the list of drivers, select afs. - - - - Open the pull-down Actions menu and choose the Add Driver to Kernel option. - - - - Open the Actions menu again and choose the Create a New Kernel option. - - - - Confirm your choices by choosing Yes and OK when prompted by subsequent pop-up windows. The SAM program builds the kernel and reboots the system. - - - - Login again as the superuser root. - login: root - Password: root_password - - - - - - - To use individual commands: - - Edit the file /stand/system, adding an entry for afs to the Subsystems section. - - - - Change to the /stand/build directory and issue the mk_kernel command to build the kernel. - # cd /stand/build - # mk_kernel - - - - - Move the new kernel to the standard location (/stand/vmunix), - reboot the machine to start using it, and login again as the superuser root. - # mv /stand/build/vmunix_test /stand/vmunix - # cd / - # shutdown -r now - login: root - Password: root_password - - - - - - - - configuring - - AFS server partition on server machine after first - - HP-UX - - - - AFS server partition - - configuring on server machine after first - - HP-UX - - - - file server machine, additional - - AFS server partition - - on HP-UX - - - - HP-UX - - AFS server partition - - on add'l server machine - - - - - Create a directory called /vicepxx for each AFS - server partition you are configuring (there must be at least one). Repeat the command for each partition. - - # mkdir /vicepxx - - - - - Use the SAM program to create a file system on each partition. For - instructions, consult the HP-UX documentation. - - - - On some HP-UX systems that use logical volumes, the SAM program automatically - mounts the partitions. If it has not, mount each partition by issuing either the mount - -a command to mount all partitions at once or the mount command to mount - each partition in turn. - replacing fsck program - - server machine after first - - HP-UX - - fsck program - - on server machine after first - - HP-UX - - file server machine, additional - - fsck program - - on HP-UX - - HP-UX - - fsck program - - on add'l server machine - - - - - Create the command configuration file /sbin/lib/mfsconfig.d/afs. Use a text - editor to place the indicated two lines in it: - format_revision 1 - fsck 0 m,P,p,d,f,b:c:y,n,Y,N,q, - - - - - Create and change directory to an AFS-specific command directory called /sbin/fs/afs. - # mkdir /sbin/fs/afs - # cd /sbin/fs/afs - - - - - Copy the AFS-modified version of the fsck program (the vfsck binary) and related files from the distribution directory to the new AFS-specific command - directory. - # cp -p /tmp/afsdist/hp_ux110/dest/root.server/etc/* . - - - - - Change the vfsck binary's name to fsck and set - the mode bits appropriately on all of the files in the /sbin/fs/afs directory. - - # mv vfsck fsck - # chmod 755 * - - - - - Edit the /etc/fstab file, changing the file system type for each AFS server - partition from hfs to afs. This ensures that the - AFS-modified fsck program runs on the appropriate partitions. - - The sixth line in the following example of an edited file shows an AFS server partition, /vicepa. - - - /dev/vg00/lvol1 / hfs defaults 0 1 - /dev/vg00/lvol4 /opt hfs defaults 0 2 - /dev/vg00/lvol5 /tmp hfs defaults 0 2 - /dev/vg00/lvol6 /usr hfs defaults 0 2 - /dev/vg00/lvol8 /var hfs defaults 0 2 - /dev/vg00/lvol9 /vicepa afs defaults 0 2 - /dev/vg00/lvol7 /usr/vice/cache hfs defaults 0 2 - - - - - If the machine is to remain an AFS client, incorporate AFS into its authentication system, following the - instructions in Enabling AFS Login on HP-UX Systems. - - - - Proceed to Starting Server Programs. - - - - Getting Started on Linux Systems @@ -2058,10 +1747,6 @@ On AIX systems, /etc/rc.afs - - On HP-UX systems, /sbin/init.d/afs - - On Fedora and RHEL systems, /etc/sysconfig/openafs. @@ -2220,47 +1905,6 @@ - - HP-UX - - AFS initialization script - - on add'l server machine - - - On HP-UX systems: - - Run the AFS initialization script. - # /sbin/init.d/afs start - - - - - Change to the /sbin/init.d directory and issue the ln - -s command to create symbolic links that incorporate the AFS initialization script into the HP-UX - startup and shutdown sequence. - # cd /sbin/init.d - # ln -s ../init.d/afs /sbin/rc2.d/S460afs - # ln -s ../init.d/afs /sbin/rc2.d/K800afs - - - - - (Optional) There are now copies of the AFS initialization file in both the - /usr/vice/etc and /sbin/init.d directories. If - you want to avoid potential confusion by guaranteeing that they are always the same, create a link between them. - You can always retrieve the original script from the AFS CD-ROM if necessary. - # cd /usr/vice/etc - # rm afs.rc - # ln -s /sbin/init.d/afs afs.rc - - - - - Proceed to Step 4. - - - Linux diff --git a/doc/xml/QuickStartUnix/auqbg007.xml b/doc/xml/QuickStartUnix/auqbg007.xml index 7427cf31e..5c2b8fa04 100644 --- a/doc/xml/QuickStartUnix/auqbg007.xml +++ b/doc/xml/QuickStartUnix/auqbg007.xml @@ -146,10 +146,6 @@ Getting Started on AIX Systems - - Getting Started on HP-UX Systems - - Getting Started on Linux Systems @@ -320,250 +316,6 @@ Proceed to Loading and Creating Client Files. - - - - incorporating AFS kernel extensions - - client machine - - HP-UX - - - - AFS kernel extensions - - on client machine - - HP-UX - - - - client machine - - AFS kernel extensions - - on HP-UX - - - - HP-UX - - AFS-modified kernel - - on client machine - - - - enabling AFS login - - client machine - - HP-UX - - - - AFS login - - on client machine - - HP-UX - - - - client machine - - AFS login - - on HP-UX - - - - HP-UX - - AFS login - - on client machine - - - - PAM - - on HP-UX - - client machine - - - - - - Getting Started on HP-UX Systems - - In this section you build AFS into the HP-UX kernel. Then incorporate AFS modifications into the machine's Pluggable - Authentication Module (PAM) system, if you wish to enable AFS login. - - - Building AFS into the HP-UX Kernel - - On HP-UX systems, you must build AFS modifications into a new static kernel; HP-UX does not support dynamic loading. If - the machine's hardware and software configuration exactly matches another HP-UX machine on which AFS is already built into the - kernel, you can choose to copy the kernel from that machine to this one. In general, however, it is better to build AFS - modifications into the kernel on each machine according to the following instructions. - - Move the existing kernel-related files to a safe location. - # cp /stand/vmunix /stand/vmunix.noafs - # cp /stand/system /stand/system.noafs - - - - - Unpack the OpenAFS HP-UX distribution tarball. The examples - below assume that you have unpacked the files into the - /tmp/afsdist directory. If you - pick a different location, substitute this in all of the following - examples. Once you have unpacked the distribution, change directory - as indicated. - - # cd /tmp/afsdist/hp_ux110/dest/root.client - - - - - Copy the AFS initialization file to the local directory for initialization files (by convention, /sbin/init.d on HP-UX machines). Note the removal of the .rc - extension as you copy the file. - # cp usr/vice/etc/afs.rc /sbin/init.d/afs - - - - - Copy the file afs.driver to the local /usr/conf/master.d directory, changing its name to afs as you - do. - # cp usr/vice/etc/afs.driver /usr/conf/master.d/afs - - - - - Copy the AFS kernel module to the local /usr/conf/lib directory. - - If the machine's kernel supports NFS server functionality: - - - # cp bin/libafs.a /usr/conf/lib - - - If the machine's kernel does not support NFS server functionality, change the file's name as you copy it: - - - # cp bin/libafs.nonfs.a /usr/conf/lib/libafs.a - - - - - Incorporate the AFS driver into the kernel, either using the SAM program or a - series of individual commands. - - To use the SAM program: - - Invoke the SAM program, specifying the hostname of the local machine - as local_hostname. The SAM graphical user - interface pops up. - # sam -display local_hostname:0 - - - - - Choose the Kernel Configuration icon, then the Drivers icon. From the list of drivers, select afs. - - - - Open the pull-down Actions menu and choose the Add Driver to Kernel option. - - - - Open the Actions menu again and choose the Create a New Kernel option. - - - - Confirm your choices by choosing Yes and OK when prompted by subsequent pop-up windows. The SAM program builds the kernel and reboots the system. - - - - Login again as the superuser root. - login: root - Password: root_password - - - - - - - To use individual commands: - - Edit the file /stand/system, adding an entry for afs to the Subsystems section. - - - - Change to the /stand/build directory and issue the mk_kernel command to build the kernel. - # cd /stand/build - # mk_kernel - - - - - Move the new kernel to the standard location (/stand/vmunix), reboot - the machine to start using it, and login again as the superuser root. - - # mv /stand/build/vmunix_test /stand/vmunix - # cd / - # shutdown -r now - login: root - Password: root_password - - - - - - - - - - - Enabling AFS Login on HP-UX Systems - - At this point you incorporate AFS into the operating system's Pluggable Authentication Module (PAM) scheme. PAM - integrates all authentication mechanisms on the machine, including login, to provide the security infrastructure for - authenticated access to and from the machine. - - In modern AFS installations, you should be using Kerberos v5 - for user login, and obtaining AFS tokens subsequent to this authentication - step. OpenAFS does not currently distribute a PAM module allowing AFS - tokens to be automatically gained at login. Whilst there are a number of - third party modules providing this functionality, it is not know if these - have been tested with HP/UX. - - Following login, users can - obtain tokens by running the aklog - command - - If you are at a site which still requires - kaserver or external Kerberos v4 based - authentication, please consult - Enabling kaserver based AFS Login on HP-UX systems - for further installation instructions. - - - Proceed to Loading and Creating Client Files. - @@ -1750,10 +1502,6 @@ On AIX systems, /etc/rc.afs - - On HP-UX systems, /sbin/init.d/afs - - On Fedora and RHEL systems, /etc/sysconfig/openafs @@ -1841,10 +1589,6 @@ Running the Script on AIX Systems - - Running the Script on HP-UX Systems - - Running the Script on Linux Systems @@ -1936,67 +1680,6 @@ AFS initialization file - - HP-UX - - AFS initialization script - - on client machine - - - - - Running the Script on HP-UX Systems - - - - Run the AFS initialization script. - # /sbin/init.d/afs start - - - - - Change to the /sbin/init.d directory and issue the ln - -s command to create symbolic links that incorporate the AFS initialization script into the HP-UX startup and - shutdown sequence. - # cd /sbin/init.d - # ln -s ../init.d/afs /sbin/rc2.d/S460afs - # ln -s ../init.d/afs /sbin/rc2.d/K800afs - - - - - (Optional) There are now copies of the AFS initialization file in both the - /usr/vice/etc and /sbin/init.d directories. If you want - to avoid potential confusion by guaranteeing that they are always the same, create a link between them. You can always - retrieve the original script from the AFS CD-ROM if necessary. - # cd /usr/vice/etc - # rm afs.rc - # ln -s /sbin/init.d/afs afs.rc - - - - - If a volume for housing AFS binaries for this machine's system type does not already exist, proceed to Setting Up Volumes and Loading Binaries into AFS. Otherwise, the installation is - complete. - - - - - afs file - - AFS initialization file - - - - files - - afs - - AFS initialization file - - etc/rc.d/init.d/afs -- 2.39.5