You can find arla at http://www.stacken.kth.se/projekt/arla/.
Source-code can be found at ftp://ftp.stacken.kth.se/pub/arla/.
You can browse the current cvs source-tree with cvsweb at http://www.stacken.kth.se/cgi-bin/cvsweb.cgi/arla/?cvsroot=SourceRepository.
Mail-archives can be found at http://www.stacken.kth.se/lists/.
AFS uses Kerberos V4 for authentication. There are however some minor differences between the ka-server supplied by Transarc and an ordinary Kerberos server. Those are quite easy to fix.
In Kerberos there is a server that keeps track of all the keys used by both clients and servers. Transarc supplies such a server called kaserver with their software. This server also supports its own protocol that is used by the Transarc clients, such as klog. But since it also supports the Kerberos V4 protocol you can use normal Kerberos clients for authenticating against your AFS cell. The Transarc NT client uses the Kerberos protocol instead of the kaserver one for some odd reason.
Some people run a normal Kerberos server with an AFS cell.
The main differences are that AFS uses 1) a different string-to-key algorithm, 2) pre-authentication, and 3) rx as a rpc interface (where Kerberos 4 uses a hand-coded packet). AFS also uses ubik to replicate its database over the db-servers.
The AFS key (the one stored in /usr/afs/etc/KeyFile) is the same as the one stored in the ka/Kerberos server afs@REALM principal. When you run kauth username@REALM it also fetches the afs@REALM token (if kauth found that you have an AFS-enabled kernel), and inserts it into the AFS-client. You can see the token with tokens or klist -T. There is also two command, afslog and aklog, that will get you tokens if you already have tickets .
Both kauth and afslog look in /usr/{arla,vice}/etc/ThisCell to find out what cell to retrieve tokens for.
You can specify extra cells to get tokens for in the /usr/{arla,vice}/etc/TheseCells file, and ~/.TheseCells
Pretty much nothing. A cell is written with lowercase, and a REALM is always written in uppercase. Most of the time both realm and cell is the same a your (dns) domain-name.
To keep your sanity, make sure they are all three named the same.
Assuming that the name of your realm is the same as your AFS cell (except that the realm is in uppercase), you will want to set up your configuration files as follows:
in /usr/arla/etc/CellServDB:
>your.cell.name # Your AFS cell www.xxx.yyy.zzz #first afs vldb server IP address www.xxx.yyy.zzz #second afs vldb server IP address www.xxx.yyy.zzz #third afs vldb server IP address(replacing www.xxx.yyy.zzz with the IP addresses of the servers for your cell)
in /etc/krb.conf:
YOUR.CELL.NAME YOUR.CELL.NAME first.server.domain.name admin server YOUR.CELL.NAME second.server.domain.name admin server YOUR.CELL.NAME third.server.domain.name admin server(replace 'first.server.domain.name', etc, with the actual names)
It may be necessary to add the following entry in /etc/krb.realms for things to work right with kth-krb: .server.domain.name YOUR.CELL.NAME (where .server.domain.name is the domain that your servers are in)
Set the environment variable AFS_SYSCALL to a name or a number. If it's a name it will be looked up in (the Solaris inspired file) /etc/name_to_sysnum that have the syntax
#name number xfs 230
Try using libgetcwd.so, it might work. If you only want to use libgetcwd.so for one program, write a shell-script wrapper to set and export the LD_PRELOAD variable.
From INSTALL:
1. Copy /usr/arla/lib/libgetcwd.so.X (where X is the arla version)
to /lib.
2. Run "/sbin/ldconfig".
3. Run "LD_PRELOAD=/lib/libgetcwd.so.0 /bin/pwd". If this fails
with "/bin/pwd: can't load library '/lib/libgetcwd.so.0'" or
some other error message, report this error.
4. If the previous step went well, add this line to /etc/ld.so.preload:
/lib/libgetcwd.so.0
DO NOT load the file from /usr/arla/lib, since /usr probably is not
part of the root partition of your system. If you do this, your system
will probably not be able to boot, even in single user, since in most
Linux installations, init, sh, mount and other programs are dynamically
linked.
Many of the problems with klog somewhat related to that we uses the kerberos lib kafs to get tokens.
You should first make sure you have the right time. To set time you can use rdate or ntp that you can get from ftp://ftp.udel.edu/pub/ntp/ntp4/
If you are running ka-server 3.3 (check with rxdebug -version my-kaserver) (not 3.3a) it might return the wrong error-message when trying to fetch the afs.cell@cell ticket. Don't know how right that is.
You should also check out question 3 since its related due to that we uses kerberos.
Please not that kauth (or kinit with afslog)is a perfect replacement for klog. That is, it they doesn't work, klog wont work either.
A klog from transarc should work perfectly ok with arlad/xfs. It wont see any any difference between the transarc client and arla.
You should try to set AFSSYSCALL to xfs or the number of xfs i /etc/name_to_sysnum.
Christopher Allen Wing <wingc@engin.umich.edu>
[Arla main page]$Id: faq.html,v 1.11 2000/09/22 15:51:09 ahltorp Exp $