you’ve got to love this partially satirical article in TIME about how the despised habits of the French are coming true in the Land of the Free

well the last time I looked at ruby, I did it all on OpenBSD. Seemed pretty easy at the time so I didn’t make any notes. Now I’m doing it on windows, MacOS X & amaxon’s EC2/ubuntu.

SQLite is no longer the default DB in rails, but for my dev PC I don’t want the whole hog. So back to SQLite it was. I consider myself a bit of a windows guru, so I wasn’t expecting any real problems. I downloaded  ruby & started to get up & running, installing gems, capistrano, ec2onrails, & finally sqlite3. I downloaded the SQLite3 DLL & command tool into SQLite3, added this to the path, & then tried to install the gem:

D:\ruby\bin>gem install sqlite3-ruby
Building native extensions.  This could take a while...
ERROR:  Error installing sqlite3-ruby:
ERROR: Failed to build gem native extension.

d:/ruby/bin/ruby.exe extconf.rb install sqlite3-ruby
checking for fdatasync() in rt.lib... no
checking for sqlite3.h... no

nmake
'nmake' is not recognized as an internal or external command,
operable program or batch file.

not good!! nmake shouldn’t be necessary for installing a gem. Turns out we need to instead use:

D:\ruby\bin>gem install --version 1.2.3 sqlite3-ruby
Successfully installed sqlite3-ruby-1.2.3-x86-mswin32
1 gem installed
Installing ri documentation for sqlite3-ruby-1.2.3-x86-mswin32...
Installing RDoc documentation for sqlite3-ruby-1.2.3-x86-mswin32...

which works a treat. I expect this will trip up a fair few people so hope this helps the happy googlers.

over on Thinking Matters there’s a whole lot of discussion around “what is science”, & “where can we draw boundaries between it and religion”. For me that nicely illustrates the difference between the two domains - science is inclusive, inquisitive, and able to be challenged, downsized and redirected - think flat earth, newtonian physics for examples of fundamental changes in the way we view the world that science has permitted and incorporated.

Specious teleologic arguments are used to imply that religion is separate, special, and should be treated outside this evidential framework. Fair enough if that’s your view, but I’ve yet to see why this is required, and why it is allowed to be used to “explain” what has already been explained by science.

evolution is the best example of where these worlds collide. Scientifically the world has accepted the Darwinian concept of evolution, despite some tinkering of how fast & how discrete the steps are by the likes of Steve Jay Gould and his opposing immovable force Richard Dawkins. The factual record is extensive & consistent. So when we review the age of the earth (6000 years give or take) from a biblical perspective, we are expected to put Occam’s razor to the side, and invoke a mysterious being (not seen for the last 2000 years in any verifiable form) who compiled all of this evidence, and asks us to ignore it.

If this approach was used anywhere else, for example in a court of law, you’d deem it unacceptable. So why put up with it here?

motorola’s cellphone naming looks to me like the abbreviated names used in stock price tickers.  the munchkin wrangler has a different take & a few alternative options!

after spending a couple of hours debugging my brother-in-law’s crashing computer (& in german, just to make it easier), I ran into this site http://www.dumpanalysis.org/ which is so good I might just have to buy a few of the books listed on it.

first up, kick off an EC2 ubuntu/hardy instance, ssh in as usual

apt-get install openafs-fileserver
# set cell name to muse.net.nz
# set cache size to 10Gb
# set cellDB to afsdb.muse.net.nz
# update /etc/openafs/CellServDB
>muse.net.nz #home
121.73.27.12 #afsdb.muse.net.nz
rm /etc/openafs/server/CellServDB; ln -s /etc/openafs/CellServDB /etc/openafs/server/CellServDB
# sweet!


three changes required -

• configure sendmail to use a remote host for all mail in /etc/mail/submit.cf
# changes to fwd mail directly to smart host
#D{MTAHost}[127.0.0.1]
D{MTAHost}[smtp.muse.net.nz]

• configure local aliases mapping to remap users to a destination address in /etc/mail/aliases
# Well-known aliases — these should be filled in!
# root:
root: root@muse.net.nz

• permit relaying on smart host (postfix in my case) in /etc/postfix/main.cf
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, akai.$mydomain

i ran into this earlier today, he used to write cartoons for the guardian, but in the ‘free press’ The Perry Bible Fellowship has a lot more freedom

I’ve had trouble getting OpenAFS to run recently (since 1.4.5 I think) on OpenBSD; I am still using my 4.0 binaries on 4.1 (I know, I know…) but here’s a few notes that may help you get started.

GET THE SOURCE AND MAKE BUILD

===========================================================

cvs -d:pserver:anonymous@cvs.openafs.org:/cvs login

 anonymous

cvs -z9 -d:pserver:anonymous@cvs.openafs.org:/cvs co -PA openafs# update

cd /usr/ports/local/openafs && cvs -Rvz9 update -Pd

chgrp -R wsrc .

#find . -type d | xargs chmod 775

#find . -type f | xargs chmod 664

./configure --enable-shared --enable-fast-restart --enable-bitmap-later --quiet --enable-debug --enable-bos-new-config --enable-supergroups --enable-namei-fileserver --enable-largefile-fileserver --disable-kernel-module --with-afs-sysname=i386_obsd40 --enable-transarc-paths

## --disable-kernel-module --enable-transarc-paths --with-krb5 --with-afs-sysname=i386_obsd40 --exec-prefix=/usr/local

make && make install DESTDIR=/tmp/openafs-1.4.4

cd /tmp/openafs-1.4.4 && tar cvzf /usr/ports/local/openafs-1.4.4_obsd40.tar.gz .

make && make install DESTDIR=/tmp/openafs-1.5.15

cd /tmp/openafs-1.5.15 && tar cvzf /usr/ports/local/openafs-1.5.15_obsd40.tar.gz .

## remove "package" or installation directly

rm -rf /usr/local/lib/afs/ /usr/local/libexec/openafs/ /usr/local/include/rx/ /usr/local/include/afs/

rm /usr/local/include/{des.h,des_conf.h,des_odd.h,des_prototypes.h,lock.h,lwp.h,mit-cpyright.h,potpourri.h,preempt.h}

rm /usr/local/include/{timer.h,ubik.h,ubik_int.h}

rm /usr/local/lib/{libafsauthent.a,libafsrpc.a,libdes.a,liblwp.a,librx.a,librxkad.a,librxstat.a,libubik.a}

rm /usr/local/bin/{afsmonitor,bos,cmdebug,compile_et,dlog,dpass,fs,klog,klog.krb,knfs,kpasswd,kpwvalid,livesys,pagsh,pagsh.krb,pts,rxgen,scout,sys,tokens,tokens.krb,translate_et,udebug,unlog,up,xstat_cm_test,xstat_fs_test}

rm /usr/local/sbin/{afsd,backup,bos_util,bosserver,butc,copyauth,fms,fstrace,kadb_check,kas,kdb,kdump/kdump-build,kpwvalid,kseal,prdb_check,pt_util,read_tape,restorevol,rmtsysd,rxdebug,uss,vldb_check,vldb_convert,voldump,volinfo,vos,vsys}

OPENAFS CLIENT - NOT WORKING WELL

===========================================================

install openafs-1.*.tgz package

setup krb5.conf as usual

set up afs.conf as usual

file:/etc/rc.securelevel

/sbin/modload /usr/local/lib/openafs/libafs.o

file:/etc/rc.local

# start OpenAFSD client

if [ "X${openafsd}" != X"NO" ]; then

 echo -n 'starting OpenAFS client...';

 mkdir -p -m 0755 /afs

 mkdir -p /var/openafs/cache

 /usr/local/sbin/afsd -stat 4000 -dcache 4000 -daemons 6 -volumes 256 -files 50000 \

 	-afsdb -fakestat -nosettime

 echo 'done!'

fi

file:/etc/rc.conf.local

#start OpenAFS client

openafsd = YES

file:/etc/openafs/cacheinfo

/afs:/var/openafs/cache:1048576

ARLA CLIENT

===========================================================

# set up for next reboot

file:/etc/rc.conf.local

### start ARLA client

### add '--dynroot' on non-AFSDB servers

echo afs=YES>> /etc/rc.conf.local

echo afsd_flags=\"--log=/var/log/arlad.log --cpu-usage --check-consistency\">> /etc/rc.conf.local

# edit ntpd.conf for time.muse.net.nz

# install client configuration

cd /tmp && ftp ftp://gremlin.muse.net.nz/OpenAFS/openafs_obsd39.tar.gz

cd / && tar xvzpf /tmp/openafs_obsd39.tar.gz

mkdir -p -m 0755 /afs

echo -n 'unmounting afs:'

pkill afsd > /dev/null 2>&1

rm -rf /var/spool/afs

umount /afs

rm /var/log/arlad.log

pgrep afsd && echo FAIL unable to shut down existing instance

echo -n 'mounting afs:'

mount -t xfs /dev/xfs0 /afs

/usr/libexec/afsd --log=/var/log/arlad.log --recover --cpu-usage --check-consistency

ls /afs

OPENAFS SERVER /ETC/RC* CHANGES

===========================================================

file:/etc/rc.local

# start OpenAFSD server

if [ "X${openafs}" = X"YES" ]; then

 echo -n 'starting OpenAFS daemons...';

 /usr/afs/bin/bosserver ${openafsd_flags}

 echo 'done!'

fi

file:/etc/rc.conf.local

# OpenAFS server

openafs=YES

openafsd_flags="-log -auditlog /var/log/boss.log -syslog -enable_peer_stats -enable_process_stats"

file:/etc/rc.shutdown

echo -n 'stopping OpenAFS daemons...';

/usr/afs/bin/bos shutdown localhost -localauth -wait

/usr/afs/bin/bos status localhost -localauth

echo 'done!'

#start up OpenAFS

/usr/afs/bin/bosserver -log -auditlog /var/log/boss.log -syslog \

 -enable_peer_stats -enable_process_stats

SET UP AFSDB IN DNS

===========================================================

file:/var/named/master/muse.net.nz

sendai      A       10.0.0.x               ; afsdb1

muse.net.nz.    3600    IN AFSDB 1      sendai

dig -t AFSDB muse.net.nz

;; ANSWER SECTION:

muse.net.nz.            3600    IN      AFSDB   1 straylight.muse.net.nz.

muse.net.nz.            3600    IN      AFSDB   1 sendai.muse.net.nz.

muse.net.nz.            3600    IN      AFSDB   1 wintermute.muse.net.nz.

;; ADDITIONAL SECTION:

straylight.muse.net.nz		259200  IN      A       10.0.0.22

sendai.muse.net.nz		259200  IN      A       10.0.0.20

wintermute.muse.net.nz		259200  IN      A       10.0.0.21

CREATE AFS SERVICE ACCOUNTS

===========================================================

http://www.dementia.org/twiki/bin/view/AFSLore/KerberosAFSInstall

kadmin -p admin/krb

kadmin> add --random-key --use-defaults afs/muse.net.nz

kadmin> del_enctype afs/muse.net.nz des3-cbc-sha1

kadmin> del_enctype afs/muse.net.nz aes256-cts-hmac-sha1-96

kadmin> del_enctype afs/muse.net.nz arcfour-hmac-md5

kadmin> list *afs*

 admin/afs

 afs/muse.net.nz

 host/afsdb.muse.net.nz

kadmin> get afs/muse.net.nz@MUSE.NET.NZ

            Principal: afs/muse.net.nz@MUSE.NET.NZ

    Principal expires: never

     Password expires: never

 Last password change: never

      Max ticket life: 1 day

   Max renewable life: 1 week

                 Kvno: 1

                Mkvno: 0

Last successful login: never

    Last failed login: never

   Failed login count: 0

        Last modified: 2007-03-12 04:28:42 UTC

             Modifier: kadmin/admin@MUSE.NET.NZ

           Attributes:

             Keytypes: des-cbc-md5(pw-salt), des-cbc-md4(pw-salt), des-cbc-crc(pw-salt)

kadmin> ext -k /etc/afskeytabfile.krb5 afs/muse.net.nz

kadmin> quit

root@ice:/ $ ktutil -k /etc/afskeytabfile.krb5 list

 /etc/afskeytabfile.krb5:

Vno  Type         Principal

   1  des-cbc-md5  afs/muse.net.nz@MUSE.NET.NZ

   1  des-cbc-md4  afs/muse.net.nz@MUSE.NET.NZ

   1  des-cbc-crc  afs/muse.net.nz@MUSE.NET.NZ

root@ice:/ $ mkdir -p /usr/afs/etc

root@ice:/ $ ln -s /etc/afs/ThisCell /usr/afs/etc/ThisCell

root@ice:/ $ cat /etc/afs/ThisCell

 muse.net.nz

root@ice:/ $ ktutil copy FILE:/etc/afskeytabfile.krb5 AFSKEYFILE:/usr/afs/etc/KeyFile

## may need to mkdir -p /usr/afs/etc/;  ln -s /etc/afs/ThisCell /usr/afs/etc/ThisCell

## mkdir -m 700 p /etc/openafs/server

## oldversion: ktutil -v copy /tmp/afsv5key AFSKEYFILE:/etc/openafs/server/KeyFile

## ktutil -v copy /tmp/afsv5key AFSKEYFILE:/etc/openafs/server/KeyFile

/usr/afs/bin/bosserver -syslog -noauth

/usr/afs/bin/bos listkeys -noauth afsdb.muse.net.nz

/usr/afs/bin/bos setcellname afsdb.muse.net.nz muse.net.nz -noauth

#chmod this appropriately!

CONFIGURING OpenAFS

===========================================================

http://www.openafs.org/pages/doc/QuickStartUnix/auqbg005.htm#HDRWQ50

http://www.arayan.com/da/yazi/OpenAFS_Kerberos_5.html

http://wiki.bsd-crew.de/index.php/OpenAFS_unter_NetBSD#Compiling_OpenAFS

http://www.pdc.kth.se/heimdal/heimdal.html#Testing-clients-and-servers

http://www.slac.stanford.edu/~alfw/kerb5.html

http://grand.central.org/twiki/bin/view/AFSLore/InstallingtheFirstAFSMachine

mkdir -p -m 700 /usr/afs/db

mkdir -p m 755  /var/openafs/{local,server,cache,logs}

/bin/echo "/afs:/var/openafs/cache:198112" > /etc/openafs/cacheinfo

/bin/echo muse.net.nz> /etc/afs/ThisCell

/bin/echo ">muse.net.nz            #where great ideas come together">> /etc/afs/CellServDB

/bin/echo "10.0.0.32    #afsdb.muse.net.nz">> /etc/afs/CellServDB

mkdir -p /usr/vice/etc

mkdir -p /usr/afs/etc

scp afsdb.muse.net.nz:/etc/openafs/server/KeyFile /etc/afs/

ln -s /etc/afs/KeyFile /usr/afs/etc/KeyFile

ln -s /etc/afs/ThisCell /usr/vice/etc/ThisCell

ln -s /etc/afs/CellServDB /usr/vice/etc/CellServDB

ln -s /etc/afs/CellServDB /usr/afs/etc/CellServDB

ln -s /etc/afs/ThisCell /usr/afs/etc/ThisCell

ln -s /etc/afs/CellServDB /etc/openafs/CellServDB

ln -s /etc/afs/ThisCell /etc/openafs/ThisCell

ln -s /etc/afs/CellServDB /etc/openafs/server/CellServDB

ln -s /etc/afs/ThisCell /etc/openafs/server/ThisCell

ln -s /etc/openafs/server/KeyFile /etc/openafs/KeyFile

mv /usr/sbin/fs /usr/sbin/fs.arla

mv /usr/sbin/bos /usr/sbin/bos.arla

mv /usr/sbin/vos /usr/sbin/vos.arla

mv /usr/sbin/pts /usr/sbin/pts.arla

mkdir -p /usr/afs/local

echo 10.0.0.32>/usr/afs/local/NetInfo

echo 127.0.0.1>/usr/afs/local/NetRestrict

echo 10.0.0.3>>/usr/afs/local/NetRestrict

echo 10.0.0.12>>/usr/afs/local/NetRestrict

echo 10.0.0.20>>/usr/afs/local/NetRestrict

echo 10.0.0.25>>/usr/afs/local/NetRestrict

echo 10.0.0.27>>/usr/afs/local/NetRestrict

echo admin.afs>/usr/afs/etc/UserList

# if you're not using a separate mount point for vicepXX

touch /vicepa/AlwaysAttach

# create & auto-start the daemons

alias pafs='ps aux | grep afs'

/usr/afs/bin/bosserver -log -syslog -noauth

/usr/afs/bin/bos setcellname afsdb.muse.net.nz muse.net.nz -noauth

/usr/afs/bin/bos adduser afsdb.muse.net.nz admin.afs -noauth

more /etc/afs/ThisCell

more /etc/afs/CellServDB

>muse.net.nz    #Cell name

[10.0.0.32]        #afsdb.muse.net.nz

/usr/afs/bin/bos listhosts afsdb.muse.net.nz -noauth

/usr/afs/bin/bos create afsdb.muse.net.nz \

 buserver simple /usr/afs/bin/buserver \

 -cell muse.net.nz -noauth

/usr/afs/bin/bos create afsdb.muse.net.nz \

 ptserver simple /usr/afs/bin/ptserver  \

 -cell muse.net.nz -noauth

/usr/afs/bin/bos create afsdb.muse.net.nz \

 vlserver simple /usr/afs/bin/vlserver  \

 -cell muse.net.nz -noauth

pafs

# grant admin rights on cell

/usr/afs/bin/pts createuser -name admin.afs -cell muse.net.nz -noauth

/usr/afs/bin/pts adduser admin.afs system:administrators -cell muse.net.nz -noauth

/usr/afs/bin/pts createuser -name dave -cell muse.net.nz -noauth

/usr/afs/bin/pts createuser -name pk -cell muse.net.nz -noauth

/usr/afs/bin/pts createuser -name veronika -cell muse.net.nz -noauth

## /usr/afs/bin/pts adduser dave system:administrators -cell muse.net.nz -noauth

/usr/afs/bin/pts mem system:administrators -cell muse.net.nz -noauth

/usr/afs/bin/bos listkeys afsdb.muse.net.nz -cell muse.net.nz -noauth

restart BOS with authentication

===========================================================

/usr/afs/bin/bos shutdown afsdb.muse.net.nz -cell muse.net.nz -localauth -wait

/usr/afs/bin/bos status afsdb.muse.net.nz -cell muse.net.nz -localauth -long

pafs

pkill -HUP bosserver

pafs

### mount /vicepa

### kinit admin/afs to get afs privileged tokens & make sure you have arla running

/usr/afs/bin/bosserver -log -syslog -enable_peer_stats -enable_process_stats

/usr/afs/bin/bos restart afsdb.muse.net.nz -all -cell muse.net.nz

create FS instance

===========================================================

/usr/afs/bin/bos create afsdb.muse.net.nz fs fs \

 /usr/afs/bin/fileserver \

 /usr/afs/bin/volserver \

 /usr/afs/bin/salvager \

 -cell muse.net.nz -localauth

create AFS root volume

===========================================================

/usr/afs/bin/vos listpart afsdb.muse.net.nz

/usr/afs/bin/vos create afsdb.muse.net.nz /vicepa root.afs \

 -cell muse.net.nz -verbose

/usr/afs/bin/vos create afsdb.muse.net.nz /vicepa root.cell \

 -cell muse.net.nz -verbose

/usr/afs/bin/vos listvol -server afsdb.muse.net.nz

********** to do

::fix up ln -s stuff

::identify correct paths for bins

::move KeyFile to continuity

fs setacl /afs system:administrators rlidwka

fs setacl /afs system:anyuser rl

fs mkmount /afs/muse.net.nz root.cell

dir /afs/muse.net.nz

fs setacl /afs/muse.net.nz system:administrators rlidwka

fs setacl /afs/muse.net.nz system:anyuser rl

fs mkmount /afs/.muse.net.nz root.cell -rw

dir /afs/.muse.net.nz

fs setacl /afs/.muse.net.nz system:administrators rlidwka

fs setacl /afs/.muse.net.nz system:anyuser rl

fs mkmount -dir /afs/su.se -vol root.cell -cell su.se -fast

fs mkmount -dir /afs/openafs.org -vol root.cell -cell openafs.org -fast

fs mkmount -dir /afs/stacken.kth.se -vol root.cell -cell stacken.kth.se -fast

/usr/afs/bin/pts removeuser dave system:administrators -cell muse.net.nz

REPLICATE THE ROOT VOLUMES & INCREASE THEIR QUOTA

===========================================================

/usr/afs/bin/vos addsite afs1.muse.net.nz /vicepa root.cell

/usr/afs/bin/vos addsite afs1.muse.net.nz /vicepa root.afs

/usr/afs/bin/vos addsite afs1.muse.net.nz /vicepa root.home

/usr/afs/bin/vos listvol -server afs1.muse.net.nz

/usr/afs/bin/vos release root.afs -verbose

/usr/afs/bin/vos release root.cell -verbose

/usr/afs/bin/vos release root.home -verbose

/usr/afs/bin/vos listvol -server afs1.muse.net.nz

/usr/afs/bin/vos examine root.cell -format

/usr/afs/bin/vos examine root.afs -extended

/usr/afs/bin/vos setfields root.cell -maxquota 100000

/usr/afs/bin/vos setfields root.afs -maxquota 10000

/usr/afs/bin/vos examine root.cell

/usr/afs/bin/vos release root.cell -verbose

/usr/afs/bin/vos listvol -server afs1.muse.net.nz

MAKE A HOME DIRECTORY

===========================================================

# create basic structure

/usr/afs/bin/vos create afs.muse.net.nz /vicepa root.home -verbose

fs setacl /afs/.muse.net.nz system:authuser rl

fs mkmount /afs/.muse.net.nz/home root.home -rw

/usr/afs/bin/vos release root.cell -verbose

ll  /afs/.muse.net.nz/home/dave

fs setacl /afs/.muse.net.nz/home system:authuser rl

fs setacl /afs/.muse.net.nz/home system:administrators rlidwka

#vos examine root.home -format

/usr/afs/bin/vos release root.cell -verbose

############################################

# create a single person

/usr/afs/bin/vos listpart afs.muse.net.nz

/usr/afs/bin/vos create afs.muse.net.nz /vicepa home.dave -verbose

fs mkmount /afs/.muse.net.nz/home/pk home.pk -rw

/usr/afs/bin/vos listvol -server finn

/usr/afs/bin/vos examine home.pk -format

/usr/afs/bin/vos setfields home.pk -maxquota 500000

/usr/afs/bin/vos release root.home

ll  /afs/.muse.net.nz/home/pk

/usr/afs/bin/pts createuser pk

fs setacl /afs/.muse.net.nz/home/pk system:administrators rlidwka

fs setacl /afs/.muse.net.nz/home/pk pk write

/usr/afs/bin/vos release root.cell -verbose

dir /afs/muse.net.nz/home/dave

ADD A NEW FILESERVER

===========================================================

#add your new FS & IP to DNS as AFSDB

#duplicate to new fileserver

 /usr/afs/etc

bin:	/usr/afs/bin

bin:	/usr/vice/etc/libafs.o

 /usr/vice/etc

 /etc/afs

 /etc/kerberosV except krb5.keytab

#create a new krb5.keytab for this host in /etc/kerberosV/krb5.keytab

sudo -s

kadmin -p dave/admin

 add --random-key host/continuity.muse.net.nz

 ext --keytab=/etc/kerberosV/krb5.keytab host/continuity.muse.net.nz

 exit

ktutil  -k /etc/kerberosV/krb5.keytab list

chmod 0400 /etc/kerberosV/krb5.keytab

/usr/afs/bin/bosserver -log -syslog -enable_peer_stats -enable_process_stats

/usr/afs/bin/bos listhosts afs1.muse.net.nz -localauth

echo 10.0.0.3>/usr/afs/local/NetInfo

# grant admin rights on local fileserver if not done above

/usr/afs/bin/bos adduser afs1.muse.net.nz dave.afs -localauth

/usr/afs/bin/bos listkeys afs1.muse.net.nz -localauth

kinit --afslog admin/afs

/usr/afs/bin/bos restart afs1.muse.net.nz -all

/usr/afs/bin/bos create afs1.muse.net.nz fs fs \

 /usr/afs/bin/fileserver \

 /usr/afs/bin/volserver \

 /usr/afs/bin/salvager \

 -cell muse.net.nz

/usr/afs/bin/vos listpart afs1.muse.net.nz

/usr/afs/bin/vos listvol -server afs1.muse.net.nz

#add RO replicas

/usr/afs/bin/vos addsite afs1.muse.net.nz /vicepa root.cell

/usr/afs/bin/vos addsite afs1.muse.net.nz /vicepa root.afs

/usr/afs/bin/vos listvol -server afs1.muse.net.nz

/usr/afs/bin/vos release -verbose root.cell

/usr/afs/bin/vos listvol -server afs1.muse.net.nz

/usr/afs/bin/vos release -verbose root.afs

/usr/afs/bin/vos listvol -server afs1.muse.net.nz

MAKE A READ-ONLY PUBLIC AREA

===========================================================

/usr/afs/bin/vos create finn /vicepa root.public -verbose

/usr/afs/bin/vos addsite finn /vicepa root.public -verbose

/usr/afs/bin/vos release root.public

/usr/afs/bin/vos listvol -server finn

fs mkmount /afs/.muse.net.nz/pub root.public -rw

/usr/afs/bin/vos release root.cell --verbose

ll /afs/.muse.net.nz/pub

fs setacl /afs/.muse.net.nz/pub system:anyuser rl

dir /afs/muse.net.nz/pub

/usr/afs/bin/vos create finn /vicepa public.openbsd37 -verbose

/usr/afs/bin/vos setfields public.openbsd37  -maxquota 1000000

/usr/afs/bin/vos addsite finn /vicepa public.openbsd37 -verbose

/usr/afs/bin/vos release public.openbsd37

/usr/afs/bin/vos listvol -server finn

mkdir /afs/.muse.net.nz/pub/OpenBSD/

fs listacl /afs/.muse.net.nz/pub/OpenBSD

fs mkmount /afs/.muse.net.nz/pub/OpenBSD/3.7 public.openbsd37 -rw

fs listacl /afs/.muse.net.nz/pub/OpenBSD/3.7

fs setacl /afs/.muse.net.nz/pub/OpenBSD/3.7 system:anyuser rl

/usr/afs/bin/vos release root.public

dir /afs/muse.net.nz/public

/usr/afs/bin/vos addsite wintermute /vicepa root.public -verbose

/usr/afs/bin/vos addsite wintermute /vicepa public.openbsd37 -verbose

/usr/afs/bin/vos release root.public

/usr/afs/bin/vos release public.openbsd37

/usr/afs/bin/vos listvol -server wintermute

===========================================================

/usr/afs/bin/vos create finn /vicepa public.distfiles -verbose

fs mkmount /afs/.muse.net.nz/pub/distfiles public.distfiles -rw

fs sa /afs/.muse.net.nz/pub/distfiles system:anyuser rl

fs sa /afs/.muse.net.nz/pub/distfiles dave write

MAKE A AFS HOMEDIR USER

===========================================================

/usr/afs/bin/vos listpart wintermute.muse.net.nz

/usr/afs/bin/vos create afs.muse.net.nz /vicepa home.pk -verbose

fs mkmount /afs/.muse.net.nz/home/pk home.pk -rw

/usr/afs/bin/vos listvol -server wintermute

/usr/afs/bin/vos setfields home.pk -maxquota 500000

/usr/afs/bin/pts createuser -name pk

fs setacl /afs/.muse.net.nz/home/pk system:administrators rlidwka

fs setacl /afs/.muse.net.nz/home/pk pk write

/usr/afs/bin/vos release root.home

dir /afs/muse.net.nz/home/pk

CREATING A FEW GROUPS

===========================================================

/usr/afs/bin/pts creategroup system:servers system:administrators

/usr/afs/bin/pts creategroup system:wsrc system:administrators

/usr/afs/bin/pts listent -g

/usr/afs/bin/pts listent -u

/usr/afs/bin/pts createuser 10.0.0.9

/usr/afs/bin/pts createuser 10.0.0.2

/usr/afs/bin/pts add 10.0.0.9 system:servers

/usr/afs/bin/pts add 10.0.0.2 system:servers

/usr/afs/bin/pts mem system:servers

/usr/afs/bin/pts add dave system:wsrc

/usr/afs/bin/pts mem system:wsrc

setting up wsrc

===========================================================

fs la /afs/.muse.net.nz/i386_obsd37

 Access list for /afs/.muse.net.nz/i386_obsd37 is

 Normal rights:

   system:wsrc rlidwk

   system:servers rl

   system:administrators rlidwka

   system:authuser rl

debugging

===========================================================

bosserver -log -enable_peer_stats -enable_process_stats -nofork

config files

===========================================================

file:/usr/afs/etc/CellServDB

>muse.net.nz		# dave & veronika

>ualberta.ca		# University of Alberta

>stacken.kth.se		# Royal Institute of Technology Computer Club

>su.se			# Stockholm University

>openafs.org		#

file:/usr/afs/etc/ThisCell

muse.net.nz

file:/usr/afs/etc/SuidCells

file:/usr/afs/etc/CellAlias

muse.net.nz	muse

file:/usr/afs/etc/afsd.conf

high_vnodes	12000

low_vnodes	9000

high_bytes	6000M

low_bytes	1000M

numcreds	100

numconns	100

numvols		100

fetch_block	4M

file:/usr/vice/etc/

CellServDB -> /usr/afs/etc/CellServDB

KeyFile -> /usr/afs/etc/KeyFile

ThisCell -> /usr/afs/etc/ThisCell

libafs.o

file:/etc/afs/

CellServDB -> /usr/afs/etc/CellServDB

SuidCells -> /usr/afs/etc/SuidCells

ThisCell -> /usr/afs/etc/ThisCell

afsd.conf -> /usr/afs/etc/afsd.conf

OPENBSD39 PACKAGE

===========================================================

file:/etc/sysctl.conf

ddb.panic=0                     # 0=Do not drop into ddb on a kernel panic

kern.maxfiles=102400		# increase maximum files

file:/etc/login.conf

daemon:\

     :openfiles-cur=1280:\

CREATE CLIENT PACKAGE

===========================================================

tar cvzf /tmp/openafs.muse.cfg.tar.gz /etc/openafs /etc/kerberosV/krb5.conf /var/openafs /etc/afs

KAS=/usr/local/sbin/kas

BOS=/usr/afs/bin/bos

FS=/usr/local/bin/fs

VOS=/usr/afs/bin/vos

PTS=/usr/afs/bin/pts

mkdir -m 700 /var/openafs /usr/afs/db

mkdir -m 755  /etc/openafs /etc/openafs/server /var/openafs/{local,server,cache}

/bin/echo "/afs:/var/openafs/cache:198112" > /etc/openafs/cacheinfo

/bin/echo muse.net.nz> /etc/afs/ThisCell

/bin/echo ">muse.net.nz            #where great ideas come together">> /etc/afs/CellServDB

ln -s /etc/afs/CellServDB /usr/afs/etc/CellServDB

ln -s /etc/afs/ThisCell /usr/afs/etc/ThisCell

ln -s /etc/afs/CellServDB /usr/afs/CellServDB

ln -s /etc/afs/ThisCell /usr/vice/etc/ThisCell

ln -s /etc/openafs/server/KeyFile /etc/openafs/KeyFile

mv /usr/sbin/fs /usr/sbin/fs.arla

mv /usr/sbin/bos /usr/sbin/bos.arla

mv /usr/sbin/vos /usr/sbin/vos.arla

mv /usr/sbin/pts /usr/sbin/pts.arla

echo 10.0.0.8>/usr/afs/local/NetInfo

echo 127.0.0.1>/usr/afs/local/NetRestrict

scp continuity:/etc/openafs/server/KeyFile /etc/openafs/server/

/usr/afs/bin/bosserver

pgrep boss

# grant admin rights on local fileserver if not done above

/usr/afs/bin/bos adduser afs.muse.net.nz dave.afs -localauth

/usr/afs/bin/bos listkeys afs.muse.net.nz -localauth

/usr/afs/bin/bos restart afs.muse.net.nz -all -localauth

/usr/afs/bin/bos create afs.muse.net.nz fs fs \

 /usr/afs/bin/fileserver \

 /usr/afs/bin/volserver \

 /usr/afs/bin/salvager \

 -localauth

/usr/afs/bin/vos listpart afs.muse.net.nz

/usr/afs/bin/vos listvol -server afs.muse.net.nz

/usr/afs/bin/bos shutdown afs.muse.net.nz -localauth

/usr/afs/bin/bos restart afs.muse.net.nz -all

setting up & using Kerberos V on OpenBSD is a piece of cake. With this info, you should also be able to get k-enabled OpenAFS and ssh working too.

references:
OpenBSD FAQ
Heimdal reference
running AFS on NetBSD
AFS install wiki

KerberosV===========================================================http://www.openbsd.org/faq/faq10.html#Kerberos

http://www.pdc.kth.se/heimdal/heimdal.html

http://kula.public.iastate.edu/talks/afs-bpw-2005/afs-bpw-2005-iowa.html

http://www.dementia.org/twiki/bin/view/AFSLore/KerberosAFSInstallfile:/etc/kerberosV/krb5.conf

[libdefaults]

default_realm = MUSE.NET.NZ

ticket_lifetime = 6000

clockskew = 300

[appdefaults]

afs-use-524 = no

afslog = yes

[realms]

MUSE.NET.NZ = {

supported_keytypes = des:normal des-cbc-crc:v4 des-cbc-crc:afs3

kdc = kerberos.muse.net.nz

admin_server = kerberos.muse.net.nz

kpasswd_server = kerberos.muse.net.nz

}

[domain_realm]

.muse.net.nz = MUSE.NET.NZ

[kadmin]

default_keys = v5 afs3

afs-cell = muse.net.nz

[logging]

kadmind = FILE:/var/heimdal/kadmind.log

[kdc]

require-preauth = no

v4-realm = MUSE.NET.NZ

afs-cell = muse.net.nz

===========================================================

mkdir /var/heimdal

chmod 700 /var/heimdal

cd /var/heimdal

kstash

bak2Quoizniarot.

kadmin -l

init MUSE.NET.NZ

add --use-defaults admin/krb

add --use-defaults admin/afs

add --use-defaults dave

add --use-defaults veronika

add --use-defaults pk

add --random-key --use-defaults host/kerberos.muse.net.nz

add --random-key --use-defaults host/wintermute.muse.net.nz

add --random-key --use-defaults host/sendai.muse.net.nz

add --random-key --use-defaults host/straylight.muse.net.nz

add --random-key --use-defaults host/continuity.muse.net.nz

add --random-key --use-defaults host/finn.muse.net.nz

ext --keytab=/etc/kerberosV/krb5.keytab host/finn.muse.net.nz

ext --keytab=/etc/kerberosV/krb5.keytab host/continuity.muse.net.nz

ext --keytab=/etc/kerberosV/krb5.keytab host/kerberos.muse.net.nz

ext --keytab=/etc/kerberosV/krb5.keytab host/sendai.muse.net.nz

ext --keytab=/etc/kerberosV/krb5.keytab host/straylight.muse.net.nz

exit

chmod 0400 /etc/kerberosV/krb5.keytab

cd /tmp

sudo nohup /usr/libexec/kdc &

sudo nohup /usr/libexec/kadmind &

sudo nohup /usr/libexec/kpasswdd &

file:/var/heimdal/kadmind.acl

admin/krb@MUSE.NET.NZ		all

muffin/admin@MUSE.NET.NZ	all		*/

joe/admin@MUSE.NET.NZ		all		*@MUSE.NET.NZ

jim/admin@MUSE.NET.NZ		all		*/*@MUSE.NET.NZ

jon/admin@MUSE.NET.NZ		change-password	*@MUSE.NET.NZ

for each host to be member of KRB farm

===========================================================

use same /etc/kerberosV/krb5.conf

sudo kadmin -p admin/krb@MUSE.NET.NZ

add --random-key  --use-defaults host/afsdb.muse.net.nz

ext --keytab=/etc/kerberosV/krb5.keytab host/afsdb.muse.net.nz

exit

#chmod 0400 /etc/kerberosV/krb5.keytab

USING KERBERISED SSH

===========================================================

file:/etc/ssh/sshd_config

# Kerberos options

#KerberosAuthentication no

KerberosAuthentication yes

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes

#KerberosGetAFSToken no

KerberosGetAFSToken yes

# GSSAPI options

#GSSAPIAuthentication no

GSSAPIAuthentication yes

#GSSAPICleanupCredentials yes

file:/etc/ssh/ssh_config

Host *

GSSAPIAuthentication yes

GSSAPIDelegateCredentials yes

# testing it all works

kinit -fp --afslog dave

klist -vT

# disable your .ssh/ for a moment

ssh -v kerberos.muse.net.nz

debug1: Authentications that can continue: publickey,gssapi-with-mic,password,keyboard-interactive

debug1: Next authentication method: gssapi-with-mic

debug1: Delegating credentials

debug1: Delegating credentials

debug1: Authentication succeeded (gssapi-with-mic).