Final HowTo: I'll shut up about AFS on MacOS X now.

Henry B. Hotz hotz at jpl.nasa.gov
Sat Jun 16 01:58:54 CEST 2001 

How to install the Arla AFS client on MacOS X.

If you aren't at JPL then substitute your own AFS server information.

The following are instructions for compiling from source.  Now that 
the MacOS X stuff has made it into an official Arla release it may be 
better for people to just install the binary package (which I think 
puts everything into /usr/arla) and use the MacOS X GUI tool 
(/usr/arla/Arla Configuration) provided.  This will require adding 
/usr/arla/bin to everyone's $PATH.  You don't need to create the 
/Library/StartupItems stuff described below, but you *will* need to 
fix the files in /etc.

If you're like me and want to do everything yourself and put it into 
a location of your own choosing this is how to do it.

# In the netinfo manager utility, Domain->Security->Enable Root User.
su	# I actually suggest you only do this during make install
mkdir /usr/local/share				# Optional
ln -s /usr/local/man /usr/local/share/man	# Optional
mkdir&cd /usr/local/dist
# I prefer to build stuff and only su for the make install step.
ftp://ftp.pdc.kth.se/pub/krb/src/krb4-1.0.6.tar.gz   # 1.0.8 doesn't work
ftp://ftp.stacken.kth.se/pub/arla/arla-0.35.4.tar.gz # or newer
tar zxvf krb4*
tar zxvf arla*
cd k*6
patch -l -p0 <patches-attached-to-this-meeessage
# These patches fix a hard dependence on the arla install path.
setenv CFLAGS -D_PATH_ARLA_VICE=\'\"/usr/local/\"\'
./configure --prefix=/usr/local
make
make install
pushd /usr/local/lib
ranlib *	# Something to do with TOC dates.
cd /etc
in krb.conf:
	replace first line with JPL.NASA.GOV
	replace jpl line with 'JPL.NASA.GOV kerberos.jpl.nasa.gov'
in realms.conf:
	add line '.jpl.nasa.gov JPL.NASA.GOV'
popd
# You should be able to do kinit/klist/kdestroy with your AFS login now.
cd ..
mkdir&cd arlabuild
# I have no corresponding patches to fix hard-path dependencies for Arla.
unsetenv CFLAGS				# Causes conflicts otherwise.
../a*4/configure --prefix=/usr/local --with-krb4=/usr/local --without-krb5
# Replace 'a*4' above as needed for the actual version you got.
make
# ubc_ nested declaration errors are normal.
ln -s /usr/local /usr/arla		# Ugly, but advisable without patches.
make install
cd /usr/local/etc
echo "jpl.nasa.gov" >ThisCell
echo "jpl.nasa.gov" >DynRootDB		# Needed if you add -D to the
echo "transarc.com" >>DynRootDB		# arlad startup command.
mkdir /afs
# At this point you can use arla-cli to look through AFS

startarla				# Script in /usr/local/sbin
/usr/sbin/disktool -a xfs /afs 0	# Optional, forces Finder update
# At this point you are fully running.

# In order to make AFS start automatically at boot:
mkdir&cd /Library/StartupItems/Arla
# Create an executable shell script named Arla to start Arla:

#!/bin/sh
# -- Start Arla AFS services.

ConsoleMessage "Starting Arla file system"

/usr/local/sbin/startarla
/usr/sbin/disktool -a xfs /afs 0

# The MacOS X overview says they reserve the right to change these
# scripts so they will be called during shutdown like SysV init scripts,
# but that's not true yet.

# Use the PropertyListEditor from the development tools to create a
# StartupParameters.plist file with the following:
{
     Description = "Arla network filesystem";
     Messages = {start = "Starting Arla file system"; stop = "Stopping 
Arla file system"; };
     OrderPreference = None;
     Provides = (AFS);
     Requires = (Resolver, Network);
     Uses = ("Network Time");
}

# Copy the current cellServDB file from Transarc.
cp /afs/transarc.com/service/etc/CellServDB /usr/local/etc/CellServDB

# Open Items and other notes.

# Use the NetInfo Manager utility to add the contents of 
/usr/local/dist/krb4-1.0.6/etc/services.append and 
/usr/local/dist/arla-0.35.4pre1/conf/services to /services following 
the template of the other definitions there.  Except. . .

# That was the official instruction.  This is very tedious with the 
GUI and I only actually modified the kerberos entry to also include 
kerberos-iv for port 750 instead of adding all the stuff in the krb4 
.append file.  I also used the warning messages from the arla-cli 
tool instead of the conf/services file from arla to add what I needed 
to keep their tools quiet.  Everything has good defaults and will 
work anyway.
# I've found that just adding the kerberos-iv name to the list of 
names in /services/kerberos is sufficient for the klog and tokens 
commands that most users deal with.  The kth-krb and arla packages 
have proper defaults in the code for everything.
# There should be a command line way to do this but I haven't found it yet.

# There should be a way to point the built-in kerberos at the AFS 
kaserver.  But the built-in is MIT kerberos 5, and doesn't seem to 
have the AFS string-to-key function.  (Or else I goofed up the 
/etc/krb5.conf file when I tried.)  This is probably an easy fix in 
the Darwin source code using a patch that is reputed to be available 
from umich.edu.  (Pity that Apple used the MIT code instead of 
heimdal for kerberos 5.)  Any volunteers to fix this?

# If you already have a kerberos ticket you can do aklog (or afslog 
if my patches are applied) to get a token without retyping your 
password.

# There is an Arla Configuration application that will show up in 
/usr/local/.  It seems to be unable to do its job in the presence of 
the startup script and plist I created above.  It also has some paths 
to /usr/arla canned into it that the --prefix configure option does 
not override.
# The 'ln -s /usr/local /usr/arla' I suggested above will fix at 
least some of the side effects of hard coded paths in the source. 
There is still a problem that it expects the startup stuff to be in 
/System/Library... instead of /Library... and the shell script and 
property list I give above are probably not what it expects.

# As is usual when AFS is installed you don't want to randomly do a 
find / ... for things because it searches a large amount of the 
network under /afs and takes forever.  I've found that a find -x / 
... will exclude afs nicely under MacOS X.

# I have found it useful to use the netinfo manager to change my 
userid to match my AFS userid.  Then you do a 'find -x / -user 501 
-exec chown <your-user-name> {} \; -print'.  Use the right old userid 
if it wasn't 501.  There may also be a temp directory with the name 
'501' that can be deleted.

# Enjoy.  I won't say the package has been trouble-free, but the 
obvious problems were with pre-release versions, and have been far 
outweighed by the problems caused by the IPN-ISD firewall.  Many 
thanks to the folks at kth.se for the software!
%patch
patch

__________________________________________________________
The opinions expressed in this message are mine,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bin00001.bin
Type: application/octet-stream
Size: 950 bytes
Desc: "Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu"
Url : http://lists.stacken.kth.se/pipermail/arla-drinkers/attachments/00000000/ecfbbe7e/bin00001.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bin00000.bin
Type: application/octet-stream
Size: 115 bytes
Desc: "not those of Caltech, JPL, NASA, or the US Government."
Url : http://lists.stacken.kth.se/pipermail/arla-drinkers/attachments/00000000/ecfbbe7e/bin00000.bin

More information about the Arla-drinkers mailing list