Introduction
Here are most of the parts that will eventually become a Unity Support
Install. Nothing is automatic, you must install and configure each
piece of software by hand. Hand installation requires use of
the
command line. If you are not comfortable this command line do
not
attempt theses installs, wait until we have a package install ready
at a
latter time!
How to install manually:
0) Prepare the MacOS X box by installing at least MacOS X version
10.1.3.
Create a machine owner username (also called machine administrator
userid) during
the install process called admin (CAUTION do not use the word administrator
for
the long or short name) with a password you will remember but is secure.
After the install is complete use the Users System Preferences Panel
to create 2 more users.
One of the id's should be named "help" and be able to administer the
machine. Help is an
emergency login incase there are problems with any software installs.
The third
id should be the same name as your unity id.
NOTE: In the future local ids will not be needed as we are working
to build a directory services
plug-in which will dynamicly lookup users and their info in hesiod.
1) Install Kerberos for Macintosh(KfM) using the installer from
http://web.mit.edu/macdev/Development/MITKerberos/Common/Documentation/download.html
You must remember the machine administrator name and password
created earlier.
2) After the KfM install. Replace /Library/Preferences/edu.mit.Kerberos
with the edu.mit.Kerberos file from
ftp://ftp.ncsu.edu/pub/unity/lockers/project/netatalk/public/conf.macosx.tar.gz
From Termainal application:
cd to the folder where you unstuffed conf.macosx.tar.gz
ls to make sure you can find edu.mit.Kerberos
sudo cp edu.mit.Kerberos /Libray/Preferences/
Type the admin name and/or password when asked.
3) Now in the Finder open Applications and run Kerberos.
In the Edit
Menu select Edit Favorite Realms... Under All Available Realms,
select
EOS.NCSU.EDU and press the Add button. Now in Favorite Realms
select
MIT.EDU and press Remove. Now press Done button.
4) To test kerberos just press the Get Tickets... button and
login with
your Unity id. You should see at least one entry like below in
the
Tickets pane of the Kerberos Window:
krbtgt.EOS.NCSU.EDU@EOS.NCSU.EDU 9:58
If this works then you have kerberos V4 and V5 support installed.
The command line kerberos packages, kinit, klist and kdestroy should
work as well as the graphic tools.
5) To install OpenAfS use the OpenAFS.pkg from
http://openafs.org/
or directly at
http://openafs.org/dl/openafs/1.2.3/macos-10.1/OpenAFS.pkg.tar
WARNNING DO NOT restart the computer or the Finder will hang for 30
minutes!!.
6) Now to configure OpenAFS for Unity at NC State University
open a
terminal window, change to the folder where you unstuffed
ftp://ftp.ncsu.edu/pub/unity/lockers/project/netatalk/public/conf.macosx.tar.gz
and type:
sudo cp ThisCell /var/db/openafs/etc
sudo cp CellServDB /var/db/openafs/etc/
7) Restart the computer and login as admin again.
8) Download ftp://ftp.ncsu.edu/pub/unity/lockers/project/netatalk/public/aklog.macosx.tar.gz
and unstuff it.
9) Next install aklog.
In terminal application:
cd to the folder where you unstuffed aklog.macosx.tar.gz
ls to make sure you can find aklog
sudo cp aklog /usr/bin/aklog
10) If you want to be able to login to the MacOS X computer with
your
Unity Id and password then follow the instructions in
http://web.mit.edu/macdev/Development/MITKerberos/LoginAuthenticator/Documentation/using.html
Which are essentially:
=====
A) Set up a Mac OS X user with the same "short name" as your Unity=====
Kerberos username. That we talked about above.
The password for this user should be something secure and that you can
remember, since this password will be used if your machine is
disconnected from the network and cannot communicate with the Kerberos
server. You could make it the same as your Kerberos password, although
this reduces the security of Kerberos because your password will be
stored on the local disk.
B) Open System Preferences.
C) Select the "Login" pane.
D) Select the "Login Window" tab.
E) Uncheck "Automatically log in".
F) Select the "Name and password entry fields" radio button.
G) From Terminal.app type (all as one line):
sudo defaults write com.apple.loginwindow AuthenticatorBundle
/System/Library/Authenticators/Kerberos.loginAuthenticator
This will ask for your administrator password and then enable the
Kerberos login authenticator.
11) Next find out some information about your unity id that you
will
need to make sure all your file premissions match up as below.
Be very
careful with these steps as you do not want to lock yourself out of
your
files!! From terminal window type:
host -c hs -t txt <unityid>.passwd.ns.eos.ncsu.edu
replacing <unityid> with your unity id (no <>'s).
You should see something like:
tester.passwd.ns.eos.ncsu.edu descriptive text
"tester:*:19041:108:System Tester:/ncsu/tester:/bin/tcsh"
the number after the * between the :'s is your unique unix id number,
write it down.
12) Now you need to set up a group id on the local computer to
match the
group id's in AFS. Note: This is extremely dangerous as you could
lock
yourself out of your data on the local hard disk by unix permissions!
To do this open /Applications/Utilities/NetInfo Manager and click the
lock icon in the lower left to unlock the local database. Click
on
groups in the directory browser, click on mail in the next column and
select Edit:Duplicate. Now click on mail copy and edit Name to
change
it to ncsu and change the gid to 108. Save the changes.
13) Now use the unique unix id number you found in step 11 to
change
your unix id number on the local machine to match the one used for
you
in AFS. Caution you must be logged in as a machine administrator
whose
id is not the same as your unity id!!! Still in NetInfo Manager
click
on the users entry in the directory browser and find the id created
earlier that is the same as your unity id. Click on the id and
edit the
uid to be the same as the unique unix id number and edit the gid to
108.
Save and click the lock icon to relock the local database before
quitting.
Next in a terminal window:
sudo chgrp -R 108 /Users/<unityid>
sudo chown -R <unique unix id number> /Users/<unityid>
This is it. Now login to the machine with your unity id and password.
You home space in afs will have the same owner and group ids as your
local home account.
What will NOT happen:
- Clicking the home icon in the finder takes you to /Users/<uid>
not
/afs/unity/users/<u>/<uid>
- AFS credentials (tokens) will not be automatically aquired on login.
You must run aklog from Terminal application first.
AFS is a bit slow so you might not want to always have it running.
If you do you can get tokens automatically on login by downloading
and unstuffing:
ftp://ftp.ncsu.edu/pub/unity/lockers/project/netatalk/public/kauth.tar.gz
Put the resulting kAuth application into /Applications
You must also create a unix text file called edu.ncsu.graklog in /Library/Preferences
which looks like this:
unity.ncsu.edu
eos.ncsu.edu
bp.ncsu.edu
Then login as your unity id.
Open System Preferences and select the Login pane.
in the Login Items tab click Add...
Select /Applications/kAuth and add to the items run automatically on
login.
Do not add this to your admin accounts in case of trouble or for when
you are not on network.
NC State ITD is developing this software and it may still have bugs!
- The listing of files stored in AFS by the Finder will not be fast
until
cache is filled.
Enjoy