AFS Setup for CRC account on Ubuntu/Linux Mint/etc.

NOTE: These instructions are very out-of-date and may not work!

-1. [Recommended] Update packages (especially if a new installation).
    

    
    sudo apt-get update
    sudo apt-get upgrade
    sudo apt-get dist-upgrade
    		

0. [Recommended] Add the OpenAFS stable PPA for better kernel support.
   

   
   sudo add-apt-repository ppa:openafs/stable
   sudo apt-get update
   		

1. Install the following packages:
   

   
   sudo apt-get install csh libpam-krb5 krb5-user openafs-client openafs-fileserver openafs-krb5 openafs-modules-dkms libpam-afs-session
   		

   When installing and configuring, it will ask for some default settings. The default Kerberos version 5 realm is CRC.ND.EDU, the workstation belongs to the AFS cell crc.nd.edu, and the CRC suggests an AFS cache size of 3 GB (3000000 kB).


2. Switch to root user, as most commands require this.
   

   
   sudo su
   		

3. Set default AFS directory (default setup, not Transarc).
   

   
   AFS=/usr/local/etc/openafs
   		

4. Add configuration files.
   

   
   mkdir -p ${AFS}
   echo "crc.nd.edu" > ${AFS}/ThisCell
   echo "crc.nd.edu     #University of Notre Dame - Center for Research Computing
   129.74.85.34   #afsdb1.crc.nd.edu
   129.74.85.35   #afsdb2.crc.nd.edu
   129.74.85.36   #afsdb3.crc.nd.edu" > ${AFS}/CellServDB
   		

5. Add the group "campus".
   

   
   CRCGID=1313
   groupadd -g ${CRCGID} campus
   		

6. Find the following values in /afs/crc.nd.edu/common/etc/passwd and save the values in the following variables.
   (format CRCUSER:x:UID:GID:CRCNAME:home_path:CRCSHELL)
   

   
   CRCUSER=
   CRCUID=
   CRCNAME=
   CRCSHELL=
   		

7. Add the user. (If user is not added to group, use the second command, as well.)
   

   
   useradd -u ${CRCUID} -g ${CRCGID} -c "${CRCNAME}" -d /afs/crc.nd.edu/user/${CRCUSER:0:1}/${CRCUSER} -s ${CRCSHELL} ${CRCUSER}
   usermod -aG ${CRCGID} ${CRCUSER}
   		

8. Set up configuration for Kerberos tokens. Copy the following file to /etc/krb5.conf, overwriting the ATHENA.MIT.EDU defaults.
   

   
   #Krb5.conf v1.0
   [appdefaults]
   	debug = false
   	forward = true
   	forwardable = true
   	ticket_lifetime = 30d
   	renew_lifetime = 30d
   
   [libdefaults]
   	forwardable = true
   	dns_lookup_realm = false
   	dns_lookup_kdc = true
   	default_realm = CRC.ND.EDU
   	ticket_lifetime = 30d
   	renew_lifetime = 30d
   	default_tkt_enctypes = aes256-cts-hmac-sha1-96 des3-hmac-sha1 des-cbc-crc
   	default_tgs_enctypes = aes256-cts-hmac-sha1-96 des3-hmac-sha1 des-cbc-crc
   	allow_weak_crypto = yes
   
   [realms]
   
   	CRC.ND.EDU = {
   		kdc = kerberos.crc.nd.edu:88
   		kdc = kerberos-1.crc.nd.edu:88
   		kdc = kerberos-2.crc.nd.edu:88
   		admin_server = kerberos.crc.nd.edu:749
   	}
   
   	ND.EDU = {
   		kdc = kerberos.nd.edu:88
   		kdc = kerberos-1.nd.edu:88
   		kdc = kerberos-2.nd.edu:88
   		admin_server = kerberos.nd.edu:749
   	}
   
   [domain_realm]
   	.crc.nd.edu = CRC.ND.EDU
   	.helios.nd.edu = ND.EDU
   		

9. Activate the AFS cell. (Will need to enter user's password with kinit!)
   

   
   kinit ${CRCUSER}@CRC.ND.EDU
   
   /etc/init.d/openafs-client force-start
   aklog
   		

10. Change startup files.
    

    
    rm /opt/crc
    ln -s /afs/crc.nd.edu/x86_64_linux /opt/crc
    rm /usr/local/Startup
    ln -s /afs/crc.nd.edu/x86_64_linux/usr/local/Startup /usr/local/Startup
    		

11. [Optional] Add user to sudo group.
    

    
    usermod -aG sudo ${CRCUSER}
    		

12. [Optional] Fix some root GUI issues.
    

    
    echo "xhost +local:" >> /afs/crc.nd.edu/user/${CRCUSER:0:1}/${CRCUSER}/.profile