Computing/Athena

Kerberos
Installing Kerberos On Mac 0S X - CSAIL page

Linux

 * Kerberos for RedHat Linux
 * Debian Kerberos Configuration - CSAIL page
 * Athena Linux Differences: Variant Packages Detail

AFS
It is now possible to access Athena lockers on shmoo or habanero (Linux machines). This means that you can simply copy (instead of sftp/scp) files to and from your Athena home directory when you are logged in to either machine. Also, you can use any Athena software which runs on Linux by attaching an appropriate locker.

Here's what you need to do to attach a locker (in this example, locker is your Athena home directory):

1. Obtain Kerberos tickets $ kinit mitusername

2. Obtain AFS tokens $ aklog mitusername

3. Attach your Athena home directory (here lockername = mitusername) $ afslocker lockername

Now your Athena home directory should be accessible at /mit/lockername

See the links below for more details:
 * AFS at MIT: An Introduction
 * OpenAFS 1.2.10 for Red Hat Linux: Getting Started

User accounts
AFS will work properly only if local user IDs match Athena user IDs. Here are the steps one should take to create accounts on Linux machines in the lab.

Create group called Athena with id 101 in /etc/groups (necessary to do only once per machine):
 * 1) groupadd -g 101 Athena

Get UID/GID on Athena: $ hesinfo username passwd

Create local account: where UID is the Athena user ID obtained in the previous step
 * 1) useradd username -u UID -g Athena -c "Firstname Lastname"
 * 2) adduser --uid UID --ingroup athena username (in Ubuntu/Debian)

Optionally, assign a local password (allows logins when the network is down):
 * 1) passwd username

Modifying existing accounts may be necessary, if they were created without following the procedure above. Here's how to do it.

Change uid/gid for the existing user: Any files which the user owns and which are located in the directory tree rooted at the user’s home directory will have the file user ID changed automatically. Files outside of the user’s home directory must be altered manually.
 * 1) /usr/sbin/usermod -u uid -g Athena username

Record first and last names:
 * 1) /usr/bin/chfn username

Change ownership on files belonging to the user outside home dir (except files in /var/spool/mail in RedHat): or To do:
 * 1) find / -uid old_id -exec chown username:Athena {} \;
 * 1) find / -uid old_id | xargs chown username:Athena
 * exclude /mnt from search (workaround: umount /mnt/bionet /mnt/shmoo)

Delete old group of the user from /etc/group if necessary.
 * 1) /usr/sbin/groupdel groupname

Windows
Installing Kerberos For Windows - CSAIL page