= Installing and Using DICE AFS on a laptop/home linux Machine =

This is what to do with Ubuntu Linux (tested on 7.10), but it will be very close to what is needed with other distributions. 

== Install: ==

 1. Install kerberos version 5 client and config (These ubuntu packages that start with krb5).
 2. Install the DICE authentication certificates.
 3. install Open AFS (ubutu packages: openafs-krb5 openafs-client ... )
 4. The Dream group AFS space is at: /afs/inf.ed.ac.uk/group/dreamers/ 

== Configure: ==
 1. Setup your kerberos file (/etc/krb5.conf) - thanks to Graham Dutton.

{{{
[logging]
  default = FILE:/var/log/krb5libs.log

[libdefaults]
  default_realm = INF.ED.AC.UK
  dns_lookup_realm = false
  dns_lookup_kdc = true
  ticket_lifetime = 64800
  forwardable = yes

  default_tkt_enctypes = des3-cbc-sha1 des-cbc-crc
  default_tgs_enctypes = des3-cbc-sha1 des-cbc-crc

[realms]
  INF.ED.AC.UK = {
    admin_server = kdc.inf.ed.ac.uk:749
    default_domain = inf.ed.ac.uk
  }

[domain_realm]
  .inf.ed.ac.uk = INF.ED.AC.UK

[capaths]
  INF.ED.AC.UK = {
    ED.AC.UK = EASE.ED.AC.UK
  }
  ED.AC.UK = {
    INF.ED.AC.UK = EASE.ED.AC.UK
  }

[appdefaults]
  pam = {
    debug = false
    ticket_lifetime = 64800
    renew_lifetime = 64800
    forwardable = true
    krb4_convert = false
  }

[login]
  krb4_convert = false
  krb4_get_tickets = false
}}}

 5. Setup your afs cell by making the file {{{/etc/openafs/ThisCell}}} contain exactly: {{{inf.ed.ac.uk}}}

 6. Plug open AFS in to the kernel by running the command: {{{m-a prepare}}} then {{{m-a a-i openafs}}}. 

 7. Run the command: {{{/etc/init.d/openafs-client start}}}. This will start a collection of background processes ({{{afs*}}}). You may want to stop these if your laptop is frequently not connected to the net ({{{/etc/init.d/openafs-client stop}}}). If you upgrade your kernel, you might need to re-run these commands. 

 8. (Optional) Make ssh use Kerberos for authentication. Not doing so can cause various oddities in authentication; such as CVS with ssh giving strange warnings. To do this add the following to your {{{~/.ssh/config}}} file:

{{{
GssapiDelegateCredentials yes
}}} 

== Using AFS: ==

 1. Run the command: {{{kinit USERNAME}}} to login and authenticate with the DICE AFS cell inf.ed.ac.uk
 2. Run the command {{{aklog}}} to get a ticket. 
 3. You can now {{{cd /afs/inf.ed.ac.uk/}}} and you are in the inf.ed.ac.uk AFS space!
 4. You might want to stop AFS when you go offline: {{{/etc/init.d/openafs-client stop}}}, or restart it if it is not started up by default: {{{/etc/init.d/openafs-client restart}}}