Debian Linux and MOSAIC at UNCC

  1. assume the identity of the root user by typing “su” and providing the root password
  2. one must have installed the following debian packages (available on 8/24/2007)
  * openafs-modules-source
  * openafs-client
  * openafs-krb5
  * krb5-config
  * krb5-user
  * module-assistant
  * openafs-modules-dkms <needed for Ubuntu Version 9.10 or higher>
  1. Upon installing openafs-client, you will be prompted for the AFS cell that this workstation belongs to. Respond to this query.
  2. The suggested default cache size should be ok for you so just press enter when you are asked about this.
  3. Go to the /usr/src directory (root# cd /usr/src)
  4. Compile and install the openafs kernel module for your system using the module-assistant (root# sudo m-a auto-install openafs)
  5. Go to the /etc directory (root# cd /etc)
  6. Move the old kerberos configuration file out of the way (root# sudo mv krb5.conf krb5.conf.orig)
  7. Replace this file with a new one (root# sudo vi krb5.conf)
  8. Copy the contents of this webpage and place it in the file : into the file “krb5.conf” located in the /etc directory. Alternatively, the contents of this file are also available at the bottom of this wiki.
  9. Restart the openafs services (root# sudo /etc/init.d/openafs-client restart)
  10. Assume your regular identity by typing “exit” or “su <username>” and providing your password
  11. Type “kinit <username>” followed by “aklog” to authenticate your computer to MOSAIC and access your MOSAIC files.
  12. To link from your home directory directly to your MOSAIC directory see the adduser wiki entry : adduser.

Contents of the krb5.conf file for UNCC.

    kinit = {
      forwardable = true
    pam = {
      afs_cells =
      ccache_dir = /tmp
      forwardable = true
      tokens = sshd
      external = sshd

    noaddresses = true
    default_realm = UNCC.EDU
#    default_tkt_enctypes = des-cbc-crc
#    default_tgs_enctypes = des-cbc-crc
    krb4_convert = false
    forward = true
    forwardable = true
    renew_lifetime = 7d
    ticket_lifetime = 7d
    allow_weak_crypto = true

    UNCC.EDU = {
        kdc =
        kdc =
        kdc =
        admin_server =
        default_domain =

[domain_realm] = UNCC.EDU = UNCC.EDU
