openafs/doc/man-pages/pod5/ThisCell.pod

=head1 NAME

ThisCell - Defines the local cell name

=head1 DESCRIPTION

The F<ThisCell> file defines the local cell name.  There are two versions
of this file, one for a AFS client and one for an AFS server.

=head2 Client ThisCell

The client version of the F<ThisCell> file defines the complete Internet
domain-style name (for example, C<abc.com>) of the cell to which the local
client machine belongs. It must reside in the F</usr/vice/etc> directory
on every AFS client machine. To change a client machine's cell membership,
edit the file and reboot the machine.

The file is in ASCII format and contains a character string on a single
line. The I<IBM AFS Quick Beginnings> instructs the administrator to
create it during the installation of each client machine.

The client machine's cell membership determines three defaults important
to its functioning:

=over 4

=item *

The cell in which the machine's users authenticate by default.  The effect
is two-fold:

=over 4

=item *

The AFS-modified login utilities and the klog command interpreter contact
an Authentication Server in the cell named in the F<ThisCell> file (unless
B<-cell> argument to the B<klog> command specifies an alternate cell).

=item *

The command interpreters combine the cell name with the password that the
user provides, generating an encryption key from the combination. For
authentication to succeed, both the cell name and password must match the
ones used to generate the user's encryption key stored in the
Authentication Database.

=back

=item *

The cell the Cache Manager considers its local, or home, cell. By default,
the Cache Manager allows programs that reside in its home cell to run with
setuid permission, but not programs from foreign cells. For more details,
see the B<fs getcellstatus> and B<fs setcell> reference pages.

=item *

Which AFS server processes the local AFS command interpreters contact by
default as they execute commands issued on the machine.

=back

The client version of the F<ThisCell> file is distinct from the server
version, which resides in the F</usr/afs/etc> directory on each AFS server
machine. If a server machine also runs as a client, it is acceptable for
the server and client versions of the file on the same machine to name
different cells. However, the behavior that results from this
configuration can be more confusing than useful.

=head2 Server ThisCell

The server version of the F<ThisCell> file defines the complete Internet
domain-style name (for example, C<abc.com>) of the cell to which the
server machine belongs. It must reside in the F</usr/afs/etc> directory on
every AFS server machine.

The file is in ASCII format and contains a character string on a single
line. The initial version of the file is created with the B<bos
setcellname> command during the installation of the cell's first file
server machine, and the I<IBM AFS Quick Beginnings> includes instructions
for copying it over to additional server machine during their
installation.

The only reason to edit the file is as part of changing the cell's name,
which is strongly discouraged because of the large number of configuration
changes involved. In particular, changing the cell name requires
rebuilding the entire Authentication Database, because the Authentication
Server combines the cell name it finds in this file with each user and
server password and converts the combination into an encryption key before
recording it in the Database.

=head1 SEE ALSO

L<bos_setcellname(8)>,
L<fs_getcellstatus(1)>,
L<fs_setcell(1)>

=head1 COPYRIGHT

IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

This documentation is covered by the IBM Public License Version 1.0.  It was
converted from HTML to POD by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.