<!-- Begin Header Records ========================================== -->
<!-- /tmp/idwt3574/auqbg000.scr converted by idb2h R4.2 (359) ID -->
<!-- Workbench Version (AIX) on 2 Oct 2000 at 12:25:35 -->
<METAHTTP-EQUIV="updated"CONTENT="Mon, 02 Oct 2000 12:25:35">
<METAHTTP-EQUIV="review"CONTENT="Tue, 02 Oct 2001 12:25:35">
<METAHTTP-EQUIV="expires"CONTENT="Wed, 02 Oct 2002 12:25:35">
</HEAD><BODY>
<!-- (C) IBM Corporation 2000. All Rights Reserved -->
<BODYbgcolor="ffffff">
<!-- End Header Records ============================================ -->
<ANAME="Top_Of_Page"></A>
<H1>Quick Beginnings</H1>
<HR><PALIGN="center"><AHREF="../index.htm"><IMGSRC="../books.gif"BORDER="0"ALT="[Return to Library]"></A><AHREF="auqbg002.htm#ToC"><IMGSRC="../toc.gif"BORDER="0"ALT="[Contents]"></A><AHREF="auqbg004.htm"><IMGSRC="../prev.gif"BORDER="0"ALT="[Previous Topic]"></A><AHREF="#Bot_Of_Page"><IMGSRC="../bot.gif"BORDER="0"ALT="[Bottom of Topic]"></A><AHREF="auqbg006.htm"><IMGSRC="../next.gif"BORDER="0"ALT="[Next Topic]"></A><AHREF="auqbg009.htm#HDRINDEX"><IMGSRC="../index.gif"BORDER="0"ALT="[Index]"></A><P>
<P>
<ANAME="IDX2218"></A>
<ANAME="IDX2219"></A>
<ANAME="IDX2220"></A>
<HR><H1><ANAME="HDRWQ17"HREF="auqbg002.htm#ToC_28">Installing the First AFS Machine</A></H1>
<P>This chapter describes how to install the first AFS machine
in your cell, configuring it as both a file server machine and a client
machine. After completing all procedures in this chapter, you can
remove the client functionality if you wish, as described in <AHREF="#HDRWQ98">Removing Client Functionality</A>.
<P>To install additional file server machines after completing this chapter,
see <AHREF="auqbg006.htm#HDRWQ99">Installing Additional Server Machines</A>.
<P>To install additional client machines after completing this chapter, see <AHREF="auqbg007.htm#HDRWQ133">Installing Additional Client Machines</A>.
<ANAME="IDX2221"></A>
<HR><H2><ANAME="Header_29"HREF="auqbg002.htm#ToC_29">Requirements and Configuration Decisions</A></H2>
<P>The instructions in this chapter assume that you meet the following
requirements.
<UL>
<P><LI>You are logged onto the machine's console as the local superuser
<B>root</B>
<P><LI>A standard version of one of the operating systems supported by the
current version of AFS is running on the machine
<P><LI>You can access the data on the AFS CD-ROMs, either through a local CD
drive or via an NFS mount of a CD drive attached to a machine that is
accessible by network
</UL>
<P>You must make the following configuration decisions while installing the
first AFS machine. To speed the installation itself, it is best to make
the decisions before beginning. See the chapter in the <I>IBM AFS
Administration Guide</I> about issues in cell administration and
configuration for detailed guidelines.
<ANAME="IDX2222"></A>
<ANAME="IDX2223"></A>
<ANAME="IDX2224"></A>
<UL>
<P><LI>Select the first AFS machine
<P><LI>Select the cell name
<P><LI>Decide which partitions or logical volumes to configure as AFS server
partitions, and choose the directory names on which to mount them
<P><LI>Decide whether to use the standard AFS authentication and authorization
software or Kerberos as obtained from another source. On several system
types, the decision determines how you incorporate AFS into the machine's
authentication system. If you wish to use Kerberos, contact the AFS
Product Support group now to learn about how you must modify the installation
procedure.
<P><LI>Decide how big to make the client cache
<P><LI>Decide how to configure the top levels of your cell's AFS filespace
</UL>
<P>This chapter is divided into three large sections corresponding to the
three parts of installing the first AFS machine. Perform all of the
steps in the order they appear. Each functional section begins with a
summary of the procedures to perform. The sections are as
follows:
<UL>
<P><LI>Installing server functionality (begins in <AHREF="#HDRWQ18">Overview: Installing Server Functionality</A>)
<P><LI>Installing client functionality (begins in <AHREF="#HDRWQ63">Overview: Installing Client Functionality</A>)
<P><LI>Configuring your cell's filespace, establishing further security
mechanisms, and enabling access to foreign cells (begins in <AHREF="#HDRWQ71">Overview: Completing the Installation of the First AFS Machine</A>)
</UL>
<ANAME="IDX2225"></A>
<ANAME="IDX2226"></A>
<ANAME="IDX2227"></A>
<HR><H2><ANAME="HDRWQ18"HREF="auqbg002.htm#ToC_30">Overview: Installing Server Functionality</A></H2>
<P>In the first phase of installing your cell's first AFS
machine, you install file server and database server functionality by
performing the following procedures:
<OLTYPE=1>
<P><LI>Choose which machine to install as the first AFS machine
<P><LI>Create AFS-related directories on the local disk
<P><LI>Incorporate AFS modifications into the machine's kernel
<P><LI>Configure partitions or logical volumes for storing AFS volumes
<P><LI>On some system types, install and configure an AFS-modified version of the
<B>fsck</B> program
<P><LI>If the machine is to remain a client machine, incorporate AFS into its
authentication system
<P><LI>Start the Basic OverSeer (BOS) Server
<P><LI>Define the cell name and the machine's cell membership
<P><LI>Start the database server processes: Authentication Server, Backup
Server, Protection Server, and Volume Location (VL) Server
<P><LI>Configure initial security mechanisms
<P><LI>Start the <B>fs</B> process, which incorporates three component
processes: the File Server, Volume Server, and Salvager
<P><LI>Start the server portion of the Update Server
<P><LI>Start the controller process (called <B>runntp</B>) for the Network
Time Protocol Daemon, which synchronizes machine clocks
</OL>
<HR><H2><ANAME="HDRWQ19"HREF="auqbg002.htm#ToC_31">Choosing the First AFS Machine</A></H2>
<P>The first AFS machine you install must have sufficient disk
space to store AFS volumes. To take best advantage of AFS's
capabilities, store client-side binaries as well as user files in
volumes. When you later install additional file server machines in your
cell, you can distribute these volumes among the different machines as you see
fit.
<P>These instructions configure the first AFS machine as a <I>database
server machine</I>, the <I>binary distribution machine</I> for its
system type, and the cell's <I>system control machine</I>. For
a description of these roles, see the <I>IBM AFS Administration
Guide</I>.
<P>Installation of additional machines is simplest if the first machine has
the lowest IP address of any database server machine you currently plan to
install. If you later install database server functionality on a
machine with a lower IP address, you must first update the
<B>/usr/vice/etc/CellServDB</B> file on all of your cell's client
machines. For more details, see <AHREF="auqbg006.htm#HDRWQ114">Installing Database Server Functionality</A>.
<P>Several of the initial procedures for installing a file
server machine differ for each system type. For convenience, the
following sections group them together for each system type:
<UL>
<ANAME="IDX2239"></A>
<ANAME="IDX2240"></A>
<ANAME="IDX2241"></A>
<P><LI>Incorporate AFS modifications into the kernel.
<P>The kernel on every AFS file server and client machine must incorporate AFS
extensions. On machines that use a dynamic kernel module loader, it is
conventional to alter the machine's initialization script to load the AFS
extensions at each reboot.
<ANAME="IDX2242"></A>
<ANAME="IDX2243"></A>
<ANAME="IDX2244"></A>
<ANAME="IDX2245"></A>
<ANAME="IDX2246"></A>
<ANAME="IDX2247"></A>
<ANAME="IDX2248"></A>
<P><LI>Configure server partitions or logical volumes to house AFS
volumes.
<P>Every AFS file server machine must have at least one partition or logical
volume dedicated to storing AFS volumes (for convenience, the documentation
hereafter refers to partitions only). Each server partition is mounted
at a directory named <B>/vicep</B><VAR>xx</VAR>, where <VAR>xx</VAR> is one or
two lowercase letters. By convention, the first 26 partitions are
mounted on the directories called <B>/vicepa</B> through
<B>/vicepz</B>, the 27th one is mounted on the <B>/vicepaa</B>
directory, and so on through <B>/vicepaz</B> and <B>/vicepba</B>,
continuing up to the index corresponding to the maximum number of server
partitions supported in the current version of AFS (which is specified in the
<I>IBM AFS Release Notes</I>).
<P>The <B>/vicep</B><VAR>xx</VAR> directories must reside in the file server
machine's root directory, not in one of its subdirectories (for example,
<B>/usr/vicepa</B> is not an acceptable directory location).
<P>You can also add or remove server partitions on an existing file server
machine. For instructions, see the chapter in the <I>IBM AFS
Administration Guide</I> about maintaining server machines.
<TABLE><TR><TDALIGN="LEFT"VALIGN="TOP"><B>Note:</B></TD><TDALIGN="LEFT"VALIGN="TOP">Not all file system types supported by an operating system are necessarily
supported as AFS server partitions. For possible restrictions, see the
<I>IBM AFS Release Notes</I>.
</TD></TR></TABLE>
<P><LI>On some system types, install and configure a modified <B>fsck</B>
program which recognizes the structures that the File Server uses to organize
volume data on AFS server partitions. The <B>fsck</B> program
provided with the operating system does not understand the AFS data
structures, and so removes them to the <B>lost+found</B> directory.
<P><LI>If the machine is to remain an AFS client machine, modify the
machine's authentication system so that users obtain an AFS token as they
log into the local file system. Using AFS is simpler and more
convenient for your users if you make the modifications on all client
machines. Otherwise, users must perform a two-step login procedure
(login to the local file system and then issue the <B>klog</B>
command). For further discussion of AFS authentication, see the chapter
in the <I>IBM AFS Administration Guide</I> about cell configuration and
administration issues.
</UL>
<P>To continue, proceed to the appropriate section:
<UL>
<P><LI><AHREF="#HDRWQ21">Getting Started on AIX Systems</A>
<P><LI><AHREF="#HDRWQ26">Getting Started on Digital UNIX Systems</A>
<P><LI><AHREF="#HDRWQ31">Getting Started on HP-UX Systems</A>
<P><LI><AHREF="#HDRWQ36">Getting Started on IRIX Systems</A>
<P><LI><AHREF="#HDRWQ41">Getting Started on Linux Systems</A>
<P><LI><AHREF="#HDRWQ45">Getting Started on Solaris Systems</A>
</UL>
<HR><H2><ANAME="HDRWQ21"HREF="auqbg002.htm#ToC_34">Getting Started on AIX Systems</A></H2>
<P>Begin by running the AFS initialization script to call the
AIX kernel extension facility, which dynamically loads AFS modifications into
the kernel. Then use the <B>SMIT</B> program to configure
partitions for storing AFS volumes, and replace the AIX <B>fsck</B>
program helper with a version that correctly handles AFS volumes. If
the machine is to remain an AFS client machine, incorporate AFS into the AIX
secondary authentication system.
<ANAME="IDX2249"></A>
<ANAME="IDX2250"></A>
<ANAME="IDX2251"></A>
<ANAME="IDX2252"></A>
<P><H3><ANAME="HDRWQ22"HREF="auqbg002.htm#ToC_35">Loading AFS into the AIX Kernel</A></H3>
<P>The AIX kernel extension facility is the dynamic kernel
loader provided by IBM Corporation. AIX does not support incorporation
of AFS modifications during a kernel build.
<P>For AFS to function correctly, the kernel extension facility must run each
time the machine reboots, so the AFS initialization script (included in the
AFS distribution) invokes it automatically. In this section you copy
the script to the conventional location and edit it to select the appropriate
options depending on whether NFS is also to run.
<P>After editing the script, you run it to incorporate AFS into the
kernel. In later sections you verify that the script correctly
initializes all AFS components, then configure the AIX <B>inittab</B> file
so that the script runs automatically at reboot.
<OLTYPE=1>
<P><LI>Mount the AFS CD-ROM for AIX on the local <B>/cdrom</B>
directory. For instructions on mounting CD-ROMs (either locally or
remotely via NFS), see your AIX documentation. Then change directory as
<P><LI>If you plan to retain client functionality on this machine after
completing the installation, proceed to <AHREF="#HDRWQ25">Enabling AFS Login on AIX Systems</A>. Otherwise, proceed to <AHREF="#HDRWQ50">Starting the BOS Server</A>.
</OL>
<ANAME="IDX2261"></A>
<ANAME="IDX2262"></A>
<ANAME="IDX2263"></A>
<ANAME="IDX2264"></A>
<ANAME="IDX2265"></A>
<P><H3><ANAME="HDRWQ25"HREF="auqbg002.htm#ToC_38">Enabling AFS Login on AIX Systems</A></H3>
<TABLE><TR><TDALIGN="LEFT"VALIGN="TOP"><B>Note:</B></TD><TDALIGN="LEFT"VALIGN="TOP">If you plan to remove client functionality from this machine
after completing the installation, skip this section and proceed to <AHREF="#HDRWQ50">Starting the BOS Server</A>.
</TD></TR></TABLE>
<P>Follow the instructions in this section to incorporate AFS modifications
into the AIX secondary authentication system.
<OLTYPE=1>
<P><LI>Issue the <B>ls</B> command to verify that the
<B>afs_dynamic_auth</B> and <B>afs_dynamic_kerbauth</B> programs are
installed in the local <B>/usr/vice/etc</B> directory.
<PRE>
# <B>ls /usr/vice/etc</B>
</PRE>
<P>If the files do not exist, mount the AFS CD-ROM for AIX (if it is not
already), change directory as indicated, and copy them.
<P>The following is an example for the first partition being
configured.
<PRE>
/dev/rz3a /vicepa ufs rw 0 2
</PRE>
<P><LI>Create a file system on each partition that is to be mounted at a
<B>/vicep</B><VAR>xx</VAR> directory. The following command is
probably appropriate, but consult the Digital UNIX documentation for more
information.
<PRE>
#<B> newfs -v /dev/</B><VAR>disk</VAR>
</PRE>
<P><LI>Mount each partition by issuing either the <B>mount -a</B> command to
mount all partitions at once or the <B>mount</B> command to mount each
partition in turn.
</OL>
<ANAME="IDX2274"></A>
<ANAME="IDX2275"></A>
<ANAME="IDX2276"></A>
<ANAME="IDX2277"></A>
<P><H3><ANAME="HDRWQ29"HREF="auqbg002.htm#ToC_42">Replacing the fsck Program on Digital UNIX Systems</A></H3>
<P>In this section, you make modifications to guarantee that the
appropriate <B>fsck</B> program runs on AFS server partitions. The
<B>fsck</B> program provided with the operating system must never run on
AFS server partitions. Because it does not recognize the structures
that the File Server uses to organize volume data, it removes all of the
data. To repeat:
<P><B>Never run the standard fsck program on AFS server partitions.
It discards AFS volumes.</B>
<P>On Digital UNIX systems, the files <B>/sbin/fsck</B> and
<B>/usr/sbin/fsck</B> are driver programs. Rather than replacing
either of them, you replace the actual binary included in the Digital UNIX
distribution as <B>/sbin/ufs_fsck</B> and
<B>/usr/sbin/ufs_fsck</B>.
<OLTYPE=1>
<P><LI>Install the <B>vfsck</B> binary to the <B>/sbin</B> and
<B>/usr/sbin</B> directories. The AFS CD-ROM must still be mounted
at the <B>/cdrom</B> directory.
<PRE>
# <B>cd /cdrom/alpha_dux40/root.server/etc</B>
# <B>cp vfsck /sbin/vfsck</B>
# <B>cp vfsck /usr/sbin/vfsck</B>
</PRE>
<P><LI>Rename the Digital UNIX <B>fsck</B> binaries and create symbolic links
to the <B>vfsck</B> program.
<PRE>
# <B>cd /sbin</B>
# <B>mv ufs_fsck ufs_fsck.noafs</B>
# <B>ln -s vfsck ufs_fsck</B>
# <B>cd /usr/sbin</B>
# <B>mv ufs_fsck ufs_fsck.noafs</B>
# <B>ln -s vfsck ufs_fsck</B>
</PRE>
<P><LI>If you plan to retain client functionality on this machine after
completing the installation, proceed to <AHREF="#HDRWQ30">Enabling AFS Login on Digital UNIX Systems</A>. Otherwise, proceed to <AHREF="#HDRWQ50">Starting the BOS Server</A>.
</OL>
<ANAME="IDX2278"></A>
<ANAME="IDX2279"></A>
<ANAME="IDX2280"></A>
<ANAME="IDX2281"></A>
<ANAME="IDX2282"></A>
<ANAME="IDX2283"></A>
<P><H3><ANAME="HDRWQ30"HREF="auqbg002.htm#ToC_43">Enabling AFS Login on Digital UNIX Systems</A></H3>
<TABLE><TR><TDALIGN="LEFT"VALIGN="TOP"><B>Note:</B></TD><TDALIGN="LEFT"VALIGN="TOP">If you plan to remove client functionality from this machine
after completing the installation, skip this section and proceed to <AHREF="#HDRWQ50">Starting the BOS Server</A>.
</TD></TR></TABLE>
<P>On Digital UNIX systems, the AFS initialization script automatically
incorporates the AFS authentication library file into the Security Integration
Architecture (SIA) matrix on the machine, so that users with AFS accounts
obtain a token at login. In this section you copy the library file to
the appropriate location.
<P>For more information on SIA, see the Digital UNIX reference page for
<B>matrix.conf</B>, or consult the section on security in your
Digital UNIX documentation.
<TABLE><TR><TDALIGN="LEFT"VALIGN="TOP"><B>Note:</B></TD><TDALIGN="LEFT"VALIGN="TOP">If the machine runs both the DCE and AFS client software, AFS must start
after DCE. Consult the AFS initialization script for suggested symbolic
links to create for correct ordering. Also, the system startup script
order must initialize SIA before any long-running process that uses
authentication.
</TD></TR></TABLE>
<P>Perform the following steps to enable AFS login.
<OLTYPE=1>
<P><LI>Mount the AFS CD-ROM for Digital UNIX on the local <B>/cdrom</B>
directory, if it is not already. Change directory as indicated.
<PRE>
# <B>cd /cdrom/alpha_dux40/lib/afs</B>
</PRE>
<P><LI>Copy the appropriate AFS authentication library file to the local
<B>/usr/shlib</B> directory.
<P>If you use the AFS Authentication Server (<B>kaserver</B> process) in
the cell:
<PRE>
# <B>cp libafssiad.so /usr/shlib</B>
</PRE>
<P>If you use a Kerberos implementation of AFS authentication, rename the
<P><LI>Change the <B>vfsck</B> binary's name to <B>fsck</B> and set
the mode bits appropriately on all of the files in the <B>/sbin/fs/afs</B>
directory.
<PRE>
# <B>mv vfsck fsck</B>
# <B>chmod 755 *</B>
</PRE>
<P><LI>Edit the <B>/etc/fstab</B> file, changing the file system type for
each AFS server partition from <TT>hfs</TT> to <TT>afs</TT>. This
ensures that the AFS-modified <B>fsck</B> program runs on the appropriate
partitions.
<P>The sixth line in the following example of an edited file shows an AFS
server partition, <B>/vicepa</B>.
<PRE>
/dev/vg00/lvol1 / hfs defaults 0 1
/dev/vg00/lvol4 /opt hfs defaults 0 2
/dev/vg00/lvol5 /tmp hfs defaults 0 2
/dev/vg00/lvol6 /usr hfs defaults 0 2
/dev/vg00/lvol8 /var hfs defaults 0 2
/dev/vg00/lvol9 /vicepa afs defaults 0 2
/dev/vg00/lvol7 /usr/vice/cache hfs defaults 0 2
</PRE>
<P><LI>If you plan to retain client functionality on this machine after
completing the installation, proceed to <AHREF="#HDRWQ35">Enabling AFS Login on HP-UX Systems</A>. Otherwise, proceed to <AHREF="#HDRWQ50">Starting the BOS Server</A>.
</OL>
<ANAME="IDX2296"></A>
<ANAME="IDX2297"></A>
<ANAME="IDX2298"></A>
<ANAME="IDX2299"></A>
<ANAME="IDX2300"></A>
<ANAME="IDX2301"></A>
<P><H3><ANAME="HDRWQ35"HREF="auqbg002.htm#ToC_48">Enabling AFS Login on HP-UX Systems</A></H3>
<TABLE><TR><TDALIGN="LEFT"VALIGN="TOP"><B>Note:</B></TD><TDALIGN="LEFT"VALIGN="TOP">If you plan to remove client functionality from this machine
after completing the installation, skip this section and proceed to <AHREF="#HDRWQ50">Starting the BOS Server</A>.
</TD></TR></TABLE>
<P>At this point you incorporate AFS into the operating system's
Pluggable Authentication Module (PAM) scheme. PAM integrates all
authentication mechanisms on the machine, including login, to provide the
security infrastructure for authenticated access to and from the
machine.
<P>Explaining PAM is beyond the scope of this document. It is assumed
that you understand the syntax and meanings of settings in the PAM
configuration file (for example, how the <TT>other</TT> entry works, the
effect of marking an entry as <TT>required</TT>, <TT>optional</TT>, or
<TT>sufficient</TT>, and so on).
<P>The following instructions explain how to alter the entries in the PAM
configuration file for each service for which you wish to use AFS
authentication. Other configurations possibly also work, but the
instructions specify the recommended and tested configuration.
<TABLE><TR><TDALIGN="LEFT"VALIGN="TOP"><B>Note:</B></TD><TDALIGN="LEFT"VALIGN="TOP">The instructions specify that you mark each entry as
<TT>optional</TT>. However, marking some modules as optional can mean
that they grant access to the corresponding service even when the user does
not meet all of the module's requirements. In some operating
system revisions, for example, if you mark as optional the module that
controls login via a dial-up connection, it allows users to login without
providing a password. See the <I>IBM AFS Release Notes</I> for a
discussion of any limitations that apply to this operating system.
<P>Also, with some operating system versions you must install patches for PAM
to interact correctly with certain authentication programs. For
details, see the <I>IBM AFS Release Notes</I>.
</TD></TR></TABLE>
<P>The recommended AFS-related entries in the PAM configuration file make use
of one or more of the following three attributes.
<DL>
<P><DT><B><TT>try_first_pass</TT>
</B><DD>This is a standard PAM attribute that can be included on entries after the
first one for a service; it directs the module to use the password that
was provided to the first module. For the AFS module, it means that AFS
authentication succeeds if the password provided to the module listed first is
the user's correct AFS password. For further discussion of this
attribute and its alternatives, see the operating system's PAM
documentation.
<P><DT><B><TT>ignore_root</TT>
</B><DD>This attribute, specific to the AFS PAM module, directs it to ignore not
only the local superuser <B> root</B>, but also any user with UID 0
(zero).
<P><DT><B><TT>setenv_password_expires</TT>
</B><DD>This attribute, specific to the AFS PAM module, sets the environment
variable PASSWORD_EXPIRES to the expiration date of the user's AFS
password, which is recorded in the Authentication Database.
</DL>
<P>Perform the following steps to enable AFS login.
<OLTYPE=1>
<P><LI>Mount the AFS CD-ROM for HP-UX on the <B>/cdrom</B> directory, if it
is not already. Then change directory as indicated.
<PRE>
# <B>cd /usr/lib/security</B>
</PRE>
<P><LI>Copy the AFS authentication library file to the
<B>/usr/lib/security</B> directory. Then create a symbolic link to
it whose name does not mention the version. Omitting the version
eliminates the need to edit the PAM configuration file if you later update the
library file.
<P>If you use the AFS Authentication Server (<B>kaserver</B> process) in
the cell:
<PRE>
# <B>cp /cdrom/hp_ux110/lib/pam_afs.so.1 .</B>
# <B>ln -s pam_afs.so.1 pam_afs.so</B>
</PRE>
<P>If you use a Kerberos implementation of AFS authentication:
<P><LI>Mount each partition by issuing either the <B>mount -a</B> command to
mount all partitions at once or the <B>mount</B> command to mount each
partition in turn.
<P><LI><B>(Optional)</B> If you have configured partitions or logical volumes
to use XFS, issue the following command to verify that the inodes are
configured properly (are large enough to accommodate AFS-specific
information). If the configuration is correct, the command returns no
output. Otherwise, it specifies the command to run in order to
configure each partition or logical volume properly.
<PRE>
# <B>/usr/afs/bin/xfs_size_check</B>
</PRE>
<P><LI>If you plan to retain client functionality on this machine after
completing the installation, proceed to <AHREF="#HDRWQ40">Enabling AFS Login on IRIX Systems</A>. Otherwise, proceed to <AHREF="#HDRWQ50">Starting the BOS Server</A>.
</OL>
<ANAME="IDX2321"></A>
<ANAME="IDX2322"></A>
<ANAME="IDX2323"></A>
<ANAME="IDX2324"></A>
<P><H3><ANAME="HDRWQ40"HREF="auqbg002.htm#ToC_53">Enabling AFS Login on IRIX Systems</A></H3>
<TABLE><TR><TDALIGN="LEFT"VALIGN="TOP"><B>Note:</B></TD><TDALIGN="LEFT"VALIGN="TOP">If you plan to remove client functionality from this machine
after completing the installation, skip this section and proceed to <AHREF="#HDRWQ50">Starting the BOS Server</A>.
</TD></TR></TABLE>
<P>The standard IRIX command-line <B>login</B> program and the graphical
<B>xdm</B> login program both automatically grant an AFS token when AFS is
incorporated into the machine's kernel. However, some IRIX
distributions use another login utility by default, and it does not
necessarily incorporate the required AFS modifications. If that is the
case, you must disable the default utility if you want AFS users to obtain AFS
tokens at login. For further discussion, see the <I>IBM AFS Release
Notes</I>.
<P>If you configure the machine to use an AFS-modified login utility, then the
<B>afsauthlib.so</B> and <B>afskauthlib.so</B> files
(included in the AFS distribution) must reside in the <B>/usr/vice/etc</B>
directory. Issue the <B>ls</B> command to verify.
<PRE>
# <B>ls /usr/vice/etc</B>
</PRE>
<P>If the files do not exist, mount the AFS CD-ROM for IRIX (if it is not
already), change directory as indicated, and copy them.
<P>The following is an example for the first partition being
configured.
<PRE>
/dev/sda8 /vicepa ext2 defaults 0 2
</PRE>
<P><LI>Create a file system on each partition that is to be mounted at a
<B>/vicep</B><VAR>xx</VAR> directory. The following command is
probably appropriate, but consult the Linux documentation for more
information.
<PRE>
#<B> mkfs -v /dev/</B><VAR>disk</VAR>
</PRE>
<P><LI>Mount each partition by issuing either the <B>mount -a</B> command to
mount all partitions at once or the <B>mount</B> command to mount each
partition in turn.
<P><LI>If you plan to retain client functionality on this machine after
completing the installation, proceed to <AHREF="#HDRWQ44">Enabling AFS Login on Linux Systems</A>. Otherwise, proceed to <AHREF="#HDRWQ50">Starting the BOS Server</A>.
</OL>
<ANAME="IDX2337"></A>
<ANAME="IDX2338"></A>
<ANAME="IDX2339"></A>
<ANAME="IDX2340"></A>
<ANAME="IDX2341"></A>
<P><H3><ANAME="HDRWQ44"HREF="auqbg002.htm#ToC_57">Enabling AFS Login on Linux Systems</A></H3>
<TABLE><TR><TDALIGN="LEFT"VALIGN="TOP"><B>Note:</B></TD><TDALIGN="LEFT"VALIGN="TOP">If you plan to remove client functionality from this machine
after completing the installation, skip this section and proceed to <AHREF="#HDRWQ50">Starting the BOS Server</A>.
</TD></TR></TABLE>
<P>At this point you incorporate AFS into the operating system's
Pluggable Authentication Module (PAM) scheme. PAM integrates all
authentication mechanisms on the machine, including login, to provide the
security infrastructure for authenticated access to and from the
machine.
<P>Explaining PAM is beyond the scope of this document. It is assumed
that you understand the syntax and meanings of settings in the PAM
configuration file (for example, how the <TT>other</TT> entry works, the
effect of marking an entry as <TT>required</TT>, <TT>optional</TT>, or
<TT>sufficient</TT>, and so on).
<P>The following instructions explain how to alter the entries in the PAM
configuration file for each service for which you wish to use AFS
authentication. Other configurations possibly also work, but the
instructions specify the recommended and tested configuration.
<P>The recommended AFS-related entries in the PAM configuration file make use
of one or more of the following three attributes.
<DL>
<P><DT><B><TT>try_first_pass</TT>
</B><DD>This is a standard PAM attribute that can be included on entries after the
first one for a service; it directs the module to use the password that
was provided to the first module. For the AFS module, it means that AFS
authentication succeeds if the password provided to the module listed first is
the user's correct AFS password. For further discussion of this
attribute and its alternatives, see the operating system's PAM
documentation.
<P><DT><B><TT>ignore_root</TT>
</B><DD>This attribute, specific to the AFS PAM module, directs it to ignore not
only the local superuser <B> root</B>, but also any user with UID 0
(zero).
<P><DT><B><TT>setenv_password_expires</TT>
</B><DD>This attribute, specific to the AFS PAM module, sets the environment
variable PASSWORD_EXPIRES to the expiration date of the user's AFS
password, which is recorded in the Authentication Database.
</DL>
<P>Perform the following steps to enable AFS login.
<OLTYPE=1>
<P><LI>Mount the AFS CD-ROM for Linux on the <B>/cdrom</B> directory, if it
is not already. Then change to the directory for PAM modules, which
depends on which Linux distribution you are using.
<P>If you are using a Linux distribution from Red Hat Software:
<PRE>
# <B>cd /lib/security</B>
</PRE>
<P>If you are using another Linux distribution:
<PRE>
# <B>cd /usr/lib/security</B>
</PRE>
<P><LI>Copy the appropriate AFS authentication library file to the directory to
which you changed in the previous step. Create a symbolic link whose
name does not mention the version. Omitting the version eliminates the
need to edit the PAM configuration file if you later update the library
file.
<P>If you use the AFS Authentication Server (<B>kaserver</B>
<P><LI>Create a file system on each partition that is to be mounted at a
<B>/vicep</B><VAR>xx</VAR> directory. The following command is
probably appropriate, but consult the Solaris documentation for more
information.
<PRE>
# <B>newfs -v /dev/rdsk/</B><VAR>disk</VAR>
</PRE>
<P><LI>Issue the <B>mountall</B> command to mount all partitions at
once.
<P><LI>If you plan to retain client functionality on this machine after
completing the installation, proceed to <AHREF="#HDRWQ49">Enabling AFS Login and Editing the File Systems Clean-up Script on Solaris Systems</A>. Otherwise, proceed to <AHREF="#HDRWQ50">Starting the BOS Server</A>.
</OL>
<ANAME="IDX2354"></A>
<ANAME="IDX2355"></A>
<ANAME="IDX2356"></A>
<ANAME="IDX2357"></A>
<ANAME="IDX2358"></A>
<ANAME="IDX2359"></A>
<ANAME="IDX2360"></A>
<ANAME="IDX2361"></A>
<P><H3><ANAME="HDRWQ49"HREF="auqbg002.htm#ToC_62">Enabling AFS Login and Editing the File Systems Clean-up Script on Solaris Systems</A></H3>
<TABLE><TR><TDALIGN="LEFT"VALIGN="TOP"><B>Note:</B></TD><TDALIGN="LEFT"VALIGN="TOP">If you plan to remove client functionality from this machine
after completing the installation, skip this section and proceed to <AHREF="#HDRWQ50">Starting the BOS Server</A>.
</TD></TR></TABLE>
<P>At this point you incorporate AFS into the operating system's
Pluggable Authentication Module (PAM) scheme. PAM integrates all
authentication mechanisms on the machine, including login, to provide the
security infrastructure for authenticated access to and from the
machine.
<P>Explaining PAM is beyond the scope of this document. It is assumed
that you understand the syntax and meanings of settings in the PAM
configuration file (for example, how the <TT>other</TT> entry works, the
effect of marking an entry as <TT>required</TT>, <TT>optional</TT>, or
<TT>sufficient</TT>, and so on).
<P>The following instructions explain how to alter the entries in the PAM
configuration file for each service for which you wish to use AFS
authentication. Other configurations possibly also work, but the
instructions specify the recommended and tested configuration.
<TABLE><TR><TDALIGN="LEFT"VALIGN="TOP"><B>Note:</B></TD><TDALIGN="LEFT"VALIGN="TOP">The instructions specify that you mark each entry as
<TT>optional</TT>. However, marking some modules as optional can mean
that they grant access to the corresponding service even when the user does
not meet all of the module's requirements. In some operating
system revisions, for example, if you mark as optional the module that
controls login via a dial-up connection, it allows users to login without
providing a password. See the <I>IBM AFS Release Notes</I> for a
discussion of any limitations that apply to this operating system.
<P>Also, with some operating system versions you must install patches for PAM
to interact correctly with certain authentication programs. For
details, see the <I>IBM AFS Release Notes</I>.
</TD></TR></TABLE>
<P>The recommended AFS-related entries in the PAM configuration file make use
of one or more of the following three attributes.
<DL>
<P><DT><B><TT>try_first_pass</TT>
</B><DD>This is a standard PAM attribute that can be included on entries after the
first one for a service; it directs the module to use the password that
was provided to the first module. For the AFS module, it means that AFS
authentication succeeds if the password provided to the module listed first is
the user's correct AFS password. For further discussion of this
attribute and its alternatives, see the operating system's PAM
documentation.
<P><DT><B><TT>ignore_root</TT>
</B><DD>This attribute, specific to the AFS PAM module, directs it to ignore not
only the local superuser <B> root</B>, but also any user with UID 0
(zero).
<P><DT><B><TT>setenv_password_expires</TT>
</B><DD>This attribute, specific to the AFS PAM module, sets the environment
variable PASSWORD_EXPIRES to the expiration date of the user's AFS
password, which is recorded in the Authentication Database.
</DL>
<P>Perform the following steps to enable AFS login.
<OLTYPE=1>
<P><LI>Mount the AFS CD-ROM for Solaris on the <B>/cdrom</B> directory, if it
is not already. Then change directory as indicated.
<PRE>
# <B>cd /usr/lib/security</B>
</PRE>
<P><LI>Copy the AFS authentication library file to the
<B>/usr/lib/security</B> directory. Then create a symbolic link to
it whose name does not mention the version. Omitting the version
eliminates the need to edit the PAM configuration file if you later update the
library file.
<P>If you use the AFS Authentication Server (<B>kaserver</B>
process):
<PRE>
#<B> cp /cdrom/sun4x_56/lib/pam_afs.so.1 .</B>
# <B>ln -s pam_afs.so.1 pam_afs.so</B>
</PRE>
<P>If you use a Kerberos implementation of AFS authentication:
<HR><H2><ANAME="HDRWQ52"HREF="auqbg002.htm#ToC_65">Starting the Database Server Processes</A></H2>
<P>Next use the <B>bos create</B> command to create entries
for the four database server processes in the
<B>/usr/afs/local/BosConfig</B> file and start them running. The
four processes run on database server machines only:
<UL>
<P><LI>The Authentication Server (the <B>kaserver</B> process) maintains the
Authentication Database
<P><LI>The Backup Server (the <B>buserver</B> process) maintains the Backup
Database
<P><LI>The Protection Server (the <B>ptserver</B> process) maintains the
Protection Database
<P><LI>The Volume Location (VL) Server (the <B>vlserver</B> process)
maintains the Volume Location Database (VLDB)
</UL>
<ANAME="IDX2430"></A>
<TABLE><TR><TDALIGN="LEFT"VALIGN="TOP"><B>Note:</B></TD><TDALIGN="LEFT"VALIGN="TOP">AFS's authentication and authorization software is based on algorithms
and other procedures known as <I>Kerberos</I>, as originally developed by
Project Athena at the Massachusetts Institute of Technology. Some cells
choose to replace the AFS Authentication Server and other security-related
protocols with Kerberos as obtained directly from Project Athena or other
sources. If you wish to do this, contact the AFS Product Support group
now to learn about necessary modifications to the installation.
</TD></TR></TABLE>
<P>The remaining instructions in this chapter include the <B>-cell</B>
argument on all applicable commands. Provide the cell name you assigned
in <AHREF="#HDRWQ51">Defining Cell Name and Membership for Server Processes</A>. If a command appears on multiple lines, it is only
for legibility.
<ANAME="IDX2431"></A>
<ANAME="IDX2432"></A>
<OLTYPE=1>
<P><LI>Issue the <B>bos create</B> command to start the Authentication
<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
in both the <B>/usr/vice/etc</B> and <B>/etc</B> directories.
If you want to avoid potential confusion by guaranteeing that they are always
the same, create a link between them. You can always retrieve the
original script from the AFS CD-ROM if necessary.
<PRE>
# <B>cd /usr/vice/etc</B>
# <B>rm rc.afs</B>
# <B>ln -s /etc/rc.afs</B>
</PRE>
<P><LI>Proceed to <AHREF="#HDRWQ80">Configuring the Top Levels of the AFS Filespace</A>.
</OL>
<ANAME="IDX2587"></A>
<P><H3><ANAME="HDRWQ75"HREF="auqbg002.htm#ToC_82">Activating the Script on Digital UNIX Systems</A></H3>
<OLTYPE=1>
<P><LI>Change to the <B>/sbin/init.d</B> directory and issue the
<B>ln -s</B> command to create symbolic links that incorporate the AFS
initialization script into the Digital UNIX startup and shutdown
sequence.
<PRE>
# <B>cd /sbin/init.d</B>
# <B>ln -s ../init.d/afs /sbin/rc3.d/S67afs</B>
# <B>ln -s ../init.d/afs /sbin/rc0.d/K66afs</B>
</PRE>
<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
in both the <B>/usr/vice/etc</B> and <B>/sbin/init.d</B>
directories. If you want to avoid potential confusion by guaranteeing
that they are always the same, create a link between them. You can
always retrieve the original script from the AFS CD-ROM if necessary.
<PRE>
# <B>cd /usr/vice/etc</B>
# <B>rm afs.rc</B>
# <B>ln -s /sbin/init.d/afs afs.rc</B>
</PRE>
<P><LI>Proceed to <AHREF="#HDRWQ80">Configuring the Top Levels of the AFS Filespace</A>.
</OL>
<ANAME="IDX2588"></A>
<P><H3><ANAME="HDRWQ76"HREF="auqbg002.htm#ToC_83">Activating the Script on HP-UX Systems</A></H3>
<OLTYPE=1>
<P><LI>Change to the <B>/sbin/init.d</B> directory and issue the
<B>ln -s</B> command to create symbolic links that incorporate the AFS
initialization script into the HP-UX startup and shutdown sequence.
<PRE>
# <B>cd /sbin/init.d</B>
# <B>ln -s ../init.d/afs /sbin/rc2.d/S460afs</B>
# <B>ln -s ../init.d/afs /sbin/rc2.d/K800afs</B>
</PRE>
<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
in both the <B>/usr/vice/etc</B> and <B>/sbin/init.d</B>
directories. If you want to avoid potential confusion by guaranteeing
that they are always the same, create a link between them. You can
always retrieve the original script from the AFS CD-ROM if necessary.
<PRE>
# <B>cd /usr/vice/etc</B>
# <B>rm afs.rc</B>
# <B>ln -s /sbin/init.d/afs afs.rc</B>
</PRE>
<P><LI>Proceed to <AHREF="#HDRWQ80">Configuring the Top Levels of the AFS Filespace</A>.
</OL>
<ANAME="IDX2589"></A>
<P><H3><ANAME="HDRWQ77"HREF="auqbg002.htm#ToC_84">Activating the Script on IRIX Systems</A></H3>
<OLTYPE=1>
<P><LI>Change to the <B>/etc/init.d</B> directory and issue the
<B>ln -s</B> command to create symbolic links that incorporate the AFS
initialization script into the IRIX startup and shutdown sequence.
<PRE>
# <B>cd /etc/init.d</B>
# <B>ln -s ../init.d/afs /etc/rc2.d/S35afs</B>
# <B>ln -s ../init.d/afs /etc/rc0.d/K35afs</B>
</PRE>
<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
in both the <B>/usr/vice/etc</B> and <B>/etc/init.d</B>
directories. If you want to avoid potential confusion by guaranteeing
that they are always the same, create a link between them. You can
always retrieve the original script from the AFS CD-ROM if necessary.
<PRE>
# <B>cd /usr/vice/etc</B>
# <B>rm afs.rc</B>
# <B>ln -s /etc/init.d/afs afs.rc</B>
</PRE>
<P><LI>Proceed to <AHREF="#HDRWQ80">Configuring the Top Levels of the AFS Filespace</A>.
</OL>
<ANAME="IDX2590"></A>
<P><H3><ANAME="HDRWQ78"HREF="auqbg002.htm#ToC_85">Activating the Script on Linux Systems</A></H3>
<OLTYPE=1>
<P><LI>Issue the <B>chkconfig</B> command to activate the <B>afs</B>
configuration variable. Based on the instruction in the AFS
initialization file that begins with the string <TT>#chkconfig</TT>, the
command automatically creates the symbolic links that incorporate the script
into the Linux startup and shutdown sequence.
<PRE>
# <B>/sbin/chkconfig --add afs</B>
</PRE>
<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
in both the <B>/usr/vice/etc</B> and
<B>/etc/rc.d/init.d</B> directories, and copies of the
<B>afsd</B> options file in both the <B>/usr/vice/etc</B> and
<B>/etc/sysconfig</B> directories. If you want to avoid potential
confusion by guaranteeing that the two copies of each file are always the
same, create a link between them. You can always retrieve the original
script or options file from the AFS CD-ROM if necessary.
<PRE>
# <B>cd /usr/vice/etc</B>
# <B>rm afs.rc afs.conf</B>
# <B>ln -s /etc/rc.d/init.d/afs afs.rc</B>
# <B>ln -s /etc/sysconfig/afs afs.conf</B>
</PRE>
<P><LI>Proceed to <AHREF="#HDRWQ80">Configuring the Top Levels of the AFS Filespace</A>.
</OL>
<ANAME="IDX2591"></A>
<P><H3><ANAME="HDRWQ79"HREF="auqbg002.htm#ToC_86">Activating the Script on Solaris Systems</A></H3>
<OLTYPE=1>
<P><LI>Change to the <B>/etc/init.d</B> directory and issue the
<B>ln -s</B> command to create symbolic links that incorporate the AFS
initialization script into the Solaris startup and shutdown sequence.
<PRE>
# <B>cd /etc/init.d</B>
# <B>ln -s ../init.d/afs /etc/rc3.d/S99afs</B>
# <B>ln -s ../init.d/afs /etc/rc0.d/K66afs</B>
</PRE>
<P><LI><B>(Optional)</B> There are now copies of the AFS initialization file
in both the <B>/usr/vice/etc</B> and <B>/etc/init.d</B>
directories. If you want to avoid potential confusion by guaranteeing
that they are always the same, create a link between them. You can
always retrieve the original script from the AFS CD-ROM if necessary.
<PRE>
# <B>cd /usr/vice/etc</B>
# <B>rm afs.rc</B>
# <B>ln -s /etc/init.d/afs afs.rc</B>
</PRE>
</OL>
<ANAME="IDX2592"></A>
<ANAME="IDX2593"></A>
<HR><H2><ANAME="HDRWQ80"HREF="auqbg002.htm#ToC_87">Configuring the Top Levels of the AFS Filespace</A></H2>
<P>If you have not previously run AFS in your cell, you now
configure the top levels of your cell's AFS filespace. If you have
run a previous version of AFS, the filespace is already configured.
Proceed to <AHREF="#HDRWQ83">Storing AFS Binaries in AFS</A>.
<ANAME="IDX2594"></A>
<ANAME="IDX2595"></A>
<ANAME="IDX2596"></A>
<P>You created the <B>root.afs</B> volume in <AHREF="#HDRWQ60">Starting the File Server, Volume Server, and Salvager</A>, and the Cache Manager mounted it automatically on the local
<B>/afs</B> directory when you ran the AFS initialization script in <AHREF="#HDRWQ72">Verifying the AFS Initialization Script</A>. You now set the access control list (ACL) on the
<B>/afs</B> directory; creating, mounting, and setting the ACL are
the three steps required when creating any volume.
<P>After setting the ACL on the <B>root.afs</B> volume, you create
your cell's <B>root.cell</B> volume, mount it as a
subdirectory of the <B>/afs</B> directory, and set the ACL. Create
both a read/write and a regular mount point for the
<B>root.cell</B> volume. The read/write mount point enables
you to access the read/write version of replicated volumes when
necessary. Creating both mount points essentially creates separate
read-only and read-write copies of your filespace, and enables the Cache
Manager to traverse the filespace on a read-only path or read/write path as
appropriate. For further discussion of these concepts, see the chapter
in the <I>IBM AFS Administration Guide</I> about administering
volumes.
<ANAME="IDX2597"></A>
<ANAME="IDX2598"></A>
<ANAME="IDX2599"></A>
<P>Then replicate both the <B>root.afs</B> and
<B>root.cell</B> volumes. This is required if you want to
replicate any other volumes in your cell, because all volumes mounted above a
replicated volume must themselves be replicated in order for the Cache Manager
to access the replica.
<P>When the <B>root.afs</B> volume is replicated, the Cache Manager
is programmed to access its read-only version
(<B>root.afs.readonly</B>) whenever possible. To make
changes to the contents of the <B>root.afs</B> volume (when, for
example, you mount another cell's <B>root.cell</B> volume at
the second level in your filespace), you must mount the
<B>root.afs</B> volume temporarily, make the changes, release the
volume and remove the temporary mount point. For instructions, see <AHREF="#HDRWQ91">Enabling Access to Foreign Cells</A>.
<ANAME="IDX2600"></A>
<ANAME="IDX2601"></A>
<ANAME="IDX2602"></A>
<ANAME="IDX2603"></A>
<OLTYPE=1>
<P><LI>Issue the <B>fs setacl</B> command to edit the ACL on the
<B>/afs</B> directory. Add an entry that grants the <B>l</B>
(<B>lookup</B>) and <B>r</B> (<B>read</B>) permissions to the
<B>system:anyuser</B> group, to enable all AFS users who can reach
your cell to traverse through the directory. If you prefer to enable
access only to locally authenticated users, substitute the
<B>system:authuser</B> group.
<P>Note that there is already an ACL entry that grants all seven access rights
to the <B>system:administrators</B> group. It is a default
entry that AFS places on every new volume's root directory.
where <VAR>sysname</VAR> is the appropriate system type name as specified in the
<I>IBM AFS Release Notes</I>. The instructions in <AHREF="auqbg007.htm#HDRWQ133">Installing Additional Client Machines</A> assume that you have followed the instructions in this
section.
<P>If you have previously run AFS in the cell, the volumes possibly already
exist. If so, you need to perform Step <AHREF="#LIWQ86">8</A> only.
<P>The current working directory is still <B>/usr/afs/bin</B>, which
houses the <B>fs</B> and <B>vos</B> command suite binaries. In
the following commands, it is possible you still need to specify the pathname
to the commands, depending on how your PATH environment variable is
set.
<OLTYPE=1>
<ANAME="IDX2635"></A>
<ANAME="IDX2636"></A>
<P><LI><ANAME="LIWQ84"></A>Issue the <B>vos create</B> command to create volumes for
storing the AFS client binaries for this system type. The following
example instruction creates volumes called <VAR>sysname</VAR>,
<VAR>sysname</VAR>.<B>usr</B>, and
<VAR>sysname</VAR>.<B>usr.afsws</B>. Refer to the
<I>IBM AFS Release Notes</I> to learn the proper value of <VAR>sysname</VAR>
<P>Follow the instructions in this section only if you do not
wish this machine to remain an AFS client. Removing client
functionality means that you cannot use this machine to access AFS
files.
<OLTYPE=1>
<P><LI>Remove the files from the <B>/usr/vice/etc</B> directory. The
command does not remove the directory for files used by the dynamic kernel
loader program, if it exists on this system type. Those files are still
needed on a server-only machine.
<PRE>
# <B>cd /usr/vice/etc</B>
# <B>rm * </B>
# <B>rm -rf C</B>
</PRE>
<P><LI>Create symbolic links to the <B>ThisCell</B> and <B>CellServDB</B>
files in the <B>/usr/afs/etc</B> directory. This makes it possible
to issue commands from the AFS command suites (such as <B>bos</B> and
<B>fs</B>) on this machine.
<PRE>
# <B>ln -s /usr/afs/etc/ThisCell ThisCell</B>
# <B>ln -s /usr/afs/etc/CellServDB CellServDB</B>
</PRE>
<P><LI>On IRIX systems, issue the <B>chkconfig</B> command to deactivate the
<B>afsclient</B> configuration variable.
<PRE>
# <B>/etc/chkconfig -f afsclient off</B>
</PRE>
<P><LI>Reboot the machine. Most system types use the <B>shutdown</B>
command, but the appropriate options vary.
<PRE>
# <B>cd /</B>
# <B>shutdown</B><VAR>appropriate_options</VAR>
</PRE>
</OL>
<HR><PALIGN="center"><AHREF="../index.htm"><IMGSRC="../books.gif"BORDER="0"ALT="[Return to Library]"></A><AHREF="auqbg002.htm#ToC"><IMGSRC="../toc.gif"BORDER="0"ALT="[Contents]"></A><AHREF="auqbg004.htm"><IMGSRC="../prev.gif"BORDER="0"ALT="[Previous Topic]"></A><AHREF="#Top_Of_Page"><IMGSRC="../top.gif"BORDER="0"ALT="[Top of Topic]"></A><AHREF="auqbg006.htm"><IMGSRC="../next.gif"BORDER="0"ALT="[Next Topic]"></A><AHREF="auqbg009.htm#HDRINDEX"><IMGSRC="../index.gif"BORDER="0"ALT="[Index]"></A><P>
<!-- Begin Footer Records ========================================== -->
<P><HR><B>
<br>©<AHREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
</B>
<!-- End Footer Records ============================================ -->
