Iowa State Linux is a collection of packages installed on a Red Hat Enterprise Linux 3 (RHEL3) system that allows easy access to centrally provided services at Iowa State:

• The ability to use Net-IDs and passwords for user authentication and directory information

• Access to central AFS space

• Access to central print queues

• The ability to restrict access to machines via IASTATE Access Control Lists (ACLs)
  

Preparation

Before you install Iowa State Linux on a RHEL3 box there are some steps you should take before hand.

• Use the Iowa State RHEL Proxy Service
  

Iowa State provides a proxy for the Red Hat Network, which not only allows management of systems centrally through a web interface but also allows custom local channels of packages, such as Iowa State Linux.

More information on using the Iowa State RHEL Proxy Service is available under the Getting Started link. You will need to have your machine configured to use the Iowa State proxy server, and the machine will need to be subscribed to the "Iowa State Linux" channel.

• Time

Kerberos authentication requires that the local system time match the kerberos server time to within five minutes. While it is possible to manually set the time all system clocks drift to some extent and eventually the system will be more than five minutes out of sync with the kerberos servers.

AIT provides an ntp (Network Time Protocol) server which allows you to synchronize your local clock to the same time that the kerberos servers use, and RHEL3 has support for using ntp servers. See "Chapter 31 Date and Time Configuration" of the Red Hat Enterprise Linux 3: System Administration Guide. The AIT time server is called time.iastate.edu.

• Firewall

The default installation of iptables does not have any easy way of setting the udp timeout value. AFS will not function properly with the default 30 second udp timeout value, so if you need access to AFS it is recommended that you turn off all services you do not need, make sure the services that you do need are current and updated, and disable iptables.

• /usr/vice partition

  The AFS cache manager does not work properly unless the cache directory is on an ext2 or ext3 partition. In addition, the cache manager works best if the cache directory is on its own partition. If you are going to be using AFS, it is recommended that you create a separate partition for /usr/vice and format it as ext2 or ext3. Outside of the cache directory, /usr/vice takes about 11 megs of space, so the partition should be that plus how ever large you want your AFS cache (the default for Iowa State Linux is 50 megs).
  
  

Installation

isl-base

The isl-base package installs kerberos, hesiod and zephyr libraries, client programs and configuration files. Any machine using Iowa State Linux will need this package

up2date -i isl-base

isl-afs

The isl-afs package installs the OpenAFS client programs and libraries and configures OpenAFS to use the iastate.edu cell as the default AFS cell. It does not configure a machine to use AFS space for user home directories, that is supplied by the isl-pvattach package.

up2date -i isl-afs

isl-lpr

Provides an lpr client that talks to the kerberized central print service. Provides lpr, lpq and lprm commands using the /etc/alternatives mechanism (see man alternatives for more information). The provided lpr command will also do standard lpr for any printers configured via the conventional /etc/printcap mechanism.

up2date -i isl-lpr

isl-pvattach

This package configures a machine to use a user's AFS space as their home directory. If a user's home directory already exists on a local drive in the /home partition, that will be used instead.

up2date -i isl-pvattach

isl-pvaccess

This package configures a machine to use IASTATE ACLs (Access Control Lists) to control who can log into or become root (via the ksu command) on a machine. For more information on creating the proper ACLs, see Creating IASTATE Access Control Lists (ACLs)

up2date -i isl-pvaccess