Scientific Linux 5 Installation

System Installation

Follow the instructions on
http://linux.web.cern.ch/linux/scientific5/docs/install.shtml

  1. Create Boot image for 64 bit systems
  2. Select http as installation method
  3. Installation server is: linuxsoft.cern.ch
  4. Installation path is: /cern/slc5X/x86_64/
  5. keep default partition layout
  6. set host name: e.g. serret.physics.purdue.edu

Customize System

http://www.physics.purdue.edu/PCN/doc/wiki/doku.php?id=wiki:procedures:self_maintained:linux

  1. Create /data
    mkdir /data 
    chmod a+rwx /data
    
    All users should create their own directory in /data (e.g. mkdir /data/norbert) to store their local data.
  2. yum install am_utils
  3. /etc/amd.home
    #comment: amd.home map
    /defaults       fs:=/net/${rhost}/home;\
                    opts:=rw,bg,grpid,intr,nosuid,nodevs,quota,proto=udp,vers=3,\
                    rsize=8192,wsize=8192,timeo=8,retrans=4;\
                    rfs:=/net/${rhost}/home;\
                    sublink:=${key};\
                    type:=nfsl
    
    nneumeis        rfs:=/net/${rhost}/home/u;fs:=/net/${rhost}/home/u;rhost:=aristotle
    
    #-- Special Entries
    
    motif           type:=error
    .htaccess       type:=error
    tomb            type:=link;sublink:=.;fs:=/lost+found
    
    #-- This is necessary for amanda(8) to work -- BE CAREFUL IN THE EXTREME --
    
    operator        os==freebsd4;rhost:=aristotle \
                    os==freebsd3;rhost:=aristotle \
                    os==freebsd5;rhost:=aristotle \
                    os==solaris2;rhost:=aristotle \
                    rhost:=london
    
    #-- All other accounts
    
    # Everbody else falls back to a * entry
    *               rhost:=aristotle
    
  4. /etc/hosts
    127.0.0.1               localhost.localdomain localhost xxx.physics.purdue.edu
    128.210.67.230          newton newton.physics.purdue.edu
    128.210.67.227          aristotle aristotle.physics.purdue.edu
    
  5. /etc/group
    zh:x:1399:
    phys:x:1109:
    
  6. Install CUPS printers:
    #/etc/cups/client.conf
    ServerName spool.physics.purdue.edu
    
  7. /etc/krb5
    [libdefaults]
     default_realm = CERN.CH
     ticket_lifetime = 25h
     renew_lifetime = 120h
     forwardable = true
     proxiable = true
    
    [realms]
     CERN.CH = {
      default_domain = cern.ch
      kpasswd_server = afskrb5m.cern.ch
      admin_server = afskrb5m.cern.ch
      kdc = afsdb3.cern.ch
      kdc = afsdb1.cern.ch
      kdc = afsdb2.cern.ch
    
      v4_name_convert = {
         host = {
             rcmd = host
         }
      }
     }
    
     FNAL.GOV = {
      default_domain = fnal.gov
      admin_server = krb-fnal-admin.fnal.gov
      kdc = krb-fnal-1.fnal.gov:88
      kdc = krb-fnal-2.fnal.gov:88
      kdc = krb-fnal-3.fnal.gov:88
     }
    
     CENTRAL.PURDUE.LCL = {
      kdc = 128.210.63.203
      kdc = 1061cendc01.central.purdue.lcl
      admin_server = 1061cendc01.central.purdue.lcl
      default_domain = 1061cendc01.central.purdue.lcl
     }
    
    [domain_realm]
     .cern.ch = CERN.CH
     .fnal.gov = FNAL.GOV
     .central.purdue.lcl = CENTRAL.PURDUE.LCL
     central.purdue.lcl = CENTRAL.PURDUE.LCL
    
    [appdefaults]
     pam = {
       external = true
       krb4_convert = false
       krb4_convert_524 = false
       krb4_use_as_req = false
       ticket_lifetime = 25h
     }
    
    
  8. /etc/yp.conf
    domain purdue-pcn broadcast
    
  9. /etc/ldap.conf
    host volta.physics.purdue.edu
    base dc=physics,dc=purdue,dc=edu
    uri ldaps://volta.physics.purdue.edu
    ssl start_tls
    ssl on
    ldap_version 3
    tls_checkpeer yes
    tls_cacertfile /usr/share/purple/ca-certs/Thawte_Premium_Server_CA.pem
    tls_cacertdir /etc/openldap/cacerts
    # you may need to symlink Thawte_Premium_Server_CA.pem in /etc/openldap/cacerts
    rootbinddn cn=admin,dc=physics,dc=purdue,dc=edu
    
    pam_password md5
    
    binddn cn=unsupported,dc=physics,dc=purdue,dc=edu
    bindpw *********
    
  10. ln -s /bin/bash /usr/local/bin/bash/
  11. nsswitch
  12. /etc/sysconfig/authconfig
    USEMD5=no
    USECRACKLIB=yes
    USEDB=no
    USEHESIOD=no
    USELDAP=yes
    USENIS=yes
    USEPASSWDQC=no
    USEWINBIND=no
    USEAFSKERBEROS=no
    USEKERBEROS=no
    USELDAPAUTH=yes
    USESHADOW=yes
    USESMBAUTH=no
    USEWINBINDAUTH=no
    USELOCAUTHORIZE=yes
    PASSWDALGORITHM=md5
    
  13. /etc/ssh/ssh_config
       GSSAPIAuthentication yes
       GSSAPIDelegateCredentials yes
       GSSAPITrustDNS yes
       PubkeyAuthentication no
       PasswordAuthentication yes
    
  14. AFS
     /usr/sbin/lcm --configure ntpd afsclt
     /usr/sbin/lcm --configure srvtab
     /sbin/chkconfig --add afs
     /sbin/chkconfig --add amd
     /sbin/chkconfig amd on
     /sbin/service amd start
    
  15. /etc/passwd
    nneumeis:x:139702:1109:Norbert Neumeister,PHYSICS 374,767 494 5198,:/home/u/nneumeis:/bin/tcsh
    
  16. /etc/pam.d/system-auth
    auth        required      /lib/security/$ISA/pam_env.so
    auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
    # next line added by NCM-afsclt
    auth        sufficient    /lib/security/$ISA/pam_krb5afs.so try_first_pass minimum_uid=100
    auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
    auth        required      /lib/security/$ISA/pam_deny.so
    
    account     sufficient    /lib/security/$ISA/pam_unix.so broken_shadow
    account     sufficient    /lib/security/$ISA/pam_localuser.so
    account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
    account     [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
    account     required      /lib/security/$ISA/pam_permit.so
    
    password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
    password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok shadow ldap nis debug
    # next line added by NCM-afsclt
    password    sufficient     /lib/security/$ISA/pam_krb5afs.so try_first_pass
    password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
    password    required      /lib/security/$ISA/pam_deny.so
    
    session     required      /lib/security/$ISA/pam_limits.so
    session     required      /lib/security/$ISA/pam_unix.so
    # next line added by NCM-afsclt
    session     required       /lib/security/$ISA/pam_krb5afs.so try_first_pass
    session     optional      /lib/security/$ISA/pam_ldap.so
    
  17. /etc/sysconfig/network
    NETWORKING=yes
    HOSTNAME=xxxx.physics.purdue.edu
    NISDOMAIN=purdue-pcn
    
  18. firewall?