If you're building MUNGE from source on AIX, you need to export the

OBJECT_MODE environment variable to your environment.  It should be set to

either "32" or "64" depending on whether you want code to be generated for

a 32-bit or 64-bit architecture.  If you are using gcc, you also need to

set CFLAGS to either "-maix32" or "-maix64".  Finally, you should set the

"--enable-arch" option as well:

  $ CFLAGS="-maix32" OBJECT_MODE=32 ./configure --enable-arch=32

  $ CFLAGS="-maix64" OBJECT_MODE=64 ./configure --enable-arch=64

In the configure script, AC_INIT is called before anything else and performs

some basic compiler checks.  The "-maix" gcc compiler flag must agree

with the OBJECT_MODE environment variable recognized by the AIX linker.

One alternative is to always set OBJECT_MODE=32.  The gcc compiler

will default to "-maix32" which allows the AC_INIT checks to succeed.

The "--enable-arch" option can then be used to control whether code is

generated for a 32-bit or 64-bit architecture.  For example:

  $ export OBJECT_MODE=32

  $ ./configure --enable-arch=64

This is the trick that is used in the RPM spec file.

--

MUNGE supports two different types of client authentication under AIX.

The getpeereid() method is supported by AIX 5.2 ML4 and later.  The configure

script tests for this when "checking for getpeereid".  The recvfd-mknod

file-descriptor-passing method is supported by earlier AIX versions.

The configure script tests for this when "checking for /dev/spx" and

"checking for struct strrecvfd".

The getpeereid() method is substantially faster; if your system supports that,

you can stop reading now.  On the other hand, the file-descriptor-passing

method on AIX is excruciatingly slow unless special steps are taken.

This is due to the fact that a unique STREAMS-based pipe must be created in

the filesystem for each client authentication attempt, and the journaling

of the jfs filesystem makes this quite slow.  To increase performance,

the authentication pipe needs to be created in a ramdisk.

The following steps create a 5MB ramdisk and mount it as "/tmp/munge".

A small ramdisk will do just fine.  You should then create two directories:

/tmp/munge/client (permissioned 1733) & /tmp/munge/server (permissioned 0711).

These directories can be named whatever you like, but these names will be used

in the following example.

  # mkramdisk 10000

  /dev/rramdisk0

  # mkfs -V jfs /dev/ramdisk0

  mkfs: destroy /dev/ramdisk0 (y)? y

  Device /dev/ramdisk0:

    Standard empty file system

    Size:           10000 512-byte (UBSIZE) blocks

    Initial Inodes: 1792

  # mkdir /tmp/munge

  # mount -V jfs -o nointegrity /dev/ramdisk0 /tmp/munge

  # chmod 0755 /tmp/munge

  # mkdir /tmp/munge/client

  # chmod 1733 /tmp/munge/client

  # mkdir /tmp/munge/server

  # chmod 0711 /tmp/munge/server

  # mount

    node       mounted        mounted over    vfs       date        options

  -------- ---------------  ---------------  ------ ------------ ---------------

           /dev/ramdisk0    /tmp/munge       jfs    Oct 01 10:01 rw,nointegrity

The MUNGE_AUTH_SERVER_DIR and MUNGE_AUTH_CLIENT_DIR defines in

src/libcommon/munge_defs.h need to be modified, and then the source

needs to be recompiled.

  #define MUNGE_AUTH_SERVER_DIR           "/tmp/munge/server"

  #define MUNGE_AUTH_CLIENT_DIR           "/tmp/munge/client"

Alternatively, you can override these settings with the munged

"--auth-server-dir" and "--auth-client-dir" command-line options.

  munged --auth-server-dir /tmp/munge/server \

         --auth-client-dir /tmp/munge/client

These options will be moved into the configuration file once one exists.