|
Packit |
9fb438 |
If you're building MUNGE from source on AIX, you need to export the
|
|
Packit |
9fb438 |
OBJECT_MODE environment variable to your environment. It should be set to
|
|
Packit |
9fb438 |
either "32" or "64" depending on whether you want code to be generated for
|
|
Packit |
9fb438 |
a 32-bit or 64-bit architecture. If you are using gcc, you also need to
|
|
Packit |
9fb438 |
set CFLAGS to either "-maix32" or "-maix64". Finally, you should set the
|
|
Packit |
9fb438 |
"--enable-arch" option as well:
|
|
Packit |
9fb438 |
|
|
Packit |
9fb438 |
$ CFLAGS="-maix32" OBJECT_MODE=32 ./configure --enable-arch=32
|
|
Packit |
9fb438 |
|
|
Packit |
9fb438 |
$ CFLAGS="-maix64" OBJECT_MODE=64 ./configure --enable-arch=64
|
|
Packit |
9fb438 |
|
|
Packit |
9fb438 |
In the configure script, AC_INIT is called before anything else and performs
|
|
Packit |
9fb438 |
some basic compiler checks. The "-maix" gcc compiler flag must agree
|
|
Packit |
9fb438 |
with the OBJECT_MODE environment variable recognized by the AIX linker.
|
|
Packit |
9fb438 |
One alternative is to always set OBJECT_MODE=32. The gcc compiler
|
|
Packit |
9fb438 |
will default to "-maix32" which allows the AC_INIT checks to succeed.
|
|
Packit |
9fb438 |
The "--enable-arch" option can then be used to control whether code is
|
|
Packit |
9fb438 |
generated for a 32-bit or 64-bit architecture. For example:
|
|
Packit |
9fb438 |
|
|
Packit |
9fb438 |
$ export OBJECT_MODE=32
|
|
Packit |
9fb438 |
$ ./configure --enable-arch=64
|
|
Packit |
9fb438 |
|
|
Packit |
9fb438 |
This is the trick that is used in the RPM spec file.
|
|
Packit |
9fb438 |
|
|
Packit |
9fb438 |
--
|
|
Packit |
9fb438 |
|
|
Packit |
9fb438 |
MUNGE supports two different types of client authentication under AIX.
|
|
Packit |
9fb438 |
The getpeereid() method is supported by AIX 5.2 ML4 and later. The configure
|
|
Packit |
9fb438 |
script tests for this when "checking for getpeereid". The recvfd-mknod
|
|
Packit |
9fb438 |
file-descriptor-passing method is supported by earlier AIX versions.
|
|
Packit |
9fb438 |
The configure script tests for this when "checking for /dev/spx" and
|
|
Packit |
9fb438 |
"checking for struct strrecvfd".
|
|
Packit |
9fb438 |
|
|
Packit |
9fb438 |
The getpeereid() method is substantially faster; if your system supports that,
|
|
Packit |
9fb438 |
you can stop reading now. On the other hand, the file-descriptor-passing
|
|
Packit |
9fb438 |
method on AIX is excruciatingly slow unless special steps are taken.
|
|
Packit |
9fb438 |
This is due to the fact that a unique STREAMS-based pipe must be created in
|
|
Packit |
9fb438 |
the filesystem for each client authentication attempt, and the journaling
|
|
Packit |
9fb438 |
of the jfs filesystem makes this quite slow. To increase performance,
|
|
Packit |
9fb438 |
the authentication pipe needs to be created in a ramdisk.
|
|
Packit |
9fb438 |
|
|
Packit |
9fb438 |
The following steps create a 5MB ramdisk and mount it as "/tmp/munge".
|
|
Packit |
9fb438 |
A small ramdisk will do just fine. You should then create two directories:
|
|
Packit |
9fb438 |
/tmp/munge/client (permissioned 1733) & /tmp/munge/server (permissioned 0711).
|
|
Packit |
9fb438 |
These directories can be named whatever you like, but these names will be used
|
|
Packit |
9fb438 |
in the following example.
|
|
Packit |
9fb438 |
|
|
Packit |
9fb438 |
# mkramdisk 10000
|
|
Packit |
9fb438 |
/dev/rramdisk0
|
|
Packit |
9fb438 |
|
|
Packit |
9fb438 |
# mkfs -V jfs /dev/ramdisk0
|
|
Packit |
9fb438 |
mkfs: destroy /dev/ramdisk0 (y)? y
|
|
Packit |
9fb438 |
Device /dev/ramdisk0:
|
|
Packit |
9fb438 |
Standard empty file system
|
|
Packit |
9fb438 |
Size: 10000 512-byte (UBSIZE) blocks
|
|
Packit |
9fb438 |
Initial Inodes: 1792
|
|
Packit |
9fb438 |
|
|
Packit |
9fb438 |
# mkdir /tmp/munge
|
|
Packit |
9fb438 |
|
|
Packit |
9fb438 |
# mount -V jfs -o nointegrity /dev/ramdisk0 /tmp/munge
|
|
Packit |
9fb438 |
|
|
Packit |
9fb438 |
# chmod 0755 /tmp/munge
|
|
Packit |
9fb438 |
|
|
Packit |
9fb438 |
# mkdir /tmp/munge/client
|
|
Packit |
9fb438 |
# chmod 1733 /tmp/munge/client
|
|
Packit |
9fb438 |
|
|
Packit |
9fb438 |
# mkdir /tmp/munge/server
|
|
Packit |
9fb438 |
# chmod 0711 /tmp/munge/server
|
|
Packit |
9fb438 |
|
|
Packit |
9fb438 |
# mount
|
|
Packit |
9fb438 |
node mounted mounted over vfs date options
|
|
Packit |
9fb438 |
-------- --------------- --------------- ------ ------------ ---------------
|
|
Packit |
9fb438 |
/dev/ramdisk0 /tmp/munge jfs Oct 01 10:01 rw,nointegrity
|
|
Packit |
9fb438 |
|
|
Packit |
9fb438 |
The MUNGE_AUTH_SERVER_DIR and MUNGE_AUTH_CLIENT_DIR defines in
|
|
Packit |
9fb438 |
src/libcommon/munge_defs.h need to be modified, and then the source
|
|
Packit |
9fb438 |
needs to be recompiled.
|
|
Packit |
9fb438 |
|
|
Packit |
9fb438 |
#define MUNGE_AUTH_SERVER_DIR "/tmp/munge/server"
|
|
Packit |
9fb438 |
#define MUNGE_AUTH_CLIENT_DIR "/tmp/munge/client"
|
|
Packit |
9fb438 |
|
|
Packit |
9fb438 |
Alternatively, you can override these settings with the munged
|
|
Packit |
9fb438 |
"--auth-server-dir" and "--auth-client-dir" command-line options.
|
|
Packit |
9fb438 |
|
|
Packit |
9fb438 |
munged --auth-server-dir /tmp/munge/server \
|
|
Packit |
9fb438 |
--auth-client-dir /tmp/munge/client
|
|
Packit |
9fb438 |
|
|
Packit |
9fb438 |
These options will be moved into the configuration file once one exists.
|