-
Notifications
You must be signed in to change notification settings - Fork 46
/
README.AIX
88 lines (66 loc) · 3.57 KB
/
README.AIX
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
If you're building MUNGE from source on AIX, you need to export the
OBJECT_MODE environment variable to your environment. It should be set to
either "32" or "64" depending on whether you want code to be generated for
a 32-bit or 64-bit architecture. If you are using gcc, you also need to
set CFLAGS to either "-maix32" or "-maix64". Finally, you should set the
"--enable-arch" option as well:
$ CFLAGS="-maix32" OBJECT_MODE=32 ./configure --enable-arch=32
$ CFLAGS="-maix64" OBJECT_MODE=64 ./configure --enable-arch=64
In the configure script, AC_INIT is called before anything else and performs
some basic compiler checks. The "-maix" gcc compiler flag must agree
with the OBJECT_MODE environment variable recognized by the AIX linker.
One alternative is to always set OBJECT_MODE=32. The gcc compiler
will default to "-maix32" which allows the AC_INIT checks to succeed.
The "--enable-arch" option can then be used to control whether code is
generated for a 32-bit or 64-bit architecture. For example:
$ export OBJECT_MODE=32
$ ./configure --enable-arch=64
This is the trick that is used in the RPM spec file.
--
MUNGE supports two different types of client authentication under AIX.
The getpeereid() method is supported by AIX 5.2 ML4 and later. The configure
script tests for this when "checking for getpeereid". The recvfd-mknod
file-descriptor-passing method is supported by earlier AIX versions.
The configure script tests for this when "checking for /dev/spx" and
"checking for struct strrecvfd".
The getpeereid() method is substantially faster; if your system supports that,
you can stop reading now. On the other hand, the file-descriptor-passing
method on AIX is excruciatingly slow unless special steps are taken.
This is due to the fact that a unique STREAMS-based pipe must be created in
the filesystem for each client authentication attempt, and the journaling
of the jfs filesystem makes this quite slow. To increase performance,
the authentication pipe needs to be created in a ramdisk.
The following steps create a 5MB ramdisk and mount it as "/tmp/munge".
A small ramdisk will do just fine. You should then create two directories:
/tmp/munge/client (permissioned 1733) & /tmp/munge/server (permissioned 0711).
These directories can be named whatever you like, but these names will be used
in the following example.
# mkramdisk 10000
/dev/rramdisk0
# mkfs -V jfs /dev/ramdisk0
mkfs: destroy /dev/ramdisk0 (y)? y
Device /dev/ramdisk0:
Standard empty file system
Size: 10000 512-byte (UBSIZE) blocks
Initial Inodes: 1792
# mkdir /tmp/munge
# mount -V jfs -o nointegrity /dev/ramdisk0 /tmp/munge
# chmod 0755 /tmp/munge
# mkdir /tmp/munge/client
# chmod 1733 /tmp/munge/client
# mkdir /tmp/munge/server
# chmod 0711 /tmp/munge/server
# mount
node mounted mounted over vfs date options
-------- --------------- --------------- ------ ------------ ---------------
/dev/ramdisk0 /tmp/munge jfs Oct 01 10:01 rw,nointegrity
The MUNGE_AUTH_SERVER_DIR and MUNGE_AUTH_CLIENT_DIR defines in
src/libcommon/munge_defs.h need to be modified, and then the source
needs to be recompiled.
#define MUNGE_AUTH_SERVER_DIR "/tmp/munge/server"
#define MUNGE_AUTH_CLIENT_DIR "/tmp/munge/client"
Alternatively, you can override these settings with the munged
"--auth-server-dir" and "--auth-client-dir" command-line options.
munged --auth-server-dir /tmp/munge/server \
--auth-client-dir /tmp/munge/client
These options will be moved into the configuration file once one exists.