setting up openafs on openbsd

		1. install openafs
			pkg_add openafs
		2. setup your kerberos realm; `info heimdal` has addt'l info too
			a. add dns records
				_kerberos._udp IN SRV 0 0 88 kdc.yourdomain.
				_kerberos._udp IN SRV 1 0 88 kdc2.yourdomain.
				_kerberos._tcp IN SRV 0 0 88 kdc.yourdomain.
				_kerberos._tcp IN SRV 1 0 88 kdc2.yourdomain.
				_kpasswd._udp IN SRV 0 0 464 kdc.yourdomain.
				_kerberos-adm._tcp IN SRV 0 0 749 kdc.yourdomain.
				_kerberos IN TXT "YOUR.REALM"
			b. edit /etc/kerberosV/krb5.conf
			c. give heimdal a home
				# mkdir /var/heimdal
			d. create a master key
				# kstash --random-key
			e. initialize the kerberos database
				# kadmin -l
			f. add some principals
				kadmin> add --random-key host/kdc.yourdomain
				..
				..
				kadmin> add marco
				kadmin> add marco/admin
				kadmin> add marco/afs

				why 3? the first is for regular use as a user. however, if i need to do kerberos maintenance, i have another principal (marco/admin), and, for afs work, i have yet another principal (marco/afs)a
			g. create our acls
				echo "marco/admin@AZBSD.ORG all" > /var/heimdal/kadmind.acl
			h. have it start up magically at boot
				cd /etc
				echo krb5_master_kdc=YES >> rc.conf.local
		3. begin setting up openafs
			(get into kadmin)
			$ kadmin -p marco/admin
			(create an afs principal)
			kadmin> add --random-key afs/azbsd.org
			..
			(extract the keytab for afs/azbsd.org into /tmp/afsv5key)
			kadmin> ext_keytab -k /tmp/afsv5key afs/azbsd.org
			kadmin> exit

			# mkdir /usr/afs
			# cd /usr/afs && ln -s /etc/afs etc
			# ktutil copy /tmp/afsv5key AFSKEYFILE:/etc/openafs/server/KeyFile

			create a host keytab for your afs server
			# kadmin -p marco/admin
			kadmin> add --random-key host/ashley.azbsd.org
			kadmin> ext_keytab -k /tmp/krb5.keytab-ashley host/ashley.azbsd.org afs/azbsd.org
			kadmin> exit

			install the keytab on your fileserver
			# install -m 700 -o root -g wheel /tmp/krb5.keytab-ashley /etc/kerberosV/krb5.keytab

			make homes for openafs stuff
			# mkdir -m 700 /var/openafs /var/openafs/db
			# mkdir -m 755 /etc/openafs /etc/openafs/server /var/openafs/server /var/openafs/cache

			set the cache size
			# echo "/afs:/var/openafs/cache:198112" /etc/openafs/cacheinfo

			create the cell configuration (yes, these are in /etc/afs, not /etc/opeanfs)
			# echo "azbsd.org" > /etc/afs/ThisCell
			# echo ">azbsd.org	#AZBSD" >> /etc/afs/CellServDB
			# echo "140.99.16.202	#ashley.azbsd.org" >> /etc/afs/CellServDB

			now some shortcuts
			# ln -s /etc/afs/CellServDB /etc/openafs/CellServDB
			# ln -s /etc/afs/ThisCell /etc/openafs/ThisCell
			# ln -s /etc/afs/CellServDB /etc/openafs/server/CellServDB
			# ln -s /etc/afs/ThisCell /etc/openafs/server/ThisCell
			# ln -s /etc/openafs/server/KeyFile /etc/openafs/KeyFile


		4. setting up openafs
		start the bosserver without authentication (the security database doesn't exist yet, so it'd be pointless to start it with authentication huh?)
		# /usr/local/sbin/bosserver -noauth -log

		tell openafs our cell's name
		# /usr/local/bin/bos setcellname ashley.azbsd.org azbsd.org -noauth

		create the database processes
		# /usr/local/bin/bos create ashley.azbsd.org buserver simple /usr/local/libexec/openafs/buserver -noauth
		# /usr/local/bin/bos create ashley.azbsd.org ptserver simple /usr/local/libexec/openafs/ptserver -noauth
		# /usr/local/bin/bos create ashley.azbsd.org vlserver simple /usr/local/libexec/openafs/vlserver -noauth