To get maximum benefit and use of your Unix system, ITS recommends that you configure your system to take advantage of UNC's Distributed Computing Infrastructure (DCI).

DCI Supported UNIX Platforms

• Sun Solaris 8
• Sun Solaris 7
• Sun Solaris 2.7
• SGI IRIX 6.5
• IBM AIX 4.3
• IBM AIX 5.1
• RedHat 7.2

Contacts

• dci@unc.edu

Obtaining the OS

Steps to installing a UNIX-based DCI machine:

1. Select a hostname and obtain an IP address, to do this you should contact your local network administrator. You should also register your IP address with the hostname you have selected. To do this, send email to host-reg@unc.edu. In the body of the email be sure to include your IP address and hostname.
2. Install the OS. Follow the directions of the manuals provided with the software. For the network installation, you will need to know:
   • The machine's unique IP address and hostname
   • The default domain - get this information from your local network administrator
   • The subnet mask : 255.255.0.0 (if you are on the main campus network)
   • The dns:  152.2.21.1  backup dns: 152.2.253.100
   • The gateway/default router: 152.2.254.254 or 152.2.<subnet>.254
3. Patch the system - a set of patches can usually be obtained by visiting the vendor's web site.
• http://sunsolve.Sun.COM/pub-cgi/show.pl?target=patches/patch-access for Sun Solaris
• http://www.sgi.com/support/patch_intro.html for SGI IRIX
• www.ibm.com for IBM AIX
4. Install an AFS client.
5. Install any local additional packages
6. Customize services
7. Add users - using the prop tools

Security

• Allocate sufficient personnel to keep your system secure. At least once a month a system administrator should review security alerts, vendor notifications, and your system for security vunerabilities. Apply required security patches promptly.
• The fewer services, the better. We recommend you remove the r-services (ie rsh, rlogin, etc).
• Don't allow anonymous FTP.
• Encourage users to use encrypted ssh rather than telnet.
• Check your system for intrusions - here is CERT's intruder detection checklist.
• Run checksum software such as Tripwire.
• Get on the CERT mailing list.
• Always report break-ins and suspected break-ins to ATN Security Services.
• Look to the following web pages for information on security:  
  • www.unc.edu/security
  • www.cert.org
  • www.ciac.org
  • Vendor Web Pages
  • www.sun.com For Solaris systems
  • www.sgi.com For IRIX systems
  • www.ibm.com For AIX systems
  • www.redhat.com For (redhat) Linux systems

Backup

• Be sure to backup your system often. This is your responsibility!!!
  However your AFS space will be backed-up nightly, so you only need to back up local disk.

Authentication

• Kerberos is a enterprise-level, secure authentication system. Under Kerberos, information obtained from your login (userid and password ) is used to create a Kerberos ticket. This ticket is then sent to a secure, centralized database to check whether your ticket (and thus your login and password) is authentic.
  If an application understands Kerberos, it can use your Kerberos ticket to create other tickets that authenticate to remote services. This way tickets are sent over the network rather than your login and password.
  ATN maintains a kerberos realm ISIS.UNC.EDU and several Kerberized applications. In order to use these Kerberized applications, you will need to install the following two files: /etc/krb.conf and /etc/krb.realms (given that an AFS client has already been installed). Standard files for use can be found at /afs/isis/common/etc/krb.conf and /afs/isis/common/etc/krb.realms. You may copy these files to /etc/krb.conf and /etc/rkb.realms, just make sure that you give root ownership and that you give everyone read-only permissions.

Account Management

• The DCI requires that all participants be under the same namespace. This standard is maintained by the use of the prop tools.