Scientific Linux Fermi  309 on x86_64    			Oct 25 ,2007 

Please send bug reports to dawson@fnal.gov,csieh@fnal.gov

----------------------------------------------------------------------------

Please read the Release Notes for Scientific Linux.  They are located at
SL.releasenote

All of the info in the SL.releasenote is valid unless this document
states otherwise.  This document only contains info that is specific
to the Fermi site. It may specifically say to read the
SL.releasenote file, this is only done to emphasize this item.

----------------------------------------------------------------------------

This is based on Scientific Linux 3.0.9, which is a rebuild of AS 3   
*including Update 9, with the following changes.  
Please read this entire document before installing.  

Table of contents

	HARDWARE REQUIREMENTS
	INSTALLATION INFO
	ADDED compared to Scientific Linux 3.0.9 
	UPDATED compared to Scientific Linux 3.0.9 
	Installer modifications
	/contrib 
	/docs
	MISC Notes
	HARDWARE SPECIFIC ISSUES
	SOFTWARE ISSUES/BUGS
	SUPPORT INFO
	vendor ERRATA

Each has a "---" line above and below it.
_____________________________________________________________________________
HARDWARE REQUIREMENTS
_____________________________________________________________________________

   The following information represents the minimum hardware requirements
   necessary to successfully install Scientific Linux Fermi LTS 3.0.9 :

   - Minimum:  Pentium III or Athlon or newer

   - Recommended for text-mode: 

   		- Minimum of 256MB Memory

   - Recommended for graphical: 

 		- Recommended: 512MB

   Hard Disk Space (NOTE: Additional space will be required for user data):

   - Common "Fermi Generic Desktop" Installation : 4.5GB

_____________________________________________________________________________
INSTALLATION INFO
_____________________________________________________________________________
Installation Locations

Via NFS 

  linux.fnal.gov:/export/linux/lts30rolling/x86_64/

 with cdrom

  There is also a boot.iso which is small iso image which includes all the 
  drivers on the driver floppies and the generic boot info.  This can be used
  instead of the above floppies.  After download you can use cdrecord to
  create a cdr with this image on it.

    ftp://linux.fnal.gov/linux/lts30rolling/x86_64/images/Fermi/boot.iso

Via CDROM

  Download and then burn cdrom iso images from

    ftp://linux.fnal.gov/linux/iso/lts30rolling/x86_64/

-----------------------------------------------------------------------------
ADDED compared to SL 3.0.9 
-----------------------------------------------------------------------------
flpr
	
	The flpr rpm is installed by default.  I got the latest version
	from Randy.  This does NOT require ups/upd.  The flpr binary will
	reside in /usr/local/bin/ .  This should just make using flpr
	easier for all. 

  		flpr-2.4-4f.9x.i386.rpm

Kerberos  -- Fermi version 

* 	krb5-fermi-config-2.7a-1.noarch.rpm
* 	krb5-fermi-krb5.conf-2.7a-1.noarch.rpm
* 	krb5-getcert-1.8d-3.LTS3.i386.rpm
* 	krb5-libs-fermi-1.8d-3.LTS3.i386.rpm
* 	krb5-workstation-fermi-1.8d-3.LTS3.i386.rpm

 	release 1.8a-LTS30x.1 fixes a security problem.
 	Correct permissions were put on all files
 	your old krb5.conf is now checked to see if it needs to be 
 	completely fresh or not.  If it does not need a fesh krb5.conf
 	then only the top half is changed.

  	kx509 and kxlist were added.

  	krb5-fermi-krb5.conf will ONLY put on a /etc/krb5.conf that points
  	to the fermi domain.  If you have krb5-fermi-config you DO NOT 
  	need this.  This is intended for use with the Redhat provided
	kerberos.  Many offsite users will find this of use.
	
	krb5-fermi-config-1.9-4 and later has a seperate script that only
	adds or removes aklog from your krb5.conf.  This script now get's
	run (via triggers) whenever openafs get's added or removed.

OpenAFS 
	
	See SL.releasenote

 	openafs-thiscell-FNAL-4.noarch.rpm

 		This sets up the "thiscell" to point to Fermi.


SLIP

	Scientific Linux Inventory Project

        	ocsinventory-client-0.9.9-7.noarch.rpm
		     This client will run daily via cron
       		perl-XML-Simple-2.14-2.rf.noarch.rpm
 		     Dependency of ocsinventory-client

sndconfig

	Used to setup sound cards.
	Added to maintain consistancy with i386
	
	
SL_rpm_show_arch-1.0-1.noarch.rpm

 	Changes the default output of "rpm -q <rpm name>" from
 	"name-version" to "name-version.arch"

upsupdbootstrap
 
  	This version does NOT make the links in /usr/local/bin/ to /usr/bin
  
  	  upsupdbootstrap-4.1-1.i386.rpm
          upsupdbootstrap-local-4.0-1.i386.rpm
          upsupdbootstrap-generic-4.0-1.i386.rpm  	

Workgroup tag files
	
	These are used to specify which workgroup you belong to.

 	Astro-tag-3.0-4.noarch.rpm
 	BooNE-tag-3.0-4.noarch.rpm
 	BooNEDataServer-tag-3.0-5.noarch.rpm
        BTeV-tag-3.0-5.noarch.rpm
        BTeVTrigger-tag-3.0-5.noarch.rpm
	BTeVSimulation-tag-3.0-7.noarch.rpm
        BTeVWorker-tag-3.0-7.noarch.rpm
 	CDFCAFworker-tag-3.0-4.noarch.rpm
 	CDFlevel3-tag-3.0-4.noarch.rpm
 	CDFoffsite-tag-3.0-4.noarch.rpm
 	CDFonline-tag-3.0-4.noarch.rpm
 	CDF-tag-3.0-4.noarch.rpm
 	ClueD0Workstation-tag-3.0-4.noarch.rpm
 	CMSdesktop-tag-3.0-4.noarch.rpm
 	CMSfarm-tag-3.0-4.noarch.rpm
 	CMSserver-tag-3.0-4.noarch.rpm
 	ConsoleServer-tag-3.0-4.noarch.rpm
 	CPD-tag-3.0-4.noarch.rpm
 	CPDserver-tag-3.0-5.noarch.rpm
 	CSS-tag-3.0-4.noarch.rpm
 	FarmsConsole-tag-3.0-4.noarch.rpm
 	Farms-tag-3.0-4.noarch.rpm
 	FermiStandAlone-tag-3.0-4.noarch.rpm
 	FermiVeryGeneric-tag-3.0-4.noarch.rpm
 	FnaluBatch-tag-3.0-4.noarch.rpm
 	FnaluInteractive-tag-3.0-4.noarch.rpm
 	FOCUS-tag-3.0-4.noarch.rpm
 	GenericFarm-tag-3.0-4.noarch.rpm
 	Minos-tag-3.0-4.noarch.rpm
 	OAA-tag-3.0-4.noarch.rpm
 	RIP-tag-3.0-4.noarch.rpm
 	SDSS-tag-3.0-4.noarch.rpm
 	Sidet-tag-3.0-4.noarch.rpm
 	Theory-tag-3.0-4.noarch.rpm
	FermiGenericDesktopOffsite-tag-3.0-6.noarch.rpm
 	D0online-tag-3.0-8.noarch.rpm
 	EAG-tag-3.0-8.noarch.rpm

zz_a2ps_stdout-1.0-2.noarch.rpm

	Changed from i386 to noarch as that is what they should have been
	in the first place.

        Change the output of a2ps to go to stdout vs the printer.

zz_cups_nobrowse-1.0-4.noarch.rpm

	Changed from i386 to noarch as that is what they should have been
	in the first place.

        By default the cups deamon constantly searches the network to find
        and check on other cups printers.  This rpm turns that feature off.
	It also turns off the cupd server as it is not really needed.
 
zz_dhcp_resolv-2.2-1.noarch.rpm

	Changed from i386 to noarch as that is what they should have been
	in the first place.

	This rpm fixes that so that when your network starts, as it checks 
	your resolv.conf, if you have dhcp.fnal.gov, but not fnal.gov it will
	put it in, so that you will have "search fnal.gov dhcp.fnal.gov" in 
	your /etc/resolv.conf file.

zz_emacs_link-1.1-3.noarch.rpm

	Changed from i386 to noarch as that is what they should have been
	in the first place.

	Make a symbolic link from "emacs" to "xemacs" when xemacs is installed
	and emacs is not installed.  This version uses triggers to make or 
	remove the link when emacs, or xemacs is added or removed.

zz_fermi-logos

	Changed from i386 to noarch as that is what they should have been
	in the first place.

	zz_fermi-logos-3.0.2-1.noarch.rpm
   	redhat-artwork-0.73.2-1.LTS.i386.rpm
	redhat-artwork-0.73.2-1.LTS.x86_64.rpm
	redhat-logos-1.1.14.3-5.LTS.noarch.rpm

	Because we were required to change redhat-logos, we didn't have
	to do all the little tweeks that we were doing in zz_fermi-logos
	This version has most of those tweeks taken out.
	Since it is related, and the license permits us, we have also
	taken out the most glaring redhat logo's from redhat-artwork.
	Fixed a bug with the gdm greeeter theme.
	Put in gnome-foot for menu icon so you can tell it is gnome.

zz_firstboot_fix-1.0-1.noarch.rpm

	Changed from i386 to noarch as that is what they should have been
	in the first place.

	Make changes to firstboot.
	1.0 - removes the question about adding users
 
zz_lang_collate-1.0-2.noarch.rpm

	Changed from i386 to noarch as that is what they should have been
	in the first place.

	Changes LANG so that sorting is done the same as 6.1 and
	earlier.  (ABCabc instead of AaBbCc).  This is not installed by
	default except for a few workgroups.  Can be added later with
	a "yum install zz_lang_collate" .

zz_logwatch_df-1.0-2.noarch.rpm

	Changed from i386 to noarch as that is what they should have been
	in the first place.

	By default logwatch does a df -h when looking at disk usage.  This
	can be unwanted if you have alot of NFS mounted disks.  This rpm
	change the command to be df -h -l, which looks at local disks only.

zz_ntp_configure-4.0-1.noarch.rpm

	Changed from i386 to noarch as that is what they should have been
	in the first place.

	Configure ntp for Fermi site network.

zz_pine_user_domain-1.0-1.noarch.rpm

	Changed from i386 to noarch as that is what they should have been
	in the first place.

	By default when a user sends mail from pine their email address
	is myname@mycomputer.fnal.gov.  This rpm changes it so that the
	default is myname@fnal.gov by modifying the /etc/pine.conf config file.

zz_rhnsd_off-1.0-1.noarch.rpm

	Changed from i386 to noarch as that is what they should have been
	in the first place.

	This rpm turns off rhnsd, which is on by default. 

zz_sendmail_fermi_gateway-2.0-1.noarch.rpm
 
 	This rpm is designed to send outbound sendmail e-mail through 
 	the fermilab e-mail gateway(smtp.fnal.gov).

zz_sshd_aklog-3.9-4.noarch.rpm
 	
  	Turns the KerberosGetAFSToken setting on in your sshd_config
  	As of Fermi's version openssh-3.9p1-8.SLF.4.17 this option was
  	taken out of the sshd_config due to it not working and causing
  	an error.  This rpm currently does nothing.
	This script is 'trigger'able, so that when you update your 
	openssh-server or your afs client, it will re-run to keep the 
	sshd_config file up to date.

zz_sshd_nonkerberized-3.9-1.noarch.rpm
 
 	Fermi's openssh is normally kerberized out of the box.  This rpm 
 	will make it non-kerberized.  Should only be used offsite.
  	version 3.9 was changed to work with the configurations of openssh 3.9 

zz_sshd_pam-3.9-3.noarch.rpm
  
  	This changes the setting in sshd_config from "UsePAM = no" to "UsePAM = yes"
  	When used with the new pam_krb5 (version 2.2.8-2) this allows your
  	ssh deamon to do cryptocard prompting.

zz_tcp_wrappers_change-3.0-1.noarch.rpm

	Changed from i386 to noarch as that is what they should have been
	in the first place.

	Disable all offsite access to common network services.  Also
	puts in the "DOE required login banners".  If it determines that
	you have already modified /etc/hosts.allow or host.deny it leaves
	them alone.
  	
zz_tex_tweaks-1.0-1.noarch.rpm

	Changed from i386 to noarch as that is what they should have been
	in the first place.

        Changes the default paper size to 8.5 x 11 vs A3
 
---------------------------------------------------------------------------
UPDATED compared to SL 3.0.5 
----------------------------------------------------------------------------
apt-get
 
 	Scientific Linux Fermi x86_64 is NOT aptable as apt does NOT understand
        a multiarch release and this release is multiarch. 

	Only YUM is installed by default and ONLY YUM is SUPPORTED at Fermi. 

authconfig

        Authconfig needed to be tweeked because it was putting a line into
        the /etc/pam.d/system-auth that would not allow you to log into
        root or a group account if there was a .k5login file in the accounts
        home area.  This is the same change that was done in Fermi Linux 9.0.x
	We also changed it so that it quit putting the kerberos realm, as a
	line by itself in the top of krb.conf.  This was causing some
	authentications to never return.

		authconfig-4.3.7-1f2.x86_64.rpm 
		authconfig-gtk-4.3.7-1f2.x86_64.rpm

Fermi-release 

       Made change so that /etc/issue and /etc/issue.net showed Fermi
       LTS.  This is a modified SL-release.
*       Changed release number to 3.0.9
* 	Put seamonkey default bookmarks in Fermi-release

*Seamonkey

	Note that you can only install one arch of Seamonkey.  We have 
	selected the i386 version by default as this allows for all
	the i386 version plugins to work.  If you want the x86_64 version
	you will have to remove the i386 version before installing the
	x86_64 version.
	
	   yum remove seamonkey*
	   yum install seamonkey.x86_64


OpenSSH 
  
   	This is the openssh from S.L. 4.x with some patches and modifications.
   
   	It does kerberos with both fermi's old openssh(old gssapi), as well as
   	generic new openssh's(new gssapi) for both the server and the client.  
   	So end users won't need a special openssh.
   
   	It works with multiple IP address's (if you are behind a load balancer)
   
   	It has the "High Performance Networking" patch (a command line option)
   	http://www.psc.edu/networking/projects/hpn-ssh/
   
   	It does 'kerberos only' by default
   
   	It does not do cryptocard.  Users needing this need to install 
   	the modified pam module (pam_krb5-2.2.8-2) and then either change
   	the sshd_config to say "UsePAM = yes" or install the
   	zz_sshd_pam rpm.
   
	If a workgroup wants to install openssh-server then they just need 
	to add the entry from their "comps" file as it is NOT installed by
	default.

* 	openssh-3.9p1-8.SLF.3.22.x86_64.rpm
* 	openssh-askpass-3.9p1-8.SLF.3.22.x86_64.rpm
* 	openssh-askpass-gnome-3.9p1-8.SLF.3.22.x86_64.rpm
* 	openssh-clients-3.9p1-8.SLF.3.22.x86_64.rpm
* 	openssh-server-3.9p1-8.SLF.3.22.x86_64.rpm

pam_krb5
   
   	This pam module is the same as the old one, but it adds cryptocard 
   	authentication.
   	This has been compiled with static libraries so it doesn't matter which
   	kerberos you have installed.
   
* 	pam_krb5-2.2.11-4.slf3.x86_64.rpm

redhat-lsb

 	Changed to have LTS 308 be lsb compliant

* 	redhat-lsb-1.3-3.1.LTS.309.i386.rpm
* 	redhat-lsb-1.3-3.1.LTS.309.x86_64.rpm

 

Yum  -- From Duke University 

        yum-2.0.7-11.SL.noarch.rpm	
* 	yum-conf-309-2.LTS.noarch.rpm
*  	yum-conf-3x-2-2.LTS.noarch.rpm
  
* 	yum.cron now uses /etc/yum.conf for a template for it's configuration
* 	file.  If /etc/yum.conf has an excludes line, it will append the 
* 	excludes in /etc/yum.d/yum.cron.excludes.  If /etc/yum.conf does 
* 	not have an excludes line, it will add the one from 
* 	/etc/yum.d/yum.cron.excludes
* 
* 	yum-conf-3x was created for those users who want to be at the latest
* 	stable release.  It is always pointing at the 3x area.

vnc
        Issue with vnc allowing more than just localhost to connect by
        default.
 
        The starting point was the latest Fedora Core SRPM of vnc,
        back-ported to use the XFree86-4.3.0-78.EL sources instead of x.org
        and javac instead of the (too-old) gcc-java, and patched to set the
        "localhostOnly" parameter to true by default. Note that it is still
        possible to return to RISKY behavior by invoking:
 
                vncserver -localhost="no" (or 0, or "off")
 
        Note that vncviewer has the new option "-via", meaning that the
        command line:
 
                vncviewer -via <host>.fnal.gov localhost:1
 
        will set up an SSH tunnel and use it to access the local vncserver
        running on <host>.fnal.gov, all in one step.
 
        NOTE that vnc is ONLY allowed if used with a SSH tunnel onsite at
        Fermi.  See the above info.
 
        Thanks to Chris Green for this patched vnc.
----------------------------------------------------------------------------
Installer modifications
---------------------------------------------------------------------------

     Kerberos is enabled by default on the normal  authentication
     screen.  The installer does NOT know if what you put in here is
     accurate so if you change something make sure it is right because
     that is what you are going to get. 

     Changes to "defaults" from vendor installer.

	Firewall is off by default.  vendor default was Medium.

	US/Central is default timezone.  vendor default was New York.

	Kerberos is on by default with a realm of FNAL.GOV .  vendor default
	was off.

	flpr

		Now installed by default.  No need for ups/upd as this is
		a rpm.

	Updated post.sh to do a full chroot to /mnt/sysimage for increased
	install RPM reliability.  (thanks to Chris Green)

---------------------------------------------------------------------------
/contrib/ 
---------------------------------------------------------------------------
The packges in this section have been contributed by various people.  They
are presented AS IS and there is no guarantee of them working.  These packages
are NOT supported by us.  They will only get security updates if the
contributor provides them.  If you have questions about them then ask the
contributor.

There are really 2 contrib trees.  One for the base Scientific Linux and one
for the Fermi site.  To use with yum you will need to uncomment out 
either/both of the "contrib" lines in /etc/yum.conf

See README's in the RPMS/ directorys for specific info.

/sites/Fermi/contrib/RPMS/

/contrib/RPMS/

---------------------------------------------------------------------------
MISC NOTES
---------------------------------------------------------------------------
---------------------------------------------------------------------------
SUPPORT INFO
---------------------------------------------------------------------------
Fermi site users should start with the "Fermi" specific support areas and
use the Scientific Linux next.

Fermi Linux web pages

	http://www.fnal.gov/cd/unix/linux

Fermi Linux Community support mailing list

  linux-users@fnal.gov

	Which is archived at 

		http://listserv.fnal.gov/archives/linux-users.html

Scientific Linux web page

	http://www.scientificlinux.org	

--------------------------------------------------------------------------
ERRATA added after the release of SL 3.0.8
--------------------------------------------------------------------------
*       krb5-devel-1.2.7-67.x86_64.rpm
*       krb5-libs-1.2.7-67.i386.rpm
*       krb5-libs-1.2.7-67.x86_64.rpm
*       krb5-server-1.2.7-67.x86_64.rpm
*       krb5-workstation-1.2.7-67.x86_64.rpm
*       tzdata-2007h-1.el3.noarch.rpm
*       libpng10-1.0.13-18.i386.rpm
*       libpng10-1.0.13-18.x86_64.rpm
*       libpng10-devel-1.0.13-18.x86_64.rpm
*       libpng-1.2.2-28.i386.rpm
*       libpng-1.2.2-28.x86_64.rpm
*       libpng-devel-1.2.2-28.x86_64.rpm
*       openssl-0.9.7a-33.24.i686.rpm
*       openssl-0.9.7a-33.24.x86_64.rpm
*       openssl-devel-0.9.7a-33.24.x86_64.rpm
*       openssl-perl-0.9.7a-33.24.x86_64.rpm
* 	seamonkey-1.0.9-0.5.el3.i386.rpm
* 	seamonkey-1.0.9-0.5.el3.x86_64.rpm
* 	seamonkey-chat-1.0.9-0.5.el3.i386.rpm
* 	seamonkey-chat-1.0.9-0.5.el3.x86_64.rpm
* 	seamonkey-devel-1.0.9-0.5.el3.x86_64.rpm
* 	seamonkey-dom-inspector-1.0.9-0.5.el3.i386.rpm
* 	seamonkey-dom-inspector-1.0.9-0.5.el3.x86_64.rpm
* 	seamonkey-js-debugger-1.0.9-0.5.el3.i386.rpm
* 	seamonkey-js-debugger-1.0.9-0.5.el3.x86_64.rpm
* 	seamonkey-mail-1.0.9-0.5.el3.i386.rpm
* 	seamonkey-mail-1.0.9-0.5.el3.x86_64.rpm
* 	seamonkey-nspr-1.0.9-0.5.el3.i386.rpm
* 	seamonkey-nspr-1.0.9-0.5.el3.x86_64.rpm
* 	seamonkey-nspr-devel-1.0.9-0.5.el3.x86_64.rpm
* 	seamonkey-nss-1.0.9-0.5.el3.i386.rpm
* 	seamonkey-nss-1.0.9-0.5.el3.x86_64.rpm
* 	seamonkey-nss-devel-1.0.9-0.5.el3.x86_64.rpm