OpenAFS
Revision as of 06:34, 3 February 2013 by imported>Mjh (Categorization)
OpenAFS is an open-source implementation of the Andrew File System.
OpenAFS Client Installation on Debian
- Install the prerequisite packages
- krb5-user
- krb5-clients
- openafs-krb5
- openafs-client
- module-assistant
- openafs-modules-dkms
- Set the cell name (this should be a FQDN, such as ece.vt.edu)
- Set the Kerberos realm (generally the same as the cell name, but in all caps, e.g. ECE.VT.EDU)
- Set the Kerberos authentication and admin servers (e.g. auth.ece.vt.edu for the ECE deparment)
- Obtain the CellServDB files necessary for your cell. If it is a "public cell", its servers should be published in the CellServDB that openafs-client downloads. If not, you'll need to obtain the database server information from your cell's administrator and append it to /etc/openafs/CellServDB
- Run the module assistant to compile openafs modules for your kernel
sudo m-a prepare
sudo m-a auto-install openafs
sudo modprobe openafs
- Restart the client by issuing
sudo /etc/init.d/openafs-client restart
- Assuming you chose to use the
-dynroot
flag during installation (that is the default), all cells should be accessible in/afs
Client Authentication Instructions
OpenAFS relies on Kerberos for authentication in order to access non-public shares. Follow this procedure to obtain Kerberos tokens for AFS:
- Authenticate to your Kerberos server by issuing
kinit username@YOUR.KERBEROS.REALM.COM
- (optional) View your Kerberos tokens with
klist
- Login to AFS with
aklog
- (optional) View your AFS tokens with
tokens
In order to view permissions on a directory, you can issue the fs la /afs/path/to/directory
. All users are part of the system:anyuser
group, and all users who have authenticated with your Kerberos server are part of the system:authuser
group.