Changes
Added user instructions for Debian
OpenAFS is an open-source implementation of the [[w:Andrew File System|Andrew File System]].
== OpenAFS Client Installation on Debian ==
# Install the prerequisite packages
#* krb5-user
#* krb5-clients
#* openafs-krb5
#* openafs-client
#* module-assistant
#* openafs-modules-dkms
# Set the cell name (this should be a FQDN, such as ece.vt.edu)
# Set the Kerberos realm (generally the same as the cell name, but in all caps, e.g. ECE.VT.EDU)
# Set the Kerberos authentication and admin servers (e.g. auth.ece.vt.edu for the ECE deparment)
# Obtain the CellServDB files necessary for your cell. If it is a "public cell", its servers should be published in the CellServDB that openafs-client downloads. If not, you'll need to obtain the database server information from your cell's administrator and append it to /etc/openafs/CellServDB
# Run the module assistant to compile openafs modules for your kernel
#* <code>sudo m-a prepare</code>
#* <code>sudo m-a auto-install openafs</code>
#* <code>sudo modprobe openafs</code>
# Restart the client by issuing <code>sudo /etc/init.d/openafs-client restart</code>
# Assuming you chose to use the <code>-dynroot</code> flag during installation (that is the default), all cells should be accessible in <code>/afs</code>
== Client Authentication Instructions ==
OpenAFS relies on Kerberos for authentication in order to access non-public shares. Follow this procedure to obtain Kerberos tokens for AFS:
# Authenticate to your Kerberos server by issuing <code>kinit username@YOUR.KERBEROS.REALM.COM</code>
# (optional) View your Kerberos tokens with <code>klist</code>
# Login to AFS with <code>aklog</code>
# (optional) View your AFS tokens with <code>tokens</code>
In order to view permissions on a directory, you can issue the <code>fa la ''/afs/path/to/directory''</code>. All users are part of the <code>system:anyuser</code> group, and all users who have authenticated with your Kerberos server are part of the <code>system:authuser</code> group.
== OpenAFS Client Installation on Debian ==
# Install the prerequisite packages
#* krb5-user
#* krb5-clients
#* openafs-krb5
#* openafs-client
#* module-assistant
#* openafs-modules-dkms
# Set the cell name (this should be a FQDN, such as ece.vt.edu)
# Set the Kerberos realm (generally the same as the cell name, but in all caps, e.g. ECE.VT.EDU)
# Set the Kerberos authentication and admin servers (e.g. auth.ece.vt.edu for the ECE deparment)
# Obtain the CellServDB files necessary for your cell. If it is a "public cell", its servers should be published in the CellServDB that openafs-client downloads. If not, you'll need to obtain the database server information from your cell's administrator and append it to /etc/openafs/CellServDB
# Run the module assistant to compile openafs modules for your kernel
#* <code>sudo m-a prepare</code>
#* <code>sudo m-a auto-install openafs</code>
#* <code>sudo modprobe openafs</code>
# Restart the client by issuing <code>sudo /etc/init.d/openafs-client restart</code>
# Assuming you chose to use the <code>-dynroot</code> flag during installation (that is the default), all cells should be accessible in <code>/afs</code>
== Client Authentication Instructions ==
OpenAFS relies on Kerberos for authentication in order to access non-public shares. Follow this procedure to obtain Kerberos tokens for AFS:
# Authenticate to your Kerberos server by issuing <code>kinit username@YOUR.KERBEROS.REALM.COM</code>
# (optional) View your Kerberos tokens with <code>klist</code>
# Login to AFS with <code>aklog</code>
# (optional) View your AFS tokens with <code>tokens</code>
In order to view permissions on a directory, you can issue the <code>fa la ''/afs/path/to/directory''</code>. All users are part of the <code>system:anyuser</code> group, and all users who have authenticated with your Kerberos server are part of the <code>system:authuser</code> group.