Install AFS on OS X

Posted on February 9, 2011

How to install AFS in OS X as part of the ece.cmu.edu AFS cell.

  1. Download and install the latest OpenAFS release
  2. Replace the contents of the file /var/db/openafs/etc/ThisCell with ece.cmu.edu (root user privileges are needed to edit files in /var, e.g., sudo pico /var/db/openafs/etc/ThisCell)
  3. Remove the option -dynroot from the OPTIONS line in the file /var/db/openafs/etc/config/afs.conf (this allows paths like /afs/ece to be used instead of /afs/ece.cmu.edu)
  4. Create or update the file /Library/Preferences/edu.mit.Kerberos with the following contents: (This configures the kinit command for CMU’s Kerberos 5.)
[libdefaults]
	default_realm = ECE.CMU.EDU
	dns_fallback = yes
	noaddresses = TRUE
        allow_weak_crypto = TRUE

[realms]
	ECE.CMU.EDU = {
		admin_server = krbadmin.ece.cmu.edu
		kdc = kerberos.ece.cmu.edu
		kdc = kerberos-1.ece.cmu.edu
		kdc = kerberos-2.ece.cmu.edu
		kdc = kerberos-3.ece.cmu.edu
	}
	ANDREW.CMU.EDU = {
		admin_server = vice28.fs.andrew.cmu.edu
		kdc = vice28.fs.andrew.cmu.edu
		kdc = vice2.fs.andrew.cmu.edu
		kdc = vice11.fs.andrew.cmu.edu
		kdc = vice7.fs.andrew.cmu.edu
		kdc = new-vice12.fs.andrew.cmu.edu
	}
	SCOTCH.ECE.CMU.EDU = {
		kdc = lagavulin.scotch.ece.cmu.local
	}
  • OpenAFS and Kerberos 5 are now configured
  • AFS starts at boot if a network connection is active at boot
    • To start AFS manually: 
      sudo /Library/StartupItems/OpenAFS/OpenAFS start
    • To stop AFS manually: 
      sudo /Library/StartupItems/OpenAFS/OpenAFS stop
  • Laptop setup with manual AFS startup on OS X Mavericks:
    • Go to Apple -> System Preferences -> OpenAFS -> Tokens
    • Set “Start AFS at boot” to NO
    • To use the AFS menu to start/stop AFS and obtain tokens when desired, set “AFS Menu”, “Backgrounder”, and “Use aklog” to YES. You will need to click the OpenAFS icon (gold padlock in the menu bar) and choose “Startup AFS” before accessing AFS.
  • Kerberos tickets (which convert into AFS tokens with aklog)
    • To get ece.cmu.edu AFS tickets: 
      kinit username@ECE.CMU.EDU && aklog
    • To get andrew.cmu.edu AFS tickets: 
      kinit username@ANDREW.CMU.EDU &&
      aklog andrew.cmu.edu -k ANDREW.CMU.EDU
    • To renew tickets without a password: kinit -R && aklog
    • You can see all your Kerberos tickets using /System/Library/CoreServices/Kerberos.app
This entry was posted in Data Storage, Software and tagged , , , , , , , , , , . Bookmark the permalink.