Tag Archives: unfacilitated

AFS on Unfacilitized Linux

How to install AFS on Linux and access the ece.cmu.edu AFS cell.

  1. Download and install the latest OpenAFS release
  2. Download and install the Kerberos client libraries and binaries from your distribution (likely named krb5-apps-client or krb5-client)
  3. Replace the contents of the file ThisCell with ece.cmu.edu (likely found in /etc/openafs/ThisCell, but check your specific package’s install location, root user privileges are needed to edit files in /etc, e.g., sudo vi /etc/openafs/ThisCell)
  4. Optional: Remove the option -dynroot from the OPTIONS line (this will likely be either your init script, or the setup it sources (The line to edit will likely be in your init script: /etc/init.d/openafs-client or /etc/sysconfig/openafs, it will depend on your distribution) (this allows paths like /afs/ece to be used instead of /afs/ece.cmu.edu)
  5. Create or update the file /etc/krb5.conf with the following contents: (This configures the kinit command for CMU’s Kerberos 5.)
	default_realm = ECE.CMU.EDU
	dns_fallback = yes
	noaddresses = TRUE

		admin_server = krbadmin.ece.cmu.edu
		kdc = kerberos.ece.cmu.edu
		kdc = kerberos-1.ece.cmu.edu
		kdc = kerberos-2.ece.cmu.edu
		kdc = kerberos-3.ece.cmu.edu
		admin_server = vice28.fs.andrew.cmu.edu
		kdc = vice28.fs.andrew.cmu.edu
		kdc = vice2.fs.andrew.cmu.edu
		kdc = vice11.fs.andrew.cmu.edu
		kdc = vice7.fs.andrew.cmu.edu
		kdc = new-vice12.fs.andrew.cmu.edu
		kdc = lagavulin.scotch.ece.cmu.local
  • OpenAFS and Kerberos 5 are now configured
  • AFS starts at boot if a network connection is active at boot
    • To start AFS manually: sudo /etc/init.d/openafs-client start
    • To stop AFS manually: sudo /etc/init.d/openafs-client stop
  • Kerberos tickets (which convert into AFS tokens with aklog, or afslog)
    • To get ece.cmu.edu AFS tickets: 
      kinit username@ECE.CMU.EDU && aklog
    • To get andrew.cmu.edu AFS tickets: 
      kinit username@ANDREW.CMU.EDU &&
      aklog andrew.cmu.edu -k ANDREW.CMU.EDU
    • To renew tickets without a password: 
      kinit -R && aklog
    • You can see all your Kerberos tickets using klist
  • Kerberos: AFS Tokens only
    klog username@ECE.CMU.EDU
Posted in Data Storage, Remote Access Tagged , , , , , ,