Reviewed by bil, 01.29.2018
How to setup AFS for OS X
Installing and setting up openAFS on OS X is pretty straightforward. You need to install the AFS client, configure it for our cell.
Auristor is the company that has taken over development of the afs client, the installer can be found here:
You will have to scroll through their terms and conditions and also register in advance before you can download the client When you run the installer, you will be prompted for the name of our cell, that is cs.unc.edu.
Once you have installed the client, open a terminal and run:
kinit your-cs-id@CSX.UNC.EDU aklog
If you login successfully, you can see your Kerberos tickets with
And your afs tokens:
To get to AFS in the terminal run
And to open your home dir:
Warning, this section below is left for historical purposes and doesn’t apply any longer
First, download the openAFS package, generally the one you want is the Maintenance Release, as that is considered the most stable version. Run the installer. Then open Terminal.app and check the following:
- Change directories to /var/db/openafs/etc
- Use vi or pico to open the ThisCell file. This file should contain only one line, with cs.unc.edu.
sudo vi ThisCell
- Copy the CellServDB file to CellServDB.orig
sudo cp ./CellServDB ./CellServDB.orig
- Use vi or pico to make a new CellServDB file
sudo vi CellServDB
- Put the following in the CellServDB file
>isis.unc.edu # University of North Carolina Project Isis22.214.171.124 #db0.isis.unc.edu126.96.36.199 #db1.isis.unc.edu188.8.131.52 #db2.isis.unc.edu>cs.unc.edu #Cell name184.108.40.206 #afs1.cs.unc.edu220.127.116.11 #afs2.cs.unc.edu18.104.22.168 #afs3.cs.unc.edu
- Save the file and reboot. You should have an AFS running and be able to access the cs.unc.edu cell
Install Kerberos extras
In spring of 2011, we took down the older kaserver, so the old method of authenticating via klog no longer works. Instead, we authenticate against our CSX.UNC.EDU kerberos realm, and once we have a ticket from there, we use aklog to get access to AFS based on that ticket. OS X comes with kerberos, but MIT provides an addon package, Kerberos Extras, that extends the basic functionality. The configuration file for kerberos is /Library/Preferences/edu.mit.Kerberos, and that needs to be edited to include information about our kerberos servers and those of campus. To simplify this, bil put together a small installer that will install the kerberos extras, configure the edu.mit.kerberos file, and copy a script named afs to /usr/local/bin (if it exists) or /usr/bin.
- Download the klog_replacement.zip file
- Double click on it to unpack it.
- Open a Terminal window, and cd into the klog_replacement directory (you can drag the folder into the terminal window to copy that path into terminal, so type “cd[space]”, then drag the folder).
- Run the installer
- sudo ./00install.sh
At this point, you should see the kerberos extras install. Once it’s complete, you should be able to type “afs” in a terminal window and be prompted for your CS password. If everything works as expected, you’ll get a ticket in the kerberos realm and a token.