Notes about accessing an Andrew File system from Linux
The focus here is on the things I did not find clearly stated in most other AFS descriptions, and that I lacked.
AFS is used to move the files over the network, and Kerberos is the system used to authenticate users e.g. by login with a password
Logon and logoff, which here means acquiring or deleting tokens, are done slightly different, depending on whether the server is using the AFS kerberos (built-in?) or the Kerberos5 version.
Log-in with command line tools (CLI) from OpenAFS on Linux:
klog [username]"kinit [username]" followed by "aklog"Oh, and if your own system have both Kerberos5 and AFS-style kerberos installed, the AFS-style klog command might be renamed to "klog.afs" and "klog" instead links to "klog.krb5" (seen on Ubuntu 10.10). It is possible to be authenticated (like being logged in) to multiple cells at a time, and of both types. The above examples works with the cell set to be your default, so to authenticate to an other cell, here with AFS-kerberos, use the command "klog.afs -principal <username> -c <cell name>".
Install the packages openafs-client openafs-krb5 krb5-user , and the rest of the necessary packages gets installed via dependencies as well. Then set the computer clock accurately, and keep it accurate, as Kerberos denies authentication for clients where the time is more than 5 minutes off compared to the servers own time (I think it was as default).
For OpenAFS and AFS-kerberos on Ubuntu 10.04 and onwards, there is a nice guide here.
For OpenAFS and Kerberos5 on Ubuntu 10.10 get inspiration here.
For all the users that are not familiar or happy about using a command promt/CLI, some alternatives have emerged.
The package "krb5-auth-dialog" from here. An applet for the (Gnome) task bar that can create, renew, destroy or show Kerberos5 tokens.
For KDE, see the applet "Kredentials". It works if you are logged in locally using the same user name as you use for AFS.