Configuration of AFS client for access to cern.ch on Ubuntu/Debian

Tested on Debian Stretch

Install Packages

$ sudo apt install openafs-client openafs-modules-dkms openafs-krb5 krb5-user krb5-config

Configure AFS and Kerberos

1. Use "cern.ch" as default AFS cell

$ echo "cern.ch" | sudo tee /etc/openafs/ThisCell

2. Set up Kerberos authentication

Add the following lines to file '/etc/krb5.conf':

# settings for CERN.CH realm are taken from file
#   lxplus.cern.ch:/etc/krb5.conf

[libdefaults]
  default_realm = CERN.CH

[realms]
  CERN.CH = {
    default_domain = cern.ch
    kpasswd_server = cerndc.cern.ch
    admin_server = cerndc.cern.ch
    kdc = cerndc.cern.ch
  }

[domain_realm]
  cern.ch = CERN.CH
  .cern.ch = CERN.CH

3. Restart OpenAFS client

On older versions:

$ sudo service openafs-client restart

On newer version (at least Ubuntu 16.04 and up)

$ sudo systemctl restart openafs-client.service

4. Login (optional, only needed to access protected paths):

$ kinit user@CERN.CH     # get kerberos ticket
$ aklog                  # login to AFS cell

Etc

Configuration steps 1) and 2) can be done with:

$ sudo dpkg-reconfigure openafs-client
$ sudo dpkg-reconfigure krb5-config

Reference: http://akorneev.web.cern.ch/akorneev/howto/openafs.txt

-- Main.VeronicaOlsen - 2017-10-16

Edit | Attach | Watch | Print version | History: r7 | r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r2 - 2017-10-16 - VeronicaOlsen
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    ABPComputing All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback