Configuration of AFS client for access to on Ubuntu/Debian

Tested on Debian Stretch

Install Packages

$ sudo apt-get install openafs-client openafs-modules-dkms openafs-krb5 krb5-user krb5-config

Configure AFS and Kerberos

1. Use "" as default AFS cell

$ echo "" | sudo tee /etc/openafs/ThisCell

2. Set up Kerberos authentication

Add the following lines to file /etc/krb5.conf:

# settings for CERN.CH realm are taken from file

  default_realm = CERN.CH

  CERN.CH = {
    default_domain =
    kpasswd_server =
    admin_server =
    kdc =

[domain_realm] = CERN.CH = CERN.CH

3. Restart OpenAFS client

On Ubuntu 16.04 and above:

$ sudo systemctl restart openafs-client.service

On older versions:

$ sudo service openafs-client restart

4. Login (optional, only needed to access protected paths):

$ kinit $LOGNAME@CERN.CH     # get kerberos ticket
$ aklog                      # login to AFS cell


Configuration steps 1) and 2) can be done with:

$ sudo dpkg-reconfigure openafs-client
$ sudo dpkg-reconfigure krb5-config

It might be useful to set-up a crontab job (e.g. every 6h) to automatically renew the kerberos token:

0 6 * * *  kinit -R ; aklog -c -k CERN.CH
Pay attention that kinit -R (i.e. renew existing token) won't require any password to be typed in; on the other hand, a token can be renew for a maximum of 5d after its generation, hence a kinit (with password) is needed. Anyway, if kinit is issued on Monday morning, so that for the rest of the week you don't have to bother with tha.


-- Main.VeronicaOlsen - 2017-10-16

Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r4 - 2017-10-17 - AlessioMereghetti
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    ABPComputing All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback