You are here

Home » Services » AFS and filesystems

AFS for macOS

Important! If you are running a version of the AFS client older than 0.195, we strongly recommend that you update to the latest version of the client from auristor.com as this fixes several critical long-term bugs.

Big Sur: In January 2021 Auristor published a blog article about installing their updated client on to Big Sur (11.0). We recommend that you refer to the article as well as the documentation below, particularly if you have a Mac based on Apple ARM-based processors.

The School of Informatics uses OpenAFS for its network filesystem. This page describes how to install and configure OpenAFS on a Mac running macOS. For background reading see connecting from outside the University - an overview.

Before setting up AFS please configure Kerberos on your Mac.

Downloading and installing OpenAFS

Next download the OpenAFS client installer for Mac. Get it from auristor.com.
The illustrations that follow are of the old installer from openafs.org, but the installer from auristor.com is very similar. Auristor also provide instructions on installing AFS on Macs, including new ARM based ones, please find it here AFS on Mac.

After downloading and mounting the appropriate disk image, run the OpenAFS installer. Newer macOS versions may refuse to open applications from unidentified developers. This can be bypassed by Ctrl-clicking on the installer and selecting Open:

You will be prompted to allow a program to determine if the software can be installed. Click Continue:

Click Continue through the installer, agreeing to the licence, until you reach OpenAFS Client Cell Configuration. Enter "inf.ed.ac.uk" (note that case is significant here - make sure you use lower case!) and (optionally) an alias and click Continue:

Next, click on Install - you will be prompted to authenticate as an admin user:

The OpenAFS software should now install on your machine:

If you see a warning message about an unsigned kernel module being installed, don't worry. This is expected and can be ignored.

Once the software has been installed, on Mac OS Catalina, the installation has to be allowed in System Preferences when needed. If you do not do it, aklog command later will show "aklog: a pioctl failed while setting tokens for cell inf.ed.ac.uk" as the AFS module will not be able to start.
Then AFS has to be started. This can be done in either of two ways: reboot the Mac, or open System Preferences, click the OpenAFS or Auristor pane, then click "Startup".

Obtaining AFS tokens from the command line

You have now successfully installed the OpenAFS Mac client. To test that it is working correctly, open a Terminal window (found in /Applications/Utilities/). Use kinit to authenticate to kerberos and then aklog to obtain an AFS token:

cuyp:~ $ kinit
juser@INF.ED.AC.UK's Password: 
cuyp:~ $ aklog
cuyp:~ $

To view your current AFS tokens at any time, use the command tokens. The output will be similar to this:

Tokens held by the Cache Manager:

User's (AFS ID 12345) tokens for afs@inf.ed.ac.uk [Expires Aug  2 01:58]
   --End of list--

You are now ready to access AFS file space. Note that kerberos credentials and associated AFS tokens will need to be renewed daily, using kinit and aklog. Informatics AFS file space can be accessed under /afs/inf.ed.ac.uk/. Note that macOS automatically mounts /afs on your Desktop - though it may appear only in the 'Network' area if the finder preference to show 'Connected Servers' is not enabled. From the 'Go' menu you can 'Go to Folder' (do not choose Connect to Server) and type in the full path to access the space in the file browser.

To destroy your AFS tokens, use the command unlog.

Control Panel

Both the OpenAFS and the Auristor client installations add a preference pane for configuring the behaviour of OpenAFS.

The checkbox options perform the following functions:

  • AFS Menu (see below)
  • Backgrounder - a task will run in the background to check when tickets/tokens expire and prompt for renewal
  • Get Krb5 credentials at login - this can be used if your local username and password are the same as your DICE ones
  • Use aklog - uses the 'aklog' application to obtain tokens
  • Get credential at login time - prompt for kerberos authentication after logging in locally

Note that the AFS Menu option adds an item to the Mac menu bar, making acquisition of both kerberos tickets and AFS tokens quicker.

Last reviewed: 
29/05/2023

System Status

Home dirs (AFS)
Network
Mail
Other services
University services
Scheduled downtime

Choose a topic