You are here

AFS for Mac OS X

Printer-friendly versionPrinter-friendly version

The School of Informatics uses OpenAFS for its network filesystem. This page describes how to install and configure OpenAFS on a Mac running OSX. For background reading see connecting from outside the University - an overview.

Before setting up AFS please configure Kerberos on your Mac.

Downloading and installing OpenAFS

Next download the OpenAFS Mac client. For Macs running macOS Sierra and later, download an OpenAFS installer from auristor.com. For earlier versions of OS X download an installer from openafs.org. Note that versions of OpenAFS older than 1.6.5 should not be used as they use insecure Single-DES encryption which is no longer supported by the School of Informatics.

The illustrations that follow are of the installer from openafs.org, but the installer from auristor.com is similar.

After downloading and mounting the appropriate disk image, run the OpenAFS installer. Newer OS X versions may refuse to open applications from unidentified developers. This can be bypassed by Ctrl-clicking on the installer and selecting Open:

You will be prompted to allow a program to determine if the software can be installed. Click Continue:

Click Continue through the installer, agreeing to the licence, until you reach OpenAFS Client Cell Configuration. Enter "inf.ed.ac.uk" and (optionally) an alias and click Continue:

Next, click on Install - you will be prompted to authenticate as an admin user:

The OpenAFS software should now install on your machine:

Note that when installing Openafs-1.6.6 on OS X 10.9 Mavericks, you may get get a warning message about an unsigned kernel module being installed. This is expected and can be ignored.

Obtaining AFS tokens from the command line

You have now successfully installed the OpenAFS Mac client. To test that it is working correctly, open a Terminal window (found in /Applications/Utilities/). Use kinit to authenticate to kerberos and then aklog to obtain an AFS token:

cuyp:~ toby$ kinit
toby@INF.ED.AC.UK's Password: 
cuyp:~ toby$ aklog
cuyp:~ toby$ 

To view your current AFS tokens at any time, use the command tokens. The output will be similar to this:

Tokens held by the Cache Manager:

User's (AFS ID 12345) tokens for afs@inf.ed.ac.uk [Expires Aug  2 01:58]
   --End of list--

You are now ready to access AFS file space. Note that kerberos credentials and associated AFS tokens will need to be renewed daily, using kinit and aklog. Informatics AFS file space can be accessed under /afs/inf.ed.ac.uk/. Note that Mac OS X automatically mounts /afs on your Desktop (though it may appear only in the 'Network' area if the finder preference to show 'Connected Servers' is not enabled. From the 'Go' menu you can 'Go to Folder' (do not choose Connect to Server) and type in the full path to access the space in the file browser.

To destroy your AFS tokens, use the command unlog.

If you installed using the OpenAFS.org installed

The OpenAFS client installation adds a preference pane for configuring the behaviour of OpenAFS.

The checkbox options perform the following functions:

  • AFS Menu (see below)
  • Backgrounder - a task will run in the background to check when tickets/tokens expire and prompt for renewal
  • Get Krb5 credentials as login - this can be used if your local username and password are the same as your DICE ones
  • Use aklog - uses the 'aklog' application to obtain tokens
  • get credential at login time - prompt for kerberos authentication after logging in locally

Note that the AFS Menu option adds an item to the Mac menu bar, making acquisition of both kerberos tickets and AFS tokens quicker:

If you installed using the auristor.com installed

The Auristor package also installed a preference pane but it offers far less options that the OpenAFS.org version. In addition, the Auristor package doesn't add an item to the Mac menu bar meaning that credentials must be obtained via the command line.

Last reviewed: 
09/05/2017

System Status

Home dirs (AFS)
Network
Mail
Other services
Scheduled downtime

Choose a topic