You are here

iFriend AFS access

Printer-friendly versionPrinter-friendly version

You can give external collaborators with iFriend identities access to your AFS files via ACLs. Provided your collaborator has kerberos and AFS, they will then be able to access your files appropriately. However, certain steps must be completed before this will work.

  • Firstly your collaborator needs to register with the iFriend service above.
  • Secondly they must authenticate via kerberos to AFS. At this point their identity becomes known to our AFS, and you can then assign them to ACLs.

For example, if they register their iFriend identity (an email address) as jsmith@foo.com. Then they need to do the following (or equivalent depending on their system):

kinit jsmith%foo.com@FRIEND.INF.ED.AC.UK
aklog
Note the replacement of the @ (at) in their email address with a % (percent) character.

With this part complete, you can then assign ACL permissions to file space like this:

fs setacl /afs/inf.ed.ac.uk/user/n/neilb/tmp jsmith%foo.com@FRIEND.INF.ED.AC.UK read
If you receive an error message about an "Invalid argument", it is probably because your collaborator hasn't successfully done the kinit and aklog steps above.

Your collaborator should now find they can access the file, in this example the path /afs/inf.ed.ac.uk/user/n/neilb/tmp/. However, remember that they will also need access via suitable ACLs to all the parent directories of the one you are giving access to.

Last reviewed: 
09/05/2017

System Status

Home dirs (AFS)
Network
Mail
Other services
Scheduled downtime

Choose a topic