You are here
iFriend AFS access
You can give external collaborators with iFriend identities access to your AFS files via ACLs. Provided your collaborator has kerberos and AFS, they will then be able to access your files appropriately. However, certain steps must be completed before this will work.
- Firstly your collaborator needs to register with the iFriend service above.
- Secondly they must authenticate via kerberos to AFS. At this point their identity becomes known to our AFS, and you can then assign them to ACLs.
For example, if they register their iFriend identity (an email
address) as jsmith@foo.com. Then they need to do the following (or
equivalent depending on their system):
kinit jsmith%foo.com@FRIEND.INF.ED.AC.UK aklogNote the replacement of the @ (at) in their email address with a % (percent) character.
With this part complete, you can then assign ACL permissions to file space like this:
fs setacl /afs/inf.ed.ac.uk/user/n/neilb/tmp jsmith%foo.com@friend.inf.ed.ac.uk readIf you receive an error message about an "Invalid argument", it is probably because your collaborator hasn't successfully done the kinit and aklog steps above.
Your collaborator should now find they can access the file, in this
example the path /afs/inf.ed.ac.uk/user/n/neilb/tmp/. However, remember that they will also need access via suitable ACLs to all the parent directories of the one you are giving access to.