OpenAFS And MacOSX

Prerequisites

• Mac OS 10.4.7 or greater
• Kerberos configured properly

Installing Kerberos

First install/configure kerberos, then continue with the below directions.

Install the Open AFS package

• Get the latest version of the OpenAFS client package for OS X from OpenAFS - unfortunately the "latest" version seems to change weekly.
• Unpack and install, using the defaults where applicable.
• When the installer is done, you will need to reboot.
• Edit the file /var/db/openafs/etc/ThisCell so it contains the single line of content csail.mit.edu. For example, from Terminal, enter sudo pico /var/db/openafs/etc/ThisCell entering your local (mac) user password when prompted.
• For most users I suggest over-writing the contents of the file /var/db/openafs/etc/CellServDB so that when you browse the AFS root you don't see a thousand different sites. sudo rm /var/db/openafs/etc/CellServDB followed by sudo touch /var/db/openafs/etc/CellServDB should do the trick.
• Leopard (OS 10.5) only: Open the Finder, then go to Finder/Preferences. Put a checkmark next to Show...on Desktop: Connected servers.
• Reboot your mac.

Running aklog

Simply running OpenAFS won't allow you to access your files in the CSAIL AFS cell. To access files, you need to do two things:

1. Obtain Kerberos tickets (either by running 'kinit' in a Terminal window, or using the built-in Kerberos application)
2. Run aklog in Terminal.

Aklog transforms your Kerberos credentials into AFS "tokens" which allow you to access your files. You can confirm that you have AFS tokens by looking in the Kerberos application, or by running 'tokens' in a Terminal Window.

Laptop users

Before putting your laptop to sleep or switching/disconnecting from networks, you should temporarily turn off AFS and then turn it back when your network connection is stable again.

• To stop the service, run sudo /Library/StartupItems/OpenAFS/OpenAFS stop from Terminal
• To start it up again, run sudo /Library/StartupItems/OpenAFS/OpenAFS start

Troubleshooting notes

• Unexpectedly lose write access to your files? Run aklog again to renew your tokens (the Kerberos application automatically renews Kerberos tickets, while letting the corresponding AFS tokens expire every 10 hours.)
• Finder doesn't match what you just did to AFS? (restarting AFS, getting tokens, ...) Force-quit Finder, or log out of OS X and back in again. (This is a bug, but Apple isn't fixing it anytime soon.)
• Annoyed by having to type aklog all the time? There are Kerberos Plugins that run aklog for you when you get Kerberos credentials and when you renew them. None do everything we'd like, and please use them at your own risk, but further detail is available at the end of the OS 10.5 "Leopard" page.

Topic OpenAFSAndMacOSX . { Edit Attach Backlinks: Web All webs Printable History: r34 < r33 < r32 < r31 < r30 More }