OpenAFS And MacOSX


Prerequisites

Install the OpenAFS client

For Mac 10.8+: Download the OpenAFS installer from the TIG software download page

Recommended settings for laptops

Install the AFS menu, but only start the AFS client service when needed.
  1. Go to Apple -> System Preferences -> OpenAFS -> Tokens
  2. Set "Start AFS at boot" to NO (If your laptop is relatively sedentary, you can try YES)
  3. To use the AFS menu to start/stop AFS and obtain tokens when desired, set "AFS Menu", "Backgrounder", and "Use aklog" to YES. You will need to click the OpenAFS icon (gold padlock in the menu bar) and choose "Startup AFS" before accessing AFS.

Before putting your laptop to sleep or switching/disconnecting from networks, you should temporarily turn off AFS (AFS menu -> Shutdown AFS) and then turn it back on when your network connection is stable again.
  • Alternative from the command-line: sudo launchctl [stop | start] org.openafs.filesystems.afs

Recommended settings for desktops

Obtain Kerberos and AFS credentials automatically: Whenever you log into your computer while connected to Internet, Kerberos tickets and AFS tokens will appear automatically.
  1. Ensure that your CSAIL username and password match what appears in Apple -> System Preferences -> Accounts.
  2. Go to Apple menu -> System Preferences -> OpenAFS -> Tokens
  3. Set all options to YES ("Get Krb5 credential at login" and "get [AFS] credential at login time" do the automagic; "Use aklog", "AFS Menu", and "Backgrounder" needed for full functionality)
It is also possible to apply these settings to laptops, with the following caveats:
  • If disconnected from the network at login time, you will be prompted ineffectually for your CSAIL Kerberos password after login: Click "Cancel". (Minor/wishlist for AFSBackgrounder)
  • If connected to a network that doesn't allow CSAIL DNS lookups or kerberos connections, LoginWindow will hang first when you click your username, and then attempting to authenticate your password, for about 3 minutes each time. Pressing Cmd+Opt+Esc might skip the delay.

Logging into AFS (aka Obtaining AFS tokens)

Without authenticating, you may be able to read AFS directory listings, but will not be able to read or write where you expect to. To access files, either:
  1. Use the AFS menu:
    1. Click the AFS icon
    2. If "Startup AFS" is visible, click it, then click the AFS icon again (Login with your CSAIL Kerberos username in lowercase and @CSAIL.MIT.EDU all in uppercase).
    3. Click "Get New Token". If prompted, enter your CSAIL kerberos username and password. -- or:
  2. From the command line (eg, Terminal.app):
    1. kinit
    2. aklog

Credentials obtained using either approach will expire after 12 hours. (If you've turned it on, the AFS Menu icon will show a red X when this happens.) Repeat the above instructions (A or B) to regain access.


Accessing AFS from Finder (It may take a long time to load if this is the first time you are accessing the folder and if you are on the wireless network)

  • Click On Finder --> Go --> Go To Folder
  • Specify your Destination Path: [/afs/csail.mit.edu/...]

Creating An Alias

  • Hold Option and Command buttons and drag the AFS folder to a local preferred location on your Mac.

Troubleshooting notes

  • Finder doesn't match what you just did to AFS (restarting AFS, getting tokens, ...)
    • Force-quit Finder, or log out of OS X and back in again. (This is a bug that Apple is getting slowly better about in each version of Mac OS.)
  • * AFS Shortcuts disappear between reboots.
    1. Open terminal
    2. Show all files by typing: chflags nohidden ~/Library; hit enter
    3. Remove the it.infn.lnf.network.AFSBackgrounder.plist from both of these locations: ~/Library/LaunchAgents/ and /Library/Preferences
    4. Reboot
    5. Since you just deleted AFS preference files, you will need to go into System Preferences, and re-configure AFS option described above in the "Recommended Settings for [Laptop | Desktop]"

Uninstalling OpenAFS

OpenAFS leaves configuration, programs, and a kernel extension in many locations. The script "Uninstall.command" should be used to clean up. It can be found in the OpenAFS.dmg installation file you downloaded to install OpenAFS, or any newer installation disk image.

Warnings about "uninitialized use of $bomroot" are harmless, and can be ignored.
Topic revision: 08 Sep 2015, SteveRuggiero
 

MIT Computer Science and Artificial Intelligence Laboratory

 

  • About CSAIL
  • Research
  • News + Events
  • Resources
  • People

This site is powered by Foswiki MIT: Massachusetts Institute of Technology