OpenAFS And MacOSX


Note on macOS High Sierra 10.13

Due to the conversion from HFS+ to APFS on 10.13, prior to performing the macOS High Sierra upgrade, any installed OpenAFS or AuriStorFS must be uninstalled or upgraded to AuriStorFS! see Uninstalling OpenAFS


You can obtain OpenAFS client installer from the AuriStorFS download web page:

Install the AFS menu, but only start the AFS client service when needed.

  1. Go to Apple System Preferences OpenAFS Tokens
  2. Set “Start AFS at boot” to NO (If your laptop is relatively sedentary, you can try YES)
  3. To use the AFS menu to start/stop AFS and obtain tokens when desired, set “AFS Menu”, “Backgrounder”, and “Use aklog” to YES. You will need to click the OpenAFS icon (gold padlock in the menu bar) and choose “Startup AFS” before accessing AFS.

Before putting your laptop to sleep or switching/disconnecting from networks, you should temporarily turn off AFS (AFS menu Shutdown AFS) and then turn it back on when your network connection is stable again.

Obtain Kerberos and AFS credentials automatically: Whenever you log into your computer while connected to Internet, Kerberos tickets and AFS tokens will appear automatically.

  1. Ensure that your CSAIL username and password match what appears in Apple System Preferences Accounts.
  2. Go to Apple menu System Preferences OpenAFS Tokens
  3. Set all options to YES (“Get Krb5 credential at login” and “get [AFS] credential at login time” do the automagic; “Use aklog”, “AFS Menu”, and “Backgrounder” needed for full functionality)

It is also possible to apply these settings to laptops, with the following caveats:

Logging into AFS (aka Obtaining AFS tokens)

Without authenticating, you may be able to read AFS directory listings, but will not be able to read or write where you expect to. To access files, either:

  1. Use the AFS menu:
    1. Click the AFS icon
    2. If “Startup AFS” is visible, click it, then click the AFS icon again (Login with your CSAIL Kerberos username in lowercase and @CSAIL.MIT.EDU all in uppercase).
    3. Click “Get New Token”. If prompted, enter your CSAIL kerberos username and password. – or:
  2. From the command line (eg,
    1. kinit
    2. aklog

Credentials obtained using either approach will expire after 12 hours. (If you’ve turned it on, the AFS Menu icon will show a red X when this happens.) Repeat the above instructions (A or B) to regain access.

Accessing AFS from Finder

(It may take a long time to load if this is the first time you are accessing the folder and if you are on the wireless network)

Creating An Alias

Troubleshooting notes

Uninstalling OpenAFS

Download the updated AuriStorFS client and uninstallers for both the AuriStorFS and OpenAFS clients