OpenAFS And MacOSX


Note on macOS High Sierra 10.13

Due to the conversion from HFS+ to APFS on 10.13, prior to performing the macOS High Sierra upgrade, any installed OpenAFS or AuriStorFS must be uninstalled or upgraded to AuriStorFS! see Uninstalling OpenAFS


You can obtain OpenAFS client installer from the AuriStorFS download web page:


  1. Double click on the downloaded file. It will open the installer.
  2. Click on the Auristor-Lite.pkg icon then click on Continue and provide the machine credentials to allow installation.
  3. Click though until you have to provide the AFS cell configuration details.
  4. Provide the following information in the input fields.

    Name of local cell:
    Alias for local cell: csail
  5. Click through to finish install

Install the AFS menu, but only start the AFS client service when needed.

  1. Go to Apple System Preferences AuriStor Tokens
  2. Set “Start AFS at boot” to NO (If your laptop is relatively sedentary, you can try YES)
  3. To use the AFS menu to start/stop AFS and obtain tokens when desired, set “AFS Menu”, “Backgrounder”, and “Use aklog” to YES. You will need to click the OpenAFS icon (gold padlock in the menu bar) and choose “Startup AFS” before accessing AFS.

Before putting your laptop to sleep or switching/disconnecting from networks, you should temporarily turn off AFS (AFS menu Shutdown AFS) and then turn it back on when your network connection is stable again.

Obtain Kerberos and AFS credentials automatically: Whenever you log into your computer while connected to Internet, Kerberos tickets and AFS tokens will appear automatically.

  1. Ensure that your CSAIL username and password match what appears in Apple System Preferences Accounts.
  2. Go to Apple menu System Preferences AuriStor Tokens
  3. Set all options to YES (“Get Krb5 credential at login” and “get [AFS] credential at login time” do the automagic; “Use aklog”, “AFS Menu”, and “Backgrounder” needed for full functionality)

It is also possible to apply these settings to laptops, with the following caveats:

Logging into AFS (aka Obtaining AFS tokens)

Without authenticating, you may be able to read AFS directory listings, but will not be able to read or write where you expect to. To access files, either:

  1. Use the AFS menu:
    1. Click the AuriStor icon on your menu bar
    2. If “Startup AFS” is visible, click it, then click the AuriStor icon again (Login with your CSAIL Kerberos username in lowercase and @CSAIL.MIT.EDU all in uppercase).
    3. Click “Get New Token”. If prompted, enter your CSAIL kerberos username and password. – or:
  2. From the command line (eg,
    1. kinit
    2. aklog

Credentials obtained using either approach will expire after 12 hours. (If you’ve turned it on, the AuriStor Menu icon will show a red X when this happens.) Repeat the above instructions (A or B) to regain access.

Accessing AFS from Finder

(It may take a long time to load if this is the first time you are accessing the folder and if you are on the wireless network)

Creating An Alias

Troubleshooting notes

Uninstalling AuriStor OpenAFS