[OpenAFS] Tickets, tokens, foreign cells, etc.

Jeffrey Hutzelman jhutz@cmu.edu
Tue, 09 Mar 2004 14:09:11 -0500 

On Tuesday, March 09, 2004 12:44:17 -0500 Kevin <openafs@gnosys.biz> wrote:

> 1) As an AFS user defined in the pts database (without
> admin privileges), should I be able to see foreign
> cells that are mounted at /afs/foreign_cell when
> logged in to any client machine that mounts the AFS
> filesystem at /afs?  I can see them when I'm logged in
> as such as user to the _server_ machine (also
> configured as a client), but not when logged in as
> such a user to a client-only machine.  Do I have to
> explicitly make each foreign cell available on each
> client machine somehow?

In order for a cell to be accessible on any given client (including one 
which is also an AFS server), it normally must appear in the CellServDB on 
that machine.  In most cases, this file is /etc/openafs/CellServDB or 
/usr/vice/etc/CellServDB, depending on whether your OpenAFS was built with 
GNU-style paths or Transarc-style paths.

The CellServDB file is processed by afsd on startup, so adding things to it 
after AFS is already running won't have much effect.  However, you can use 
the 'fs newcell' command to inform the running cache manager about a new 
cell, or changes to the set of database servers for an existing cell.

If you start afsd with the --afsdb switch, then cells which publish AFSDB 
records in DNS need not appear in the CellServDB file; the cache manager 
will use the AFSDB records to find database servers for such cells.



> So my question (2) is: is this absence of the AFS ID as
> seen in the output of the tokens command going to
> cause me any problems?

Nope.  This is entirely dependent on whether whatever tool you used to set 
tokens bothered to store an ID.  Some tools look up your ID in the pts 
database, some just use your unix UID, and some don't bother to set an ID 
at all.  AFS itself doesn't use this feature; it was there entirely for the 
benefit of a small number of tools that thought they wanted to know what 
your AFS ID was.  The only known tools that use this "feature" are certain 
components of the Andrew Message System.


-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
   Sr. Research Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA