[OpenAFS] How to replicate files on different machines
Jeffrey Hutzelman
jhutz@cmu.edu
Tue, 19 Dec 2006 14:37:58 -0500
On Tuesday, December 19, 2006 05:12:43 PM +0530
shailesh_joshi@persistent.co.in wrote:
> I'm trying to use 'kinit' and 'aklog' to get admin tokens for accessing
> the cell under /afs on my client machine. Though these are installed on
> my machine, I'm not able to configure these, since I'm not able to find
> the syntax for using 'aklog' in 1.4.2 documentation. As we use 'kas' tool
> to create Authentication Database entries, which are later accessed by
> 'klog' command, is there any similar way to create entries for 'aklog'
> and 'kinit'?
If you're setting up a new cell, don't use the kaserver; it's deprecated,
and for good reason. Set up a real Kerberos realm instead, and then use
'kinit' to get Kerberos tickets followed by 'aklog' to get AFS tokens.
If you have an existing cell which uses the kaserver, then 'klog' is the
correct command. However, you still will not be able to see into a
newly-created volume unless you obtain tokens for a user that exists in the
PTS database and is a member of the system:administrators group. Of
course, if you have an existing cell, then you should already have at least
one such user, and you should also have an existing root.cell volume which
has a more permissive ACL.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA