[OpenAFS] AFS without Kerberos headache

Jason Edgecombe jason@rampaginggeek.com
Sun, 21 Dec 2008 18:11:53 -0500

Georg P. Israel wrote:
> Dear All,
> this might be stupid question,
> but I still like to post it on this list.
> Can I use OpenAFS without the Kerberos headache???
> AFS is almost exactly what I need. Only this damn Kerberos makes my life
> miserable.
> In fact what I need ideally is a file system like NFS just with the
> added features needed to use it in a Metropolitan Network setup, i.e.
> local caching of files.
> AFS seems to do this in a good way, but Kerberos is a constant annoyance
> to it. I do have machines that generate simulation data and have to work
> for weeks. If I like to do this with the current OpenAFS setup, I'll
> have to log in once a day and refresh the damn Kerberos token :-(.
> Hence, is there a way to disable this Kerberos time out??
> If you know of a solution to this, then please let me know.
It sounds like you want to use IP ACL's as Harmut suggests.

as an AFS admin, run the following:
% pts createuser
% pts creategroup foo
% pts adduser IP_ADDRESS foo
% fs setacl simulation_folder foo rlidwk

Substitute for your IP address and foo for your group name 
in the above example. be careful and means the 
whole subnet and 255 subnets respectively.

You can then use the "foo" group to give access to that particular 
machine to any folders that you wish.