1KAFS(7)                    In-kernel AFS filesystem                    KAFS(7)
2
3
4

NAME

6       kafs - In-kernel AFS filesystem
7

DESCRIPTION

9       kafs is a network filesystem driver in the Linux kernel that is able to
10       access AFS cells and the servers contained therein to locate the  logi‐
11       cal volumes that comprise the cell and the files contained in each vol‐
12       ume.
13
14       It supports transport over IPv4 UDP and IPv6 UDP and security based  on
15       Kerberos.   The authentication token is used to define the user for the
16       purpose of providing access control as well as providing communications
17       security.
18
19       The  filesystem  is  of type "afs" and the mount command can be used to
20       mount afs volumes manually using the "-t" flag on mount(8).
21
22

SETTING UP

24       The kafs-client package should be installed to so that systemd is  con‐
25       figured  to  include  a  mount  of AFS dynamic root on /afs.  Note that
26       mounting /afs is not enabled by default, so if it is needed, then  sys‐
27       temd  should be told to enable it.  This can be done with the following
28       step:
29
30              systemctl enable afs.mount
31
32       This will mount a special directory on /afs which will be populated  by
33       an  automount  directory  for  each  cell  listed in the configuration.
34       Doing a pathwalk into one of  these  directories  will  result  in  the
35       afs.cell volume from the cell being mounted onto that directory.
36
37       Local   configuration   should   be   placed   in   a   file   in   the
38       /etc/kafs/client.d/ directory.  This will be included from  client.conf
39       in the next directory up.
40
41       Typically  in  the  local  configuration,  the local cell name would be
42       specified and backup details of its Volume  Location  server  addresses
43       would be given.
44
45       Also  any  overrides for the @sys filename substitution would be speci‐
46       fied.  See kafs-client.conf(5).
47
48

OPERATION

50       Once the kafs-client is set up (and if there's no local cell,  this  is
51       practically  zero-conf,  provided the cells to be accessed are properly
52       set up with AFSDB or SRV records in the DNS), the /afs directory can be
53       accessed:
54
55              ls /afs/<cell>/location/within/cell
56
57       For example:
58
59              ls /afs/rivendell.example.com/doc
60
61       The  user  isn't  limited  to cells listed in /afs, but any cell can be
62       tried by just substituting the name of the cell into the above formula.
63       It does require the target to have DNS-based configuration provided.
64
65       Note  that  each  logical  volume  gets a discrete superblock and links
66       between volumes turn into kernel mountpoints that, if stepped on, cause
67       the appropriate volume to be mounted over them.
68
69

SECURITY

71       kafs  supports  Kerberos-based authentication and communication encryp‐
72       tion through the use of Kerberos.  The kinit  program  can  be  use  to
73       authenticate with a Kerberos server:
74
75              kinit myname@RIVENDELL.EXAMPLE.COM
76
77       and then the aklog-kafs program to get a ticket for the kernel filesys‐
78       tem to use:
79
80              aklog-kafs rivendell.example.com
81
82       This will be placed on the caller's session keyring and can  be  viewed
83       there with:
84
85              keyctl show
86
87       Note that the default realm is assumed to be the same as the cell name,
88       but in all upper case.
89
90
91
92
93

SEE ALSO

95       aklog-kafs(1), kafs-client.conf(5), keyctl(1), kinit(1), rxrpc(7),
96       session-keyring(7), systemctl(1)
97
98
99
100Linux                             16 Apr 2019                          KAFS(7)
Impressum