Table of Contents
AFS configuration on self-administrated computers
Linux
Debian / Ubuntu and its derivatives
add-apt-repository -y "ppa:openafs/stable" apt-get update && apt-get upgrade
Type into the terminal window:
sudo apt-get install heimdal-clients openafs-client openafs-krb5
During the installation you'll be prompted to enter the 'Default Realm' of Kerberos. Enter in CAPITALS! please: MATH.UNI-HAMBURG.DE
. Furthermore you need to enter the 'Default cell' of AFS. In small letters please enter: math.uni-hamburg.de
.
After a reboot of the computer, AFS will start automatically, although it's possible to manually start the AFS service by typing the following into a terminal window:
sudo service openafs-client start
If secure boot is enabled in BIOS, the Linux kernel can only load modules that are signed. OpenAFS cannot be signed, since it is build on your computer upon install.
If you need the AFS only seldom and you DON'T want it to be started automatically with the system, you can deactivate it with the following command-line
sudo sed -i "s/AFS_CLIENT=true/AFS_CLIENT=false/" /etc/openafs/afs.conf.client
To start the AFS at need, you then need a force-start
:
sudo service openafs-client force-start
To access to the AFS, you first need to obtain a Kerberos ticket and an AFS token. Please enter the following commands into a terminal window:
kinit <identifier>
e.g. kinit fmnv165 (for Kerberos ticket)aklog
(for AFS token)
If for any reasons the 'Default Realm' and / or 'Default Cell' should be different from those mentioned above, you can use the long versions of the commands. In a terminal window please enter the following:
kinit <Kennung>@MATH.UNI-HAMBURG.DE
z.B. kinit fmnv165@MATH.UNI-HAMBURG.DEaklog math.uni-hamburg.de
Windows
Please note: This 'how-to' refers to the 64-bit version of Windows
Installation-programs for 32-bit Windows are available at the respective “original address”.
- Download of the most recent Heimdal
(original address: https://www.secure-endpoints.com/heimdal/) - Installation of
Heimdal-AMD64-full-7-4-0-40.msi
Keep the default settings (“Typical”)
- Download of the most recent Network Identity Manager: (Network Identity Manager 2.5.0.106 64-bit MSI)
(ursprüngliche Adresse: http://www.secure-endpoints.com/netidmgr/v2/) - Installation of
netidmgr-AMD64-rel-2_0_102_907.msi
Custom Settings:- Keystore → “Entire Feature unavailable”
- Download of the most recent OpenAFS
(original address: https://www.auristor.com/openafs/client-installer/ - Installation of
yfs-openafs-en_US-AMD64-1_7_3301.msi
Custom Settings:- Default Cell: “math.uni-hamburg.de”
- Integrated Login: “Disable”
Now restart the computer.
First Login to AFS
- On the right side of the taskbar, there's an icon with a yellow padlock, which is currently overlayed with a red X. Open the Network Identity Manager (NIM) by a click on this icon
- The NIM has on the left a symbol with a yellow sun “Obtain New Credentials”, klick it.
- Username: UHH-Account (e.g. fmsv030)
- Realm: MATH.UNI-HAMBURG.DE (must be in capital letters)
- Press three times
Next
(The standards are mostly ok) - Enter the Kerberos-Passwort of the Mathematics Department
- Click
Finish
Mac OS X
OpenAFS-Client
, the other is the closed-source Auristor-Client
. The installation of the latter is a little bit different than shown below, but in principle similar. When Updating the Operating System, please remember: You must uninstall the old AuriStor or OpenAFS version with the corresponding version (e.g. uninstall OpenAFS for Yosemite with the same version). After that, choose the corresponding version for your Operating System.
- Download of the most recent AFS version corresponding to your macOS version ( Open Source )
(Provided by Sine Nomina Associates): -
- for 11.x: AuriStor-client-2021.05-52-BigSur.dmg
- for 12.x: AuriStor-client-2021.05-52-Monterey.dmg
- for 13.x: Auristor-client-2021.05-52-Ventura.dmg
- for 14.x: Auristor-client-2021.05-52-Sonoma.dmg
- for 15.x: Auristor-client-2021.05-52-Sequoia.dmg
- Open the .dmg file and install the contained .pkg file
Please enter during installation (Cell): math.uni-hamburg.de
- Save the file krb5.conf into the home directory (WITHOUT the .txt extension, Safari might ask for this)
- As Root user copy this file (in a terminal window) to /etc/krb5.conf
sudo cp ~/krb5.conf /etc/krb5.conf
(in case Safari saved the file with “.txt” extension after all and in the “Downloads”-folder instead of the home-directory:)
sudo cp ~/Downloads/krb5.conf.txt /etc/krb5.conf
- Click onto the “Apple”-symbol at upper left corner → System Settings → Other → OpenAFS
- AFS Menu
- Backgrounder (responsible for monitoring the AFS-Tokens)
- use aklog
- get credential at login time (if desired)
- To see a link to the AFS on the Desktop, you have to open the settings of the Finder in the section “Show these items on the desktop” and set a checkmark near “Connected Servers”
e.g. for your private Department-Website:
sftp <kennung>@login1.math.uni-hamburg.de
connect with the Servercd public_html
change into the correct directoryls -al
list directoryget index.html
fetch the fileEdit the file index.html e.g. in TextWrangler - you can leave the Terminal with the sftp open
put index.html
Upload the modified filebye
end SFTP