Accessing AFS via the Translator

If you do not have an AFS account or choose not to access AFS as an authenticated user, then all you do to access AFS is provide the pathname of the relevant file. Its ACL must grant the necessary permissions to the system:anyuser group.

If you have an AFS account and want to access AFS as an authenticated user, the best method depends on whether your NFS machine is a supported type. If it is, use the instructions in To Authenticate on a Supported Operating System. If it is not a supported type, use the instructions in To Authenticate on an Unsupported Operating System.

To Authenticate on a Supported Operating System

  1. Log into the NFS client machine using your NFS username.

  2. Issue the klog command. For complete instructions, see To Authenticate with AFS.

       % klog -setpag
    

To Authenticate on an Unsupported Operating System

  1. Log onto the NFS client machine using your NFS username.

  2. Establish a connection to the NFS/AFS translator machine you are using (for example, using the telnet utility) and log onto it using your AFS username (which is normally the same as your NFS username).

  3. If the NFS/AFS translator machine uses an AFS-modified login utility, then you obtained AFS tokens in Step 2. To check, issue the tokens command, which is described fully in To Display Your Tokens.

       % tokens
    

    If you do not have tokens, issue the klog command, which is described fully in To Authenticate with AFS.

       % klog -setpag
    

  4. Issue the knfs command to associate your AFS tokens with your UNIX UID on the NFS client machine where you are working. This enables the Cache Manager on the translator machine to use the tokens properly when you access AFS from the NFS client machine.

    If your NFS client machine is a system type for which AFS defines a system name, it can make sense to add the -sysname argument. This argument helps the Cache Manager access binaries specific to your NFS client machine, if your system administrator has used the @sys variable in pathnames. Ask your system administrator if this argument is useful for you.

       % knfs <host name> [<user ID (decimal)>]  \
              [-sysname <host's '@sys' value>]
    

    where

    host name

    Specifies the fully-qualified hostname of your NFS client machine (such as nfs52.example.com).

    user ID

    Specifies your UNIX UID or equivalent (not your username) on the NFS client machine. If your system administrator has followed the conventional practice, then your UNIX and AFS UIDs are the same. If you do not know your local UID on the NFS machine, ask your system administrator for assistance. Your system administrator can also explain the issues you need to be aware of if your two UIDs do not match, or if you omit this argument.

    -sysname

    Specifies your NFS client machine's system type name.

  5. (Optional) Log out from the translator machine, but do not unauthenticate.

  6. Work on the NFS client machine, accessing AFS as necessary.

  7. When you are finished accessing AFS, issue the knfs command on the translator machine again. Provide the same host name and user ID arguments as in Step 4, and add the -unlog flag to destroy your tokens. If you logged out from the translator machine in Step 5, then you must first reestablish a connection to the translator machine as in Step 2.

       % knfs <host name> [<user ID (decimal)>] -unlog