openafs access under the fedora distribution

Certain rpm packages have been created here at NCSU that should make it easier to access your files in openafs paths. Here are some instructions for setting up openafs under fedora

Run the following command as root:

yum install krb5-workstation

Next, edit the file /etc/krb5.conf

under [libdefaults] section

change

# default_realm = EXAMPLE.COM

to

default_realm = EOS.NCSU.EDU

The next section of the file is [realms]

change:

[realms]
# EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
# }
to

[realms]
EOS.NCSU.EDU = {
admin_server = kerberos-master.ncsu.edu:749
default_domain = eos.ncsu.edu
}

add a section called [appdefaults]

[appdefaults]
pam = {
afs_cells = eos.ncsu.edu=afs/eos.ncsu.edu@EOS.NCSU.EDU bp.ncsu.edu=afs/bp.ncsu.edu@EOS.NCSU.EDU unity.ncsu.edu=afs/unity.ncsu.edu@EOS.NCSU.EDU
}

change

[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM

to

[domain_realm]
.ncsu.edu = EOS.NCSU.EDU
ncsu.edu = EOS.NCSU.EDU

Ok, you should be finished editing the krb5.conf file now. So save that file.

Run the following command as root:

yum -y –nogpgcheck install http://install.linux.ncsu.edu/pub/yum/itecs/public/openafs/fedora21/noarch/openafs-release-1.0-1.noarch.rpm

 

Next, type:

yum install openafs openafs-client openafs-devel openafs-dkms

if you want the dkms based “out of tree” kernel module.

Please note that the dkms package takes a couple of minutes to install.

or

yum install openafs openafs-client openafs-devel openafs-kmod
if you want the kmod based “out of tree” kernel module.

To actually use afs services:
systemctl start openafs-client.service

Authenticate against the Kerberos 5 Realm to receive a ticket-granting ticket:

kinit UNITYID

Confirm that you have received tickets:

klist

aklog -c unity.ncsu.edu -k EOS.NCSU.EDU
aklog -c eos.ncsu.edu -k EOS.NCSU.EDU
aklog -c bp.ncsu.edu -k EOS.NCSU.EDU

tokens

You may wish to explore creating a shell script to automate some of those last steps with kinit and aklog. Here is a link to an example shell script. http://fpaste.org/211789/90693142/
You should be able to access afs now. Please note this does not work yet on fedora 22.