openafs access under the fedora distribution

Certain rpm packages have been created here at NCSU that should make it easier to access your files in openafs paths. Here are some instructions for setting up openafs under fedora

Run the following command as root:

yum install krb5-workstation

or in fedora 22+

dnf install krb5-workstation

Next, edit the file /etc/krb5.conf

under [libdefaults] section

change

# default_realm = EXAMPLE.COM

to

default_realm = EOS.NCSU.EDU

The next section of the file is [realms]

change:

[realms]
# EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
# }
to

[realms]
EOS.NCSU.EDU = {
admin_server = kerberos-master.ncsu.edu:749
default_domain = eos.ncsu.edu
}

change

[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM

to

[domain_realm]
.ncsu.edu = EOS.NCSU.EDU
ncsu.edu = EOS.NCSU.EDU

Ok, you should be finished editing the krb5.conf file now. So save that file.

Run the following command as root:

yum -y –nogpgcheck install http://install.linux.ncsu.edu/pub/yum/itecs/public/openafs/fedora21/noarch/openafs-release-1.0-1.noarch.rpm

or in fedora 22:

dnf -y –nogpgcheck install http://install.linux.ncsu.edu/pub/yum/itecs/public/openafs/fedora22/noarch/openafs-release-1.0-1.noarch.rpm

Next, type:

yum install openafs openafs-client openafs-devel openafs-dkms kernel-devel

or in fedora 22:

dnf install openafs openafs-client openafs-devel openafs-dkms kernel-devel

Please note that the dkms package takes a couple of minutes to install.

To actually use afs services:

systemctl start openafs-client

Authenticate against the Kerberos 5 Realm to receive a ticket-granting ticket:

kinit UNITYID

Confirm that you have received tickets:

klist

aklog -c unity.ncsu.edu -k EOS.NCSU.EDU
aklog -c eos.ncsu.edu -k EOS.NCSU.EDU
aklog -c bp.ncsu.edu -k EOS.NCSU.EDU

tokens

You may wish to explore creating a shell script to automate some of those last steps with kinit and aklog. Here is a link to an example shell script. http://fpaste.org/211789/90693142/
You should be able to access afs now.