OpenAFS under Linux at Pitt
If you're using OpenAFS under Linux, you need to use klog
to get a Kerberos ticket so that you can view your private files. I don't know if there's a good, automated way of doing this, so I've created one.
The most likely use for this is to allow you to access your private AFS files easily from the computer in your dorm or at home. You may also find it useful to put this script on your AFS space if you wish to authenticate to multiple AFS servers; while logging in to unixs.cis.pitt.edu
will give you a ticket to the pitt.edu
cell; it will not give you access to any private files you have in the cs.pitt.edu
cell. This probably doesn't matter unless you have a CS account, but if you do, it may be helpful.
Setup
Create a .klog-data
directory in your home directory. For each AFS cell you want to acquire a ticket for, create a directory in .klog-data
. (The directories can be called whatever you want.) In each directory, create three files, each of which will contain only one line:
username
, which contains your username (e.g., "crp11").password
, which contains your password. This file should be made readable by you alone. You can runchmod go-r password
to ensure this.cell
, which contains the name of the cell you want to get your ticket from. For most people, this ispitt.edu
; if you are trying to get a ticket for a CS account, it will becs.pitt.edu
. (Note: These are the only two cells that the "cache" feature works for — more on that later).
For instance, I have a directory structure like the following set up:
-
$HOME
-
.klog-data
-
pitt
username
password
cell
-
cs
username
password
cell
-
-
Once this is set up, you can run the script.
Running the Script
The script can actually do two things: it acquires tickets for the cells you have set up, and it attempts to cache the contents of your home directories in each. To do the former, run klog-pitt auth
; to do the latter, klog-pitt cache
.
You'll probably want to run the script automatically. I have klog-pitt cache
running every 15 minutes and klog-pitt auth
running every hour through cron. I also have klog-pitt auth
running every time I log in with Bash (using .bash_profile
).
.bash_profile
If klog-pitt
is located in your PATH
, you can put this line in your .bash_profile
to run it every time you start a shell:
( which klog-pitt && klog-pitt auth & ) &> /dev/null
This starts the command in the background and tells it to print no output so that you are not interrupted by it when you are trying to work. It may take a few seconds on run, so if you do not have access to your AFS directory immediately, then wait a few seconds, and try again.
cron
I'm not going to go into the details of using cron
here, so if you need to know more about it, here is the first cron tutorial a Google search turned up.
Sample crontab Entries for klog-pitt
0 * * * * $HOME/bin/klog-pitt auth &> /dev/null */15 * * * * $HOME/bin/klog-pitt cache &> /dev/null
Why Caching?
I used OpenAFS my freshman year without problems, but when the 2.6 kernel came out, I was no longer able to use it due to some incompatibilities. When I resumed using OpenAFS in my junior year, I found that simple commands like ls -l
were sometimes very slow in AFS directories if I had not accessed them in a while. I don't know if this is a result of a change at Pitt, the new version of OpenAFS, or some combination of factors, but it's annoying. I've found that running some commands in the AFS directories periodically seems to help this, so I built them into the script.
Warning
This is not the world's most secure program. So long as no once can log in to your computer as you or as root, I am not aware of any problems. Still, remember that anyone who does use your computer under your username can view these files, including your unencrypted password. I do not take responsibility for any problems that the script may cause you. If you find any problems, please do let me know.