Authentication within AFS
How to get the proof of who you are.
Unix
In AFS you have a so-called "token" which proofs to the fileserver who you are which then grants access to restricted areas within AFS.
Normally, you should get your token when logging into a server adminisitered by RZG, but this page explains a bit what to do
if you want to deal with that manually.
To obtain a token, you first need to get a kerberos ticket via "kinit" and then use "aklog" to get an AFS-token.
The kerberos ticket then may also be useful for other services (web, ssh) at RZG.
For getting a token without using a Kerberos ticket, use following commands :
- aklog : convert a Kerberos Ticket into an AFS-Token (man aklog)
- unlog : destroys AFS-Token (man unlog)
- pagsh : open a shell in a new PAG. (man pagsh)
Useful commands for dealing Kerberos -tickets are:
- kinit : get a kerberos ticket (man kinit)
- klist : shows present tickets in the credential-cache (man klist)
- kdestroy : destroys an existing credential-cache (and all tickets in there) (man kdestroy)
NOTE:
Both Kerberos and AFS have "Authentication Containers", through which credentials are made available. This is necessary for multi-users machines, but also if you work alone on your machine it helps you to work with different identities at the same time. In Kerberos it is called "Credential Cache", AFS it is a "PAG" (process authentication group).
Windows
For Windows, you should click on the lock-symbol in your system-tray and then type your password there.
