aklog-kafs - AFS Kerberos authentication tool
aklog-kafs [-dhkV] [<cell> [<realm>]]
This program is used to get an authentication ticket from Kerberos that can be
used by the in-kernel AFS filesystem (kAFS) to perform authenticated and
encrypted accesses to the an AFS cell. Without this only unencrypted anonymous
accesses can be made.
Before calling this, the "kinit" program or similar should be invoked
to authenticate with the appropriate Kerberos server.
- <cell>
- This is the name of the cell with which the ticket is
intended to be used. If not given, the name of the default cell will be
read from "/proc/net/afs/rootcell" and used instead.
The root cell can be set in the "/etc/kafs/client" configuration
file by setting the "thiscell" in the "[defaults]"
section. If the value of thiscell is changed in the configuration file
than "kafs-preload" needs to be run to refresh the value in the
"/proc/net/afs/rootcell" file.
- <realm>
- This is the name of the Kerberos realm from which the
ticket will be obtained.
- "-h"
- Display help text and exit.
- "-d"
- Display processing messages. Specifying "-d" more
than once increases the verbosity of the messages.
- "-k"
- Manually specify keyring to add AFS key into. Otherwise, a
session keyring will be used first if found before automatically switching
to the uid-session keyring.
Valid values are:
session
uid-session
- "-V"
- Show version and exit.
# aklog-kafs -d
Default cell from /proc/net/afs/rootcell: ca-zephyr.org
Realm: CA-ZEPHYR.ORG
CELL ca-zephyr.org
PRINC afs/[email protected]
successfully added key: 44095043 to session keyring
kinit(1),
keyctl (1),
kafs-preload (8),
kafs-client.conf(5)
Copyright (C) 2018 Red Hat, Inc. All Rights Reserved.
Written by David Howells <
[email protected]>
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
version.