Provided by: kafs-client_0.5-2_amd64 bug

NAME
       kafs - In-kernel AFS filesystem


DESCRIPTION
       kafs  is a network filesystem driver in the Linux kernel that is able to access AFS cells and the servers
       contained therein to locate the logical volumes that comprise the cell and the files  contained  in  each
       volume.

       It  supports  transport  over  IPv4  UDP and IPv6 UDP and security based on Kerberos.  The authentication
       token is used to define the user for the purpose  of  providing  access  control  as  well  as  providing
       communications security.

       The filesystem is of type "afs" and the mount command can be used to mount afs volumes manually using the
       "-t" flag on mount(8).


SETTING UP
       The  kafs-client  package  should be installed to so that systemd is configured to include a mount of AFS
       dynamic root on /afs.  Note that mounting /afs is not enabled by  default,  so  if  it  is  needed,  then
       systemd should be told to enable it.  This can be done with the following step:

              systemctl enable afs.mount

       This  will  mount  a special directory on /afs which will be populated by an automount directory for each
       cell listed in the configuration.  Doing a pathwalk into one of these  directories  will  result  in  the
       afs.cell volume from the cell being mounted onto that directory.

       Local  configuration  should  be  placed  in  a  file in the /etc/kafs/client.d/ directory.  This will be
       included from client.conf in the next directory up.

       Typically in the local configuration, the local cell name would be specified and backup  details  of  its
       Volume Location server addresses would be given.

       Also any overrides for the @sys filename substitution would be specified.  See kafs-client.conf(5).


OPERATION
       Once the kafs-client is set up (and if there's no local cell, this is practically zero-conf, provided the
       cells to be accessed are properly set up with AFSDB or SRV records in the DNS), the /afs directory can be
       accessed:

              ls /afs/<cell>/location/within/cell

       For example:

              ls /afs/rivendell.example.com/doc

       The  user  isn't limited to cells listed in /afs, but any cell can be tried by just substituting the name
       of the cell into the above formula.  It does require the target to have DNS-based configuration provided.

       Note that each logical volume gets a discrete superblock and  links  between  volumes  turn  into  kernel
       mountpoints that, if stepped on, cause the appropriate volume to be mounted over them.


SECURITY
       kafs  supports  Kerberos-based  authentication  and communication encryption through the use of Kerberos.
       The kinit program can be use to authenticate with a Kerberos server:

              kinit myname@RIVENDELL.EXAMPLE.COM

       and then the aklog-kafs program to get a ticket for the kernel filesystem to use:

              aklog-kafs rivendell.example.com

       This will be placed on the caller's session keyring and can be viewed there with:

              keyctl show

       Note that the default realm is assumed to be the same as the cell name, but in all upper case.


SEE ALSO
       aklog-kafs(1), kafs-client.conf(5), keyctl(1), kinit(1), rxrpc(7), session-keyring(7), systemctl(1)

Linux                                              16 Apr 2019                                           KAFS(7)