AFS does secure authentication through tokens that are usually obtained by interactively typing a password, either when logging in or by running a program such as kinit. The token you receive is used to verify your identity to the AFS servers when accessing files. Tokens have limited lifetimes (typically 25 hours) and need to be periodically renewed. Users and processes which are not authenticated to AFS typically only have the access rights system:anyuser. A user can only have one token per cell at any given time.
Managing AFS authentication
Tokens held by the Cache Manager: User's (AFS ID 2102) tokens for firstname.lastname@example.org [Expires Jun 13 22:04] --End of list--To see the name of the user that corresponds to the given AFS id, use the command:
pts examine <AFS ID>For example:
pts examine 2102
kinit <username>to get tokens or renew tokens. For example:
kinit bovikand then type your SCS Kerberos password at the prompt.
To get tokens for another AFS cell, use the klog command:
klog <username-in-foreign-cell> -c <cellname>For example:
klog hb2q -c andrew.cmu.eduand type your password for the foreign AFS cell at the prompt.
Your AFS password for the cs.cmu.edu AFS cell is exactly the same as your SCS Kerberos password. You can use instance manager or the command passwd -k to change this password. If you want to change your AFS password in another AFS cell, use the command:
vpasswd <username-in-other-cell> -c <cellname>