Node:Searching AFS files, Next:Concept Index, Previous:Access control, Up:Top

Searching AFS files

AFS is a distributed file system that enables sharing files across both local area and wide area networks. It is based on a distributed file system that was called the Andrew File System developed at Carnegie Mellon University.

Here are some general features of AFS:

1. In conjunction with Kerberos, AFS provides a global authentication system (all passwords are verified with a site-wide database).
2. Access Control Lists (ACLs) provide more flexibility in setting file access permissions than traditional Unix file systems.
3. Users can access AFS files at remote sites, if given appropriate permissions.

Mingle treats AFS files as normal files on another "disk". Current implementation supports CMU AFS file system, and may need to be revised to port to other AFS file systems.

AFS related commands include:

1. mingle init

   In order to index and search AFS files, you need to have a valid AFS user ID that are conveyed to Mingle via the Mingle init process using the following syntax:
   

   mingle init mingle-id -afs afs-id
   

   For example,
   

   mingle init mbovik -afs afsbovik
   

   associates the Mingle ID mbovik with the AFS user ID afsbovik.

   The init process interactively prompts you for your Mingle password and your AFS password, which it uses to authenticate to the master server and the Kerberos server. It also obtains a Kerberos ticket for the specified AFS user ID so that further operations such as indexing AFS files will be permitted. However, a Mingle server can hold only one (the latest) AFS user ticket at any time. Therefore, it is a good idea to perform the mingle init command every time before indexing AFS directories or files.

2. mingle kauthd

   Since a mingle server can hold only one AFS user ticket and an AFS ticket lasts for only 24 hours, the server may lose your AFS ticket when updating index tables. You can execute the mingle init command periodically, or use the mingle kauthd command to let server automatically periodically reauthenticate to Kerberos on your behalf:
   

   mingle kauthd mingle-id -afs afs-id
   

   Note that by executing the mingle kauthd command, you implicitly allow the Mingle server to remember your AFS password. However, the server will be careful not to ever write your password to the file system.

3. mingle display

   The mingle display command shows your current AFS user ID. For example,
   

   [abovik@area51]$mingle display
   Mingle ID     = mbovik
   Local user ID = gbovik
   AFS ID        = afsbovik
   

4. mingle addarp/rmarp/lsarp

   You can use the -a option to specify access-right mappings for an AFS user ID. For example,
   

   mingle addarp -a mfred afsbovik
   

   maps the Mingle user with Mingle ID mfred to AFS user ID afsbovik