Provided by: kafs-client_0.5-2_amd64 bug

NAME
       kafs - In-kernel AFS filesystem


DESCRIPTION
       kafs  is  a network filesystem driver in the Linux kernel that is able to access AFS cells
       and the servers contained therein to locate the logical volumes that comprise the cell and
       the files contained in each volume.

       It  supports  transport  over  IPv4  UDP and IPv6 UDP and security based on Kerberos.  The
       authentication token is used to define the  user  for  the  purpose  of  providing  access
       control as well as providing communications security.

       The  filesystem  is  of  type "afs" and the mount command can be used to mount afs volumes
       manually using the "-t" flag on mount(8).


SETTING UP
       The kafs-client package should be installed to so that systemd is configured to include  a
       mount  of AFS dynamic root on /afs.  Note that mounting /afs is not enabled by default, so
       if it is needed, then systemd should be told to enable it.  This  can  be  done  with  the
       following step:

              systemctl enable afs.mount

       This  will  mount  a  special  directory  on  /afs which will be populated by an automount
       directory for each cell listed in the configuration.  Doing a pathwalk into one  of  these
       directories  will  result  in  the  afs.cell  volume from the cell being mounted onto that
       directory.

       Local configuration should be placed in a file in the /etc/kafs/client.d/ directory.  This
       will be included from client.conf in the next directory up.

       Typically  in  the  local configuration, the local cell name would be specified and backup
       details of its Volume Location server addresses would be given.

       Also  any  overrides  for  the  @sys  filename  substitution  would  be  specified.    See
       kafs-client.conf(5).


OPERATION
       Once  the  kafs-client  is set up (and if there's no local cell, this is practically zero-
       conf, provided the cells to be accessed are properly set up with AFSDB or SRV  records  in
       the DNS), the /afs directory can be accessed:

              ls /afs/<cell>/location/within/cell

       For example:

              ls /afs/rivendell.example.com/doc

       The  user  isn't  limited  to  cells  listed  in  /afs,  but any cell can be tried by just
       substituting the name of the cell into the above formula.  It does require the  target  to
       have DNS-based configuration provided.

       Note  that  each  logical volume gets a discrete superblock and links between volumes turn
       into kernel mountpoints that, if stepped on, cause the appropriate volume  to  be  mounted
       over them.


SECURITY
       kafs  supports  Kerberos-based authentication and communication encryption through the use
       of Kerberos.  The kinit program can be use to authenticate with a Kerberos server:

              kinit myname@RIVENDELL.EXAMPLE.COM

       and then the aklog-kafs program to get a ticket for the kernel filesystem to use:

              aklog-kafs rivendell.example.com

       This will be placed on the caller's session keyring and can be viewed there with:

              keyctl show

       Note that the default realm is assumed to be the same as the cell name, but in  all  upper
       case.


SEE ALSO
       aklog-kafs(1), kafs-client.conf(5), keyctl(1), kinit(1), rxrpc(7), session-keyring(7),
       systemctl(1)