Provided by: openafs-client_1.6.7-1ubuntu1.1_amd64 bug

NAME

       knfs - Establishes authenticated access via the NFS/AFS Translator

SYNOPSIS

       knfs -host <host name> [-id <user ID (decimal)>]
           [-sysname <host's '@sys' value>] [-unlog] [-tokens]
           [-help]

       knfs -ho <host name> [-i <user ID (decimal)>]
           [-s <host's '@sys' value>] [-u] [-t] [-he]

DESCRIPTION

       The knfs command creates an AFS credential structure on the local machine, identifying it
       by a process authentication group (PAG) number associated with the NFS client machine
       named by the -hostname argument and by default with a local UID on the NFS client machine
       that matches the issuer's local UID on the local machine. It places in the credential
       structure the AFS tokens that the issuer has previously obtained (by logging onto the
       local machine if an AFS-modified login utility is installed, by issuing the klog command,
       or both). To associate the credential structure with an NFS UID that does not match the
       issuer's local UID, use the -id argument.

       Issue this command only on the NFS(R)/AFS translator machine that is serving the NFS
       client machine, after obtaining AFS tokens on the translator machine for every cell to
       which authenticated access is required. The Cache Manager on the translator machine uses
       the tokens to obtain authenticated AFS access for the designated user working on the NFS
       client machine. This command is not effective if issued on an NFS client machine.

       To enable the user on the NFS client machine to issue AFS commands, use the -sysname
       argument to specify the NFS client machine's system type, which can differ from the
       translator machine's. The NFS client machine must be a system type for which AFS is
       supported.

       The -unlog flag discards the tokens in the credential structure, but does not destroy the
       credential structure itself. The Cache Manager on the translator machine retains the
       credential structure until the next reboot, and uses it each time the issuer accesses AFS
       through the translator machine. The credential structure only has tokens in it if the user
       reissues the knfs command on the translator machine each time the user logs into the NFS
       client machine.

       To display the tokens associated with the designated user on the NFS client machine,
       include the -tokens flag.

       Users working on NFS client machines of system types for which AFS binaries are available
       can use the klog command rather than the knfs command.

CAUTIONS

       If the translator machine's administrator has enabled UID checking by issuing the fs
       exportafs command with the -uidcheck on argument, it is not possible to use the -id
       argument to assign the tokens to an NFS UID that differs from the issuer's local UID. In
       this case, there is no point in including the -id argument, because the only acceptable
       value (the issuer's local UID) is the value used when the -id argument is omitted.
       Requiring matching UIDs is effective only when users have the same local UID on the
       translator machine as on NFS client machines. In that case, it guarantees that users
       assign their tokens only to their own NFS sessions.

       This command does not make it possible for users working on non-supported system types to
       issue AFS commands. This is possible only on NFS clients of a system type for which AFS is
       available.

OPTIONS

       -host <host name>
           Names the NFS client machine on which the issuer is to work.  Providing a fully-
           qualified hostname is best, but abbreviated forms are possibly acceptable depending on
           the state of the cell's name server at the time the command is issued.

       -id <user ID (decimal)>
           Specifies the local UID on the NFS client to which to assign the tokens. The NFS
           client identifies file requests by the NFS UID, so creating the association enables
           the Cache Manager on the translator machine to use the appropriate tokens when filling
           the requests. If this argument is omitted, the command interpreter uses an NFS UID
           that matches the issuer's local UID on the translator machine (as returned by the
           getuid() function).

       -sysname <host's '@sys' value>
           Specifies the value that the local (translator) machine's remote executor daemon
           substitutes for the @sys variable in pathnames when executing AFS commands issued on
           the NFS client machine (which must be a supported system type). If the NFS user's PATH
           environment variable uses the @sys variable in the pathnames for directories that
           house AFS binaries (as recommended), then setting this argument enables NFS users to
           issue AFS commands by leading the remote executor daemon to access the AFS binaries
           appropriate to the NFS client machine even if its system type differs from the
           translator machine's.

       -unlog
           Discards the tokens stored in the credential structure identified by the PAG
           associated with the -host argument and, optionally, the -id argument.

       -tokens
           Displays the AFS tokens assigned to the designated user on the indicated NFS client
           machine.

       -help
           Prints the online help for this command. All other valid options are ignored.

OUTPUT

       The following error message indicates that UID checking is enabled on the translator
       machine and that the value provided for the -id argument differs from the issuer's local
       UID.

          knfs: Translator in 'passwd sync' mode; remote uid must be the same as
          local uid

EXAMPLES

       The following example illustrates a typical use of this command. The issuer "smith" is
       working on the machine "nfscli1.abc.com" and has user ID 1020 on that machine. The
       translator machine "tx4.abc.com" uses an AFS-modified login utility, so "smith" obtains
       tokens for the ABC Corporation cell automatically upon login via the telnet program. She
       then issues the klog command to obtain tokens as "admin" in the ABC Corporation's test
       cell, "test.abc.com", and the knfs command to associate both tokens with the credential
       structure identified by machine name "nfs-cli1" and user ID 1020. She breaks the
       connection to "tx4" and works on "nfscli1".

          % telnet tx4.abc.com
          . . .
          login: smith
          Password:
          AFS(R) login

          % klog admin -cell test.abc.com
          Password:

          % knfs nfscli1.abc.com 1020

          % exit

       The following example shows user smith again connecting to the machine "tx4" via the
       telnet program and discarding the tokens.

          % telnet translator4.abc.com
          . . .
          login: smith
          Password:
          AFS(R) login

          % knfs nfscli1.abc.com 1020 -unlog

          % exit

PRIVILEGE REQUIRED

       None

SEE ALSO

       klog(1), pagsh(1)

COPYRIGHT

       IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

       This documentation is covered by the IBM Public License Version 1.0.  It was converted
       from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by
       Alf Wachsmann and Elizabeth Cassell.