AFS from a user perspective
Centralized file systems like AFS provide a number of benefits to users,
including having a common user name and password for access to all client
computers in the cell (on which the user is defined).
Other benefits include a common home directory,
reduced need for file transfers,
increased file security and the elimination of the need to move home directories
as computers are retired.
In general AFS can be used in the same manner as a regular Unix
file system but the way in which permissions work can effect
how users manage their accounts. Users who run long jobs or disk
intensive jobs may also need to adjust the ways in which they work. People who
compile and run their own programs need to learn how to manage a single account shared between
multiple hardware platforms (e.g. a program compiled for Linux will not run under AIX)
- AFS client software runs on the user's workstation or compute server. The client
software implements a new filesystem type and diverts all file-related system calls.
- A client is a member of just one cell at a time, but can see other cells if mount
points have been configured for them.
- The AFS filesystem is conventionally mounted on
All clients see the exact same filesystem tree below the mount point (cf NFS).
- The top level of a particular cell is conventionally mounted below the AFS root, and is
named for the cell's full DNS name to ensure global uniqueness (e.g.
- The local AFS client implements caching of files and metadata.
- Users identify themselves to the system with a secure (kerberos-based) password. A limited-lifetime
token is granted (25 hour default lifetime). This process is usually integrated with the initial
login to the system. It can be performed as a separate step if needed, allowing for the client usernames
to be unrelated to the AFS names.
- With integrated login and authentication, users will use the same username and password to log in
to any client computer to which the username is known. This gives simplicity of account maintenance
and user training. (cf NFS/NIS). The actual passwords are stored in a replicated database on the AFS
- AFS can be used without authentication to distribute publicly readable files.