AFS from a user perspective
Centralized file systems like AFS provide a number of benefits to users,
including having a common user name and password for access to all client
computers in the cell (on which the user is defined).
Other benefits include a common home directory,
reduced need for file transfers,
increased file security and the elimination of the need to move home directories
as computers are retired.
In general AFS can be used in the same manner as a regular Unix
file system but the way in which permissions work can effect
how users manage their accounts. Users who run long jobs or disk
intensive jobs may also need to adjust the ways in which they work. People who
compile and run their own programs need to learn how to manage a single account shared between
multiple hardware platforms (e.g. a program compiled for Linux will not run under AIX)
- AFS client software runs on the user's workstation or compute server. The client
software implements a new filesystem type and diverts all file-related system calls.
- A client is a member of just one cell at a time, but can see other cells if mount
points have been configured for them.
- The AFS filesystem is conventionally mounted on
/afs.
All clients see the exact same filesystem tree below the mount point (cf NFS).
Clients can mount AFS at any desired point. /afs is conventional. Symbolic links may be made into AFS
to make more convenient pathnames. E.g. /ufac -> /afs/northstar.dartmouth.edu/ufac. The name
@cell is often a symlink to the cell name.
/afs/@cell -> /afs/northstar.dartmouth.edu/
- The top level of a particular cell is conventionally mounted below the AFS root, and is
named for the cell's full DNS name to ensure global uniqueness (e.g.
/afs/northstar.dartmouth.edu)
- The local AFS client implements caching of files and metadata.
Connections to AFS servers
are stateful, with callbacks from the servers to maintain cache coherency. The cache may be maintained
in memory or on disk (more common). (cf NFS). Clients may be tuned for cache size, file size,
expected network traffic etc.
- Users identify themselves to the system with a secure (kerberos-based) password. A limited-lifetime
token is granted (25 hour default lifetime). This process is usually integrated with the initial
login to the system. It can be performed as a separate step if needed, allowing for the client usernames
to be unrelated to the AFS names.
- With integrated login and authentication, users will use the same username and password to log in
to any client computer to which the username is known. This gives simplicity of account maintenance
and user training. (cf NFS/NIS). The actual passwords are stored in a replicated database on the AFS
servers.
- AFS can be used without authentication to distribute publicly readable files.
