kAFS Client

The kafs-client package provides the following features:

The sources can be found in a git repository here.

systemd Integration

Two systemd unit files are provided. The first, kafs-config.service loads the configuration into the kernel. This is a one-shot service normally executed as a dependency of the second unit. The second unit, afs.mount mounts a dynamic root onto /afs. This starts off inactive, but can be started once with:

systemctl start afs.mount

and enabled for automatic start on boot with:

systemctl enable afs.mount


Configuration files for kafs-client can be found in the /etc/kafs/ directory. In there is a client.conf file that the code actually reads and a client.d/ directory into which the administrator can place configuration. client.conf simply parses the contents of the directory first and then the standard cellservdb file. The format of the files follows the MIT Kerberos profile file form.

As an example, a local configuration could be supplied in a file in client.d/local.conf looking something like the following:

	thiscell = my.afs.cell
	sysname = fedora28_x86 amd64_linux

	my.afs.cell = {
		use_dns = no
		servers = {
			server1.afs.cell = {
				address = 1111:2222:3333:4444:5555:6666:7777:8888
				address =

The configuration can be checked and queried with the kafs-check-config tool.


Authentication tokens can be obtained by getting a kerberos TGT, say with kinit, and then calling the aklog-kafs program to obtain a ticket from that.

aklog-kafs my.afs.cell

If the compat package is installed, this provides a synonym of aklog for the aklog-kafs program.