aklog - Obtain tokens for authentication to AFS

aklog [ -d ] [ -hosts ] [ -zsubs ] [ -noprdb ] [ [ -cell | -c ] cell [ -k kerberos-realm ] ] [ [ -path | -p ] pathname ]

The aklog program is used to authenticate to a cell or directory in AFS, the Andrew Filesystem, by obtaining AFS tokens. Ordinarily, aklog is not used directly but called by attach(1).

If aklog is invoked with no command line arguments, it will obtain tokens for the workstation's local cell. It is possible to invoke aklog with arbitrarily many cells and pathnames specified on the command line. aklog knows how to expand cell name abbreviations, so short forms of cell names can be use used. In addition, aklog understands the following command line options:

-cell | -c cell

This flag is not ordinarily necessary since aklog can usually figure out when an argument is a cell. It can be used to introduce a cell name that would ordinarily be mistaken for a path name if this should be required. If this flag is omitted, an argument will be treated as a cell name if it contains no slashes (/) and is neither "." nor ".." .

-k kerberos-realm

This flag is valid only when immediately following the name of a cell. It is used to tell aklog what kerberos realm should be used while authenticating to the preceding cell. This argument is unnecessary except when the workstation is not properly configured. Ordinarily, aklog can determine this information on its own.

-path | -p pathname

Like the -cell flag, this flag is usually unnecessary. When it appears, the next command line argument is always treated as a path name. Ordinarily, an argument is treated as a path name if it is "." or ".." or if it contains a slash (/).

-hosts

Prints all the server addresses which may act as a single point of failure in accessing the specified directory path. Each element of the path is examined, and as new volumes are traversed, if they are not replicated, the server's IP address containing the volume will be displayed. Attach(1) invokes aklog with this option. The output is of the form

host: IP address

-zsubs

Causes the printing of the zephyr subscription information that a person using a given path or cell would want. Attach(1) invokes aklog with this option. The output is of the form

zsub: instance

where instance is the instance of a class filsrv zephyr subscription.

-noprdb

Ordinarily, aklog looks up the AFS ID corresponding to the name of the person invoking the command. Specifying this flag turns off this functionality. This may be desirable if the protection database is unavailable for some reason and tokens are desired anyway.

-d

Turns on printing of debugging information. This option is not intended for general users.

The exit status of aklog will be one of the following:

0

Success -- No error occurred.

1

Usage -- Bad command syntax; accompanied by a usage message.

2

Something failed -- More than one cell or pathname was given on the command line and at least one failure occurred. A more specific error status is returned when only one directive is given.

3

AFS -- Unable to get AFS configuration or unable to get information about a specific cell.

4

Kerberos -- Unable to get tickets for authentication.

5

Token -- Unable to get tokens.

6

Bad pathname -- The path given was not a directory or lstat(2) failed on some component of the pathname.

7

Miscellaneous -- An internal failure occurred. For example, aklog returns this if it runs out of memory.

To get tokens for the local cell:

% aklog

To get tokens for the athena.mit.edu cell:

% aklog athena.mit.edu

or

% aklog athena

To get tokens adequate to read /afs/athena.mit.edu/user/p/potato:

% aklog /afs/athena.mit.edu/user/p/potato

To get tokens for a test cell that is in a test Kerberos realm:

% aklog testcell.mit.edu -k TESTREALM.MIT.EDU

attach(1), tokens(1), unlog(1)

Emanuel Jay Berkenbilt (MIT-Project Athena)