Command Reference Manual

[Return to Library] [Contents] [Previous Topic] [Bottom of Topic] [Next Topic] [Index]

knfs

Purpose

Enables authenticated access to AFS from a non-supported NFS client using the NFS/AFS Translator

Synopsis 

knfs -host <host name> [ -id <user ID (decimal)>]
     [-sysname <host's '@sys' value>]  [-unlog]  [-tokens]  [-help]
    
knfs -ho <host name>  [-i <user ID (decimal)>]  
     [-s <host's '@sys' value>]  [-u]  [-t]  [-he]

Description

The knfs command creates an AFS credential structure for a user who is working on the NFS client machine named by the -hostname argument, and places in the credential structure AFS tokens that the user has obtained by issuing the klog command. If the -id argument is included, the credential structure is associated exclusively with the user who has the specified local UID on the NFS client machine.

Issue this command only on the NFS(R)/AFS translator machine via which the NFS client machine is accessing AFS, after issuing the klog command on the translator machine to obtain AFS tokens for every cell to which access is required. The Cache Manager on the translator machine associates the tokens with the credential structure and uses them to obtain authenticated AFS access for the user working on the NFS client machine. This command is not effective if issued on the NFS client machine.

To enable the user on the NFS client machine to issue commands from the AFS command suites, include the -sysname argument. The NFS client machine must be a system type for which AFS is supported.

The -unlog flag discards the tokens in the credential structure, but does not destroy the credential structure itself. The Cache Manager on the translator machine retains the credential structure until the next reboot, and uses it each time the issuer accesses AFS through the translator machine. The credential structure only has tokens in it if the user reissues the knfs command on the translator machine each time the user logs into the NFS client machine.

Users working on NFS client machines of system types for which AFS binaries are available (and for which the cell has purchased a license) can use the klog command rather than the knfs command.

Cautions

As noted, the -unlog flag does not destroy the credential structure, but only discards the tokens associated with it. The Cache Manager on the translator machine retains the credential structure until the next reboot and uses it whenever the issuer accesses AFS through the translator machine. One implication is that once the issuer issues the knfs command using the -id argument, he or she cannot use the generic credential structure until the machine is rebooted.

This command does not make it possible for users working on non-supported system types to issue AFS commands. This is possible only on NFS clients of a system type for which AFS is available (and for which the cell has purchased AFS).

Options

-host
Names the NFS client machine on which the issuer is working. A full name is safest, but abbreviated forms are acceptable depending on the state of the cell's name server at the time the command is issued.

-id
Specifies the issuer's user ID on the NFS client (a UNIX UID or equivalent), which NFS passes to the translator machine to identify the user. If this argument is omitted, the knfs command uses the getuid function to identify the issuer and grant appropriate permissions.

-sysname
Specifies the value of the @sys variable if the NFS client machine is running a supported operating system (one for which AFS binaries are available). This allows users on NFS client machines using defined system types to issue AFS commands.

-unlog
Discards the tokens in the credential structure identified by the PAG associated with the -host argument and, optionally, the -id argument.

-tokens
Allows users who do not have access to AFS binaries to obtain information about their AFS tokens.

-help
Prints the online help for this command. All other valid options are ignored.

Examples

The following example illustrates a typical use of this command. The issuer smith is working on the machine nfscli1.abc.com and has user ID 1020 on that machine. The translator machine he is using, tx4.abc.com, uses an AFS-modified login utility, so he obtains tokens for the ABC Corporation cell automatically when he logs in to it via the telnet program. He then issues the klog command to obtain tokens as admin in the ABC Corporation's test cell, test.abc.com, and the knfs command to associate both tokens with the credential structure identified by machine name nfs-cli1 and user ID 1020. He breaks the connection to tx4 and works on nfscli1. 

% telnet tx4.abc.com
. . .
login: smith
Password:
AFS(R) login
% klog admin -cell test.abc.com
Password:
% knfs nfscli1.abc.com 1020
% exit

The following example shows user smith again connecting to the machine tx4 via the telnet program and discarding his tokens. 

% telnet translator4.abc.com
. . .
login: smith
Password:
AFS(R) login
% knfs nfscli1.abc.com 1020 -unlog
% exit

Privilege Required

None

Related Information

klog

pagsh

[Return to Library] [Contents] [Previous Topic] [Top of Topic] [Next Topic] [Index]


© IBM Corporation 1999. All Rights Reserved