.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .if !\nF .nr F 0 .if \nF>0 \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} .\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "KNFS 1" .TH KNFS 1 "2017-12-15" "OpenAFS" "AFS Command Reference" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" knfs \- Establishes authenticated access via the NFS/AFS Translator .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBknfs\fR \fB\-host\fR\ <\fIhost\ name\fR> [\fB\-id\fR\ <\fIuser\ \s-1ID\s0\ (decimal)\fR>] [\fB\-sysname\fR\ <\fIhost's\ '@sys'\ value\fR>] [\fB\-unlog\fR] [\fB\-tokens\fR] [\fB\-help\fR] .PP \&\fBknfs\fR \fB\-ho\fR\ <\fIhost\ name\fR> [\fB\-i\fR\ <\fIuser\ \s-1ID\s0\ (decimal)\fR>] [\fB\-s\fR\ <\fIhost's\ '@sys'\ value\fR>] [\fB\-u\fR] [\fB\-t\fR] [\fB\-he\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBknfs\fR command creates an \s-1AFS\s0 credential structure on the local machine, identifying it by a process authentication group (\s-1PAG\s0) number associated with the \s-1NFS\s0 client machine named by the \fB\-hostname\fR argument and by default with a local \s-1UID\s0 on the \s-1NFS\s0 client machine that matches the issuer's local \s-1UID\s0 on the local machine. It places in the credential structure the \s-1AFS\s0 tokens that the issuer has previously obtained (by logging onto the local machine if an AFS-modified login utility is installed, by issuing the \fBklog\fR command, or both). To associate the credential structure with an \s-1NFS UID\s0 that does not match the issuer's local \s-1UID,\s0 use the \fB\-id\fR argument. .PP Issue this command only on the \s-1NFS\s0(R)/AFS translator machine that is serving the \s-1NFS\s0 client machine, after obtaining \s-1AFS\s0 tokens on the translator machine for every cell to which authenticated access is required. The Cache Manager on the translator machine uses the tokens to obtain authenticated \s-1AFS\s0 access for the designated user working on the \s-1NFS\s0 client machine. This command is not effective if issued on an \s-1NFS\s0 client machine. .PP To enable the user on the \s-1NFS\s0 client machine to issue \s-1AFS\s0 commands, use the \fB\-sysname\fR argument to specify the \s-1NFS\s0 client machine's system type, which can differ from the translator machine's. The \s-1NFS\s0 client machine must be a system type for which \s-1AFS\s0 is supported. .PP The \fB\-unlog\fR flag discards the tokens in the credential structure, but does not destroy the credential structure itself. The Cache Manager on the translator machine retains the credential structure until the next reboot, and uses it each time the issuer accesses \s-1AFS\s0 through the translator machine. The credential structure only has tokens in it if the user reissues the \fBknfs\fR command on the translator machine each time the user logs into the \s-1NFS\s0 client machine. .PP To display the tokens associated with the designated user on the \s-1NFS\s0 client machine, include the \fB\-tokens\fR flag. .PP Users working on \s-1NFS\s0 client machines of system types for which \s-1AFS\s0 binaries are available can use the \fBklog\fR command rather than the \fBknfs\fR command. .SH "CAUTIONS" .IX Header "CAUTIONS" If the translator machine's administrator has enabled \s-1UID\s0 checking by issuing the \fBfs exportafs\fR command with the \fB\-uidcheck on\fR argument, it is not possible to use the \fB\-id\fR argument to assign the tokens to an \s-1NFS UID\s0 that differs from the issuer's local \s-1UID.\s0 In this case, there is no point in including the \fB\-id\fR argument, because the only acceptable value (the issuer's local \s-1UID\s0) is the value used when the \fB\-id\fR argument is omitted. Requiring matching UIDs is effective only when users have the same local \s-1UID\s0 on the translator machine as on \s-1NFS\s0 client machines. In that case, it guarantees that users assign their tokens only to their own \&\s-1NFS\s0 sessions. .PP This command does not make it possible for users working on non-supported system types to issue \s-1AFS\s0 commands. This is possible only on \s-1NFS\s0 clients of a system type for which \s-1AFS\s0 is available. .SH "OPTIONS" .IX Header "OPTIONS" .IP "\fB\-host\fR <\fIhost name\fR>" 4 .IX Item "-host " Names the \s-1NFS\s0 client machine on which the issuer is to work. Providing a fully-qualified hostname is best, but abbreviated forms are possibly acceptable depending on the state of the cell's name server at the time the command is issued. .IP "\fB\-id\fR <\fIuser \s-1ID\s0 (decimal)\fR>" 4 .IX Item "-id " Specifies the local \s-1UID\s0 on the \s-1NFS\s0 client to which to assign the tokens. The \s-1NFS\s0 client identifies file requests by the \s-1NFS UID,\s0 so creating the association enables the Cache Manager on the translator machine to use the appropriate tokens when filling the requests. If this argument is omitted, the command interpreter uses an \s-1NFS UID\s0 that matches the issuer's local \s-1UID\s0 on the translator machine (as returned by the \&\fIgetuid()\fR function). .IP "\fB\-sysname\fR <\fIhost's '@sys' value\fR>" 4 .IX Item "-sysname " Specifies the value that the local (translator) machine's remote executor daemon substitutes for the \fI\f(CI@sys\fI\fR variable in pathnames when executing \&\s-1AFS\s0 commands issued on the \s-1NFS\s0 client machine (which must be a supported system type). If the \s-1NFS\s0 user's \s-1PATH\s0 environment variable uses the \fI\f(CI@sys\fI\fR variable in the pathnames for directories that house \s-1AFS\s0 binaries (as recommended), then setting this argument enables \s-1NFS\s0 users to issue \s-1AFS\s0 commands by leading the remote executor daemon to access the \s-1AFS\s0 binaries appropriate to the \s-1NFS\s0 client machine even if its system type differs from the translator machine's. .IP "\fB\-unlog\fR" 4 .IX Item "-unlog" Discards the tokens stored in the credential structure identified by the \&\s-1PAG\s0 associated with the \fB\-host\fR argument and, optionally, the \fB\-id\fR argument. .IP "\fB\-tokens\fR" 4 .IX Item "-tokens" Displays the \s-1AFS\s0 tokens assigned to the designated user on the indicated \&\s-1NFS\s0 client machine. .IP "\fB\-help\fR" 4 .IX Item "-help" Prints the online help for this command. All other valid options are ignored. .SH "OUTPUT" .IX Header "OUTPUT" The following error message indicates that \s-1UID\s0 checking is enabled on the translator machine and that the value provided for the \fB\-id\fR argument differs from the issuer's local \s-1UID.\s0 .PP .Vb 2 \& knfs: Translator in \*(Aqpasswd sync\*(Aq mode; remote uid must be the same as \& local uid .Ve .SH "EXAMPLES" .IX Header "EXAMPLES" The following example illustrates a typical use of this command. The issuer \f(CW\*(C`smith\*(C'\fR is working on the machine \f(CW\*(C`nfscli1.abc.com\*(C'\fR and has user \&\s-1ID\s0 \f(CW1020\fR on that machine. The translator machine \f(CW\*(C`tx4.abc.com\*(C'\fR uses an AFS-modified login utility, so \f(CW\*(C`smith\*(C'\fR obtains tokens for the \s-1ABC\s0 Corporation cell automatically upon login via the \fBtelnet\fR program. She then issues the \fBklog\fR command to obtain tokens as \f(CW\*(C`admin\*(C'\fR in the \s-1ABC\s0 Corporation's test cell, \f(CW\*(C`test.abc.com\*(C'\fR, and the \fBknfs\fR command to associate both tokens with the credential structure identified by machine name \f(CW\*(C`nfs\-cli1\*(C'\fR and user \s-1ID\s0 \f(CW1020\fR. She breaks the connection to \f(CW\*(C`tx4\*(C'\fR and works on \f(CW\*(C`nfscli1\*(C'\fR. .PP .Vb 5 \& % telnet tx4.abc.com \& . . . \& login: smith \& Password: \& AFS(R) login \& \& % klog admin \-cell test.abc.com \& Password: \& \& % knfs nfscli1.abc.com 1020 \& \& % exit .Ve .PP The following example shows user smith again connecting to the machine \&\f(CW\*(C`tx4\*(C'\fR via the \fBtelnet\fR program and discarding the tokens. .PP .Vb 5 \& % telnet translator4.abc.com \& . . . \& login: smith \& Password: \& AFS(R) login \& \& % knfs nfscli1.abc.com 1020 \-unlog \& \& % exit .Ve .SH "PRIVILEGE REQUIRED" .IX Header "PRIVILEGE REQUIRED" None .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIklog\fR\|(1), \&\fIpagsh\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" \&\s-1IBM\s0 Corporation 2000. All Rights Reserved. .PP This documentation is covered by the \s-1IBM\s0 Public License Version 1.0. It was converted from \s-1HTML\s0 to \s-1POD\s0 by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.