NCSA Home
Contact Us | Intranet | Search

Andrew File System

Getting a token on a Windows AFS Client

On January 5, 1998 NCSA switched over from using the AFS authentication service to using Kerberos V authentication. Once this was done the Logon Authentication in the AFS Client Configuration no longer worked. This was the facility that would automatically get you a token when you logged in. Also, you can no longer use the AFS Authentication manager to get a token. The reason for this has to do with NCSA having a different AFS cell name (ncsa.uiuc.edu) than our Kerberos Realm name (NCSA.EDU) (but we won't get into the details).

So in order to get a token on a Windows AFS client you will need to install the NCSA Kerberos Client distribution on your machine. If you have already installed the Kerberos Client on your machine, make sure you are using the 1.05 or greater release. You can check this by going to Start on the menu bar and selecting Programs->Kerberos 5->About. If you do not have this version, or a more current version, you will need to install the latest version. Please refer to the Installing Kerberos for Windows document for location and directions.

Note: The 1.05 or greater release will not work on AFS 3.4a clients. If you have an older AFS client then please install either the WinNT AFS 3.6 client or the Windows 9x AFS 3.6 client.

Once you have the Kerberos Client installed, to get a token you will need to run the Kerberos Credentials Manager. The Kerberos Credential Manager executable (krb5.exe) will be located in the directory where the Kerberos distribution was installed (the default directory is \Program Files\NCSA\Kerberos 5\).

When you run the Kerberos Credential Manager you will get the following window:

Kerberos Credential Manager

Now you need to set the options to enable the Credential Manager to get a token. You do so by opening the "Options..." selection in the "File" menu. In the Kerberos Options there will be an AFS Token section, make sure that the "Get" box is selected. The "Get Command" is where the aklog.exe executable is located, and should be located where the Kerberos client was installed (the default locations should work in most cases). Once those selections are set up click on OK and you will now get an AFS token when you get your Kerberos ticket.

Kerberos Options

Once you get your kerberos ticket then you should see an afs ticket as well.

Kerberos Credential Manager with tickets

If you have any problems then please send email to afs@ncsa.uiuc.edu.

University of Illinois home page NCSA Home | About NCSA | NCSA Projects | Blue Waters | NCSA News | NCSA User Info
Contact NCSA | NCSA Intranet | Site Map
Contact webmaster with questions regarding this page. Last updated May 16, 2001.
All rights reserved. ©2008 Board of Trustees of the University of Illinois.