I'm an Informatics user, how do I gain access to my afs folder?
You need to get an INF kerberos ticket, then run 'aklog':
From an Informatics user perspective - what do they need to do in order to gain access?
Okay. This all becomes a little bit complicated, as it depends on how you log in to the Eddie frontend server. Let's take these in order: *) Using your Informatics Kerberos credentials. If you log in to Eddie using your inf.ed.ac.uk Kerberos credentials, you can get AFS tokens which will allow you to access your Informatics AFS space by simply running 'aklog'. *) Using your EASE Kerberos credentials, or by entering a username and password. In this case you can either replace your EASE credentials with Informatics ones once you've logged in, or set up your AFS homedirectory so it will allow your EASE identity to access it. The former can be done by running 'kinit <uun>@INF.ED.AC.UK', and then 'aklog' to obtain AFS credentials. The latter is more complex. Once logged in with EASE credentials run 'aklog' - this will create an entry for your EASE identity in the Informatics AFS cell. Then, on an informatics host, you can add that identity to the ACLs of the directories you wish it to access with 'fs setacl -dir <directory> -acl <uun>@EASE.ED.AC.UK all'. Once that is done, you can access those directories using your EASE identity from Eddie, as long as you run 'aklog' upon login. *) By ssh public key. In this case, you have no Kerberos credentials on Eddie. ou will need to obtain some by running kinit (either for the Informatics realm, in which case the first set of instructions above apply, or for the EASE realm, in which case the second set apply)
Does authentication require any manual steps, or does the EASE ticket they get when they authenticate work enough?
There are manual steps required - every step requires the user to run 'aklog' before they can access AFS. If you were willing, it is possible to automate aklog by adding a PAM stack entry - which would have no effect for users not already in the Informatics AFS database. There are also manual steps involved to configure a users AFS filespace so that it supports access from an EASE.ED.AC.UK (rather than INF.ED.AC.UK) principal.