Linux has had an in-tree AFS client cache manager ("kAFS") for some time now. Official documentation exists in the kernel tree and is available via the web at That document details how to build kAFS support into the kernel, how to mount AFS, and more.

Using the Linux Kernel Keyring facilities for Tokens

Chaskiel Grundman has written a kafs-friendly aklog program which uses krb5 tickets to obtain AFS tokens and install them into the kernel keyring. It is available, under GPLv2 or later, as aklog-kafs-kdf.c in file:///afs/ (grab the whole directory and run make; if your cell is not using rxkad-kdf, file:///afs/ is also available).

Note that it may be necessary to manually modprobe the rxkad module. Failing to have that security mechanism available may cause somewhat mysterious Key was rejected by service errors when attempting to access AFS mountpoints while a rxrpc key is on the keyring.

Userland Utilities Using Linux AF_RXRPC Support

As part of the kAFS effort, the Linux kernel now offers AF_RXRPC sockets. A series of AFS userland utilities written to use this implementation of rx is available at; the code is mostly Python with some FFI shims and is available under GPLv2 or later.

Additional Resources