Linux has had an in-tree AFS client cache manager ("kAFS") for some time now. Official documentation exists in the kernel tree and is available via the web at That document details how to build kAFS support into the kernel, how to mount AFS, and more.

Using the Linux Kernel Keyring facilities for Tokens

The kafs-friendly 'aklog' program is available as part of kafs-client . The kafs-client source git is available at and pre-built RPMs are available at . The system services as part of kafs-client will mount afs in /kafs instead of /afs (and you may need to pre-create /kafs ) -- you do not need to start the system services to run 'aklog' .

Chaskiel Grundman has written a kafs-friendly aklog program which uses krb5 tickets to obtain AFS tokens and install them into the kernel keyring. It is available, under GPLv2 or later, as aklog-kafs-kdf.c in file:///afs/ (grab the whole directory and run make; if your cell is not using rxkad-kdf, file:///afs/ is also available).

Note that it may be necessary to manually modprobe the rxkad module. Failing to have that security mechanism available may cause somewhat mysterious Key was rejected by service errors when attempting to access AFS mountpoints while a rxrpc key is on the keyring.

Userland Utilities Using Linux AF_RXRPC Support

As part of the kAFS effort, the Linux kernel now offers AF_RXRPC sockets. A series of AFS userland utilities written to use this implementation of rx is available at; the code is mostly Python with some FFI shims and is available under GPLv2 or later.

Additional Resources