notes - OpenAFS for Debian

Installing OpenAFS on Debian-based systems

Everything needed is in the repositories:

sudo apt-get install openafs-client openafs-krb5 krb5-user libpam-krb5 libpam-afs-session

When asked for the Kerberos realm, enter TCREECH.COM. When asked for the AFS cell name, enter tcreech.com.

Issues with `sudo` killing AFS tokens on Debian Jessie/8

In my case the root user is usually local-only, and running sudo tends to result in my normal unprivileged user losing its AFS token. To fix this, I update the “Defaults” in /etc/sudoers to add the following:

Defaults        env_reset
Defaults        env_keep-="KRB5CCNAME"
Defaults        env_delete+="KRB5CCNAME"
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
Defaults        !pam_setcred

(The important bits are the lines involving KRB5CCNAME and !pam_setcred.)

This seems to no longer be an issue in Debian Stretch/9.

Installing OpenAFS on Debian-based systems

Issues with sudo killing AFS tokens on Debian Jessie/8

Issues with `sudo` killing AFS tokens on Debian Jessie/8