The OpenAFS Provider maintains a list of AFS cells for each network identity. A list is created the first time AFS tokens are obtained for an identity or when the list of cells is specified in the identity configuration panels. Each AFS cell that is listed has associated with it a token acquisition method and the name of the Kerberos realm from which the AFS service ticket can be obtained. More details are provided in the Token Aquisition Methods topic.
The following sections detail the process by which AFS cells can be specified when obtaining new credentials or configuring identities.
When the OpenAFS Provider is installed, it enhances the Network Identity Manager "New Credentials" dialog with an AFS tokens options panel. A typical new credentials dialog is shown below demonstrating AFS cells listed in the credentials summary window (Network Identity Manager version 1.2).
Clicking on the AFS link in the credentials summary window will take you to the AFS options page. Alternatively, you can select the Options >> button which expands the dialog to show the credentials type buttons, and then click the AFS button at the bottom of the expanded dialog.
The AFS identification options page is shown below
This page allows you to specify if AFS tokens are obtained for this identity and if so, for which tokens and by which method will they be obtained. By unchecking the Obtain AFS tokens checkbox, you prevent AFS tokens from being obtained for this identity.
Once the new credentials dialog successfully completes, the list of cells will be saved with the identity. The next time you obtain new credentials for the identity, the list of cells will be loaded automatically. This list can be edited either by using the new credentials dialog or the identity configuration panels. (See Changing persistent token lists).
Note that only one token can exist per cell per login session. If a token exists for cell X while logged in as user A, then any attempt to obtain credentials for cell X as user B will result in the loss of the previous token. Only one identity can posses a token for a given cell at a time.
Therefore, if you try to add a cell to an identity which is already listed in the persistent cell list for another identity or which currently exists under a different identity, you will receive a warning such as the following:
From here, you can decide to keep the cell listed for both identity (although only one of them can be active at any given time), or remove the cell from all the other identity and add it to the current one. Also, you can cancel the add cell request.
Note that if you don't click the Add / Update, the cell entry will not be updated.
When you add cells or when you view the cell list, you will see an icon next to each cell name. This icon represents the current state of the cell's token. You can double-click on the cell to get details about the state.
The configuration panel for a persistent identity contains a panel for specifying the AFS cells. This panel is identical to the panel used by the new credentials dialog. You can easily modify the cell lists as described above and click Apply and you are done.
The AFS configuration panel for an identity is shown below.
You can reach this configuration panel by opening the configuration dialog (Options menu), and then clicking the persistent identity you wish to modify options for.