Preface

The Andrew File System (AFS) is a location-independent file system that uses a local cache to increase its performance.  An AFS client accesses files anonymously or via a Kerberos authentication.  The global AFS is partitioned into cells.  The AFS cell is a collection of AFS volumes that are administered by a common entity.   AFS cells can be administered by a department even when the Kerberos realm used for local authentication is managed by a much larger organization.  AFS clients and servers take advantage of Kerberos cross realm authentication to enable authenticated access by entities located outside the local realm.  Authorization is enforced by the use of directory level access control lists which can consist of individual or group identities. 

The AFS volume is a tree of files and sub-directories.  AFS volumes are created by administrators and are joined to an AFS cell via the use of a mount point.   Once a volume is created, users can create files and directories as well as mount points and symlinks within the volume without regard for the physical location of the volume.  Administrators can move the volume to another server as necessary without the need to notify users.   In fact, the volume move can occur while files in the volume are in use. 

AFS volumes can be replicated to read-only copies.   When accessing files from a read-only replica, clients will read all of the data from a single replica.   If that replica becomes unavailable, the clients will failover to any replica that is reachable.  Users of the data are unaware of where the replicas are stored or which one is being accessed.   The contents of the replicas can be updated at any time by releasing the current contents of the source volume.

OpenAFS for Windows (OAFW) provides AFS client access Microsoft Windows operating systems.  It strives to maintain transparency such that the user is unaware of the distinction between the use of AFS and Microsoft Windows file shares.   OAFW can be part of a single sign-on solution by allowing credentials for a Kerberos principal to be obtained at logon and for that principal to be used to obtain AFS tokens for one or more cells.   Although OAFW is implemented as a locally installed SMB to AFS gateway, OAFW maintains the portability of file paths by its use of the \\AFS UNC server name.

OpenAFS is the product of an open source development effort begun on October 31 2000.  OpenAFS is maintained and developed by a group of volunteers with the support of the user community.   If you use OpenAFS as part of your computing infrastructure please contribute to its continued growth.