- Getting started with Andrew File System and OpenAFS

OpenAFS on OS X

Download OpenAFS client

Visit and under Downloads select MacOS X:

One the download page for “OpenAFS for MacOS X”: Select your version of Mac OS X (if in doubt, click the small Apple logo in the upper left corner, and select About This Mac in the drop down menu) and download the lates OpenAFS release. At the time of this writing, OpenAFS version 1.6.x.

Install OpenAFS client

In Finder go to your Downloads folder and double click the downloaded OpenAFS .dmg file (version of OpenAFS and OS X may vary for the file you have downloaded):

Double click OpenAFS.pkg:

Click continue:

Click Continue etc. a few times:

When asked for your local cell enter the cell name for the AFS cell your wish to use (consult your IT-departments documentation) and click Continue a few more times:

Click Close:

Log in to AFS

In order to “login” to the AFS cell you are using, you need to get a token, which is then valid for a period of time (e.g. 24 hours).

Go to System Preferences:

Choose OpenAFS at the bottom (within the other section):

Click Get new Token:

Mark the flag “Use aklog” if it is not already marked.

Insert your username and Kerberos Realm. Your Kerberos Realm is the AFS Cell Name in upper case.

E.g. if your username is john and your Cell Name is and hence your Kerberos Realm is EXAMPLE.ORG you should write:


Depending on your Kerberos configuration it is enough to simply write your username (e.g. john).

If in doubt consult your IT-department.

You should now be able to see an entry in the Token list, listing the lifetime of your token etc.

Test that you are logged in

Open Finder and select Systemdisk in the upper left corner:

Enter the folder named afs:

Enter the folder with the Cell Name of your AFS Cell, and enter a folder that you need to be authenticated to access, e.g. your personal folder, which depending on the setup of the AFS cell you are using could reside in the user → <your_username> folder.

Enable data encryption by default

Authentication is always enabled, but OpenAFS for MAC does at the time of this writing not enable encryption of data transfer by default. This can be enabled by doing the following:

Enable for now

sudo fs setcrypt on

Enable when starting the cache manager

Insert the following into /var/db/openafs/etc/config/afs.conf

postcmd() {
    fs setcrypt on

The result after editing /var/db/openafs/etc/config/afs.conf will then be something like the following (ignoring blank lines and comments with the following command grep -v ^# /var/db/openafs/etc/config/afs.conf | grep -v ^$ ):

OPTIONS="-afsdb -stat 5000 -dcache 800 -daemons 8 -volumes 70 -dynroot -fakestat-all "
postcmd() {
    fs setcrypt on

Avoid various problems working with spotlight in AFS (and other networked file systems)


  1. Open Terminal.
  2. Execute this command:
    defaults write DSDontWriteNetworkStores true
  3. Either restart the computer or log out and back in to the user account.
QR Code
QR Code client:os_x (generated for current page)