<para>This chapter introduces basic AFS concepts and terms. It assumes that you are already familiar with standard UNIX commands,
file protection, and pathname conventions.</para>
<sect1id="HDRWQ3">
<title>AFS Concepts</title>
<para>AFS makes it easy for people to work together on the same files, no matter where the files are located. AFS users do not
have to know which machine is storing a file, and administrators can move files from machine to machine without interrupting
user access. Users always identify a file by the same pathname and AFS finds the correct file automatically, just as happens in
the local file system on a single machine. While AFS makes file sharing easy, it does not compromise the security of the shared
files. It provides a sophisticated protection scheme. <indexterm><primary>AFS</primary><secondary>sharing information</secondary></indexterm><indexterm><primary>AFS</primary><secondary>transparent access</secondary></indexterm></para>
<sect2id="Header_9">
<title>Client/Server Computing</title>
<para>AFS uses a <emphasis>client/server computing</emphasis> model. In client/server computing, there are two types of
machines. <emphasis>Server machines</emphasis> store data and perform services for client machines. <emphasis>Client
machines</emphasis> perform computations for users and access data and services provided by server machines. Some machines act
as both clients and servers. In most cases, you work on a client machine, accessing files stored on a file server machine.
<indexterm><primary>client/server computing</primary></indexterm><indexterm><primary>client machine</primary></indexterm><indexterm><primary>server machines defined</primary></indexterm><indexterm><primary>machines</primary><secondary>server</secondary></indexterm><indexterm><primary>machines</primary><secondary>client</secondary></indexterm><indexterm><primary>communication</primary><secondary>between clients and servers</secondary></indexterm></para>
</sect2>
<sect2id="Header_10">
<title>Distributed File Systems</title>
<para>AFS is a <emphasis>distributed file system</emphasis> which joins together the file systems of multiple file server
machines, making it as easy to access files stored on a remote file server machine as files stored on the local disk. A
distributed file system has two main advantages over a conventional centralized file system: <indexterm><primary>distributed file system</primary></indexterm>
<itemizedlist>
<listitem>
<para>Increased availability: A copy of a popular file, such as the binary for an application program, can be stored on
many file server machines. An outage on a single machine or even multiple machines does not necessarily make the file
unavailable. Instead, user requests for the program are routed to accessible machines. With a centralized file system, the
loss of the central file storage machine effectively shuts down the entire system.</para>
</listitem>
<listitem>
<para>Increased efficiency: In a distributed file system, the work load is distributed over many smaller file server
machines that tend to be more fully utilized than the larger (and usually more expensive) file storage machine of a
centralized file system.</para>
</listitem>
</itemizedlist>
</para>
<para>AFS hides its distributed nature, so working with AFS files looks and feels like working with files stored on your local
machine, except that you can access many more files. And because AFS relies on the power of users' client machines for
computation, increasing the number of AFS users does not slow AFS performance appreciably, making it a very efficient
<para>AFS acts as an extension of your machine's local UNIX file system. Your system administrator creates a directory on the
local disk of each AFS client machine to act as a gateway to AFS. By convention, this directory is called <emphasis
role="bold">/afs</emphasis>, and it functions as the root of the <emphasis>AFS filespace</emphasis>. <indexterm><primary>AFS</primary><secondary>filespace as extension of local filespace</secondary></indexterm>
<indexterm><primary>afs (/afs) directory</primary><secondary>as root of AFS filespace</secondary></indexterm><indexterm><primary>root of AFS filespace</primary></indexterm></para>
<para>Just like the UNIX file system, AFS uses a hierarchical file structure (a tree). Under the <emphasis
role="bold">/afs</emphasis> root directory are subdirectories created by your system administrator, including your home
directory. Other directories that are at the same level of the local file system as <emphasisrole="bold">/afs</emphasis>,
such as <emphasisrole="bold">/usr</emphasis>, <emphasisrole="bold">/etc</emphasis>, or <emphasis
role="bold">/bin</emphasis>, can either be located on your local disk or be links to AFS directories. Files relevant only to
the local machine are usually stored on the local machine. All other files can be stored in AFS, enabling many users to share
them and freeing the local machine's disk space for other uses.</para>
<note>
<para>You can use AFS commands only on files in the AFS filespace or the local directories that are links to the AFS
filespace.</para>
</note>
</sect2>
<sect2id="HDRWQ5">
<title>Cells and Sites</title>
<para>The <emphasis>cell</emphasis> is the administrative domain in AFS. Each cell's administrators determine how client
machines are configured and how much storage space is available to each user. The organization corresponding to a cell can be
a company, a university department, or any defined group of users. From a hardware perspective, a cell is a grouping of client
machines and server machines defined to belong to the same cell. <indexterm><primary>cells</primary><secondary>defined</secondary></indexterm> An AFS <emphasis>site</emphasis> is a
grouping of one or more related cells. For example, the cells at the Example Corporation form a single site. <indexterm><primary>site defined</primary></indexterm></para>
<para>While each cell organizes and maintains its own filespace, it can also connect with the filespace of other AFS cells.
The result is a huge filespace that enables file sharing within and across cells. <indexterm><primary>communication</primary><secondary>among cells and sites</secondary></indexterm></para>
<para>The cell to which your client machine belongs is called your <emphasis>local cell</emphasis>. All other cells in the AFS
filespace are termed <emphasis>foreign cells</emphasis>. <indexterm><primary>local cell, defined</primary></indexterm><indexterm><primary>foreign cells</primary><secondary>defined</secondary></indexterm><indexterm><primary>cells</primary><secondary>local vs. foreign</secondary></indexterm></para>
</sect2>
<sect2id="HDRWQ6">
<title>Volumes and Mount Points</title>
<para>The storage disks in a computer are divided into sections called <emphasis>partitions</emphasis>. AFS further divides
partitions into units called <emphasis>volumes</emphasis>, each of which houses a subtree of related files and directories.
The volume provides a convenient container for storing related files and directories. Your system administrators can move
volumes from one file server machine to another without your noticing, because AFS automatically tracks a volume's location.
<indexterm><primary>volumes</primary><secondary>defined</secondary></indexterm><indexterm><primary>disk partition</primary><secondary>use in AFS</secondary></indexterm></para>
<para>You access the contents of a volume by accessing its <emphasis>mount point</emphasis> in the AFS filespace. A mount
point is a special file system element that looks and acts like a regular UNIX directory, but tells AFS the volume's name.
When you change to a different directory (by using the <emphasisrole="bold">cd</emphasis> command, for example) you sometimes
<emphasis>cross</emphasis> a mount point and start accessing the contents of a different volume than before. You normally do
not notice the crossing, however, because AFS automatically interprets mount points and retrieves the contents of the new
directory from the appropriate volume. You do not need to track which volume, partition, or file server machine is housing a
directory's contents. If you are interested, though, you can learn a volume's location; for instructions, see <link
linkend="HDRWQ40">Locating Files and Directories</link>. <indexterm><primary>mount points defined</primary></indexterm><indexterm><primary>volumes</primary><secondary>accessing via mount points</secondary></indexterm></para>
<para>If your system administrator has followed the conventional practice, your home directory corresponds to one volume,
which keeps its contents together on one partition of a file server machine. User volumes are typically named <emphasis
role="bold">user.</emphasis><replaceable>username</replaceable>. For example, the volume for a user named <emphasis
role="bold">user.pat</emphasis>. However, you get an error message saying there is not enough space. You check the volume
quota for <emphasisrole="bold">user.pat</emphasis>, and find that the volume only has 50 free blocks.</para>
</sect2>
</sect1>
<sect1id="HDRWQ8">
<title>Using Files in AFS</title>
<sect2id="HDRWQ9">
<title>The Cache Manager</title>
<para>You can access the AFS filespace only when working on an AFS client machine. The <emphasis>Cache Manager</emphasis> on
that machine is your agent in accessing information stored in the AFS filespace. When you access a file, the Cache Manager on
your client machine requests the file from the appropriate file server machine and stores (<emphasis>caches</emphasis>) a copy
of it on your client machine's local disk. Application programs on your client machine use the local, cached copy of the file.
This improves performance because it is much faster to use a local file than to send requests for file data across the network
to the file server machine. <indexterm><primary>caching files</primary></indexterm><indexterm><primary>Cache Manager</primary><secondary>described</secondary></indexterm><indexterm><primary>client machine</primary></indexterm><indexterm><primary>files</primary><secondary>caching</secondary></indexterm></para>
<para>Because application programs use the cached copy of a file, any changes you make are not necessarily stored permanently
to the central version stored on the file server machine until the file closes. At that point, the Cache Manager writes your
changes back to the file server machine, where they replace the corresponding parts of the existing file. Some application
programs close a file in this way each time you issue their <emphasisrole="bold">save</emphasis> command (and then
immediately reopen the file so that you can continue working). With other programs, issuing the <emphasis
role="bold">save</emphasis> command writes the changes only to the local cached copy. If you use the latter type of text
editor, you need to close the file periodically to make sure your changes are stored permanently.</para>
<para>If a file server machine becomes inaccessible, you can continue working with the local, cached copy of a file fetched
from that machine, but you cannot save your changes permanently until the server machine is again accessible.</para>
<para>AFS uses two related mechanisms to ensure that only authorized users access the filespace: passwords and mutual
authentication. Both mechanisms require that a user prove his or her identity.</para>
<para>When you first identify yourself to AFS, you must provide the password associated with your username, to prove that you
are who you say you are. When you provide the correct password, you become <emphasis>authenticated</emphasis> and your Cache
Manager receives a <emphasis>token</emphasis>. A token is a package of information that is scrambled by an AFS authentication
program using your AFS password as a key. Your Cache Manager can unscramble the token because it knows your password and AFS's
method of scrambling. <indexterm><primary>tokens</primary><secondary>as proof of authentication</secondary></indexterm><indexterm><primary>authentication</primary><secondary>defined</secondary></indexterm></para>
<para>The token acts as proof to AFS server programs that you are authenticated as a valid AFS user. It serves as the basis
for the second means through which AFS creates security, called <emphasis>mutual authentication</emphasis>. Under mutual
authentication, both parties communicating across the network prove their identities to one another. AFS requires mutual
authentication whenever a server and client (most often, a Cache Manager) communicate with each other.</para>
<para>The mutual authentication protocol that AFS uses is designed to make it very difficult for people to authenticate
fraudulently. When your Cache Manager contacts a File Server on your behalf, it sends the token you obtained when you
authenticated. The token is encrypted with a key that only an AFS File Server can know. If the File Server can decrypt your
token, it can communicate with your Cache Manager. In turn, the Cache Manager accepts the File Server as genuine because the
File Server can decrypt and use the information in the token. <indexterm><primary>tokens</primary><secondary>use in mutual authentication</secondary></indexterm></para>
role="bold">/etc/passwd</emphasis> or equivalent). If your machine uses an AFS-modified login utility, you can change your
password with a single command. If your machine does not use an AFS-modified login utility, you must issue separate commands
to change your AFS and local passwords. See <linklinkend="HDRWQ36">Changing Your Password</link>. <indexterm><primary>UNIX, differences with AFS</primary><secondary>passwords</secondary></indexterm>
<para>In general, most systems will use a combination of PAM modules to provide both kerberos enabled logins and automatic AFS tokens on login. Often these PAM modules will also be used with screenlockers and graphic logins at the console.</para>
