I have an AFS server at home that's not exposed to the public internet.
When I'm not home, occasionally I'd like to have secure access to the file
system.
At first I tried to VPN into my home network to have access to the AFS
server as a local host, but I'm having trouble setting this up right now
for reasons not related to AFS--some openvpn server issue where I'm able to
establish the VPN connection but unable to see any other hosts except the
VPN server itself.
My current attempt is to use SSH to forward all the relevant openafs ports
as local services, and then try to trick my AFS client into connecting to
127.0.0.1. I'm forwarding the ports 88, 7000-7007, using a command similar
to this:
ssh -N myhome.com -L 88:afsserver:88 -L 7000:afsserver:7000 -L
7001:afsserver:7001 -L 7002:afsserver:7002 -L 7003:afsserver:7003 -L
7004:afsserver:7004 -L 7005:afsserver:7005 -L 7006:afsserver:7006 -L
7007:afsserver:7007
myhome.com is an intermediate host that exposes an SSH server, and can
locally access afsserver.local. The ports are forwarded to my laptop's
localhost. I then manipulate /etc/hosts to name 127.0.0.1 as afsserver, and
I also update CellServDB.
After this, I try to run kinit myuser && aklog -d
The kinit command succeeds, but aklog -d fails, curiously with exit status
0.
$ aklog -d
Authenticating to cell afs.example.com (server afs.example.com).
Trying to authenticate to user's realm AFS.EXAMPLE.COM.
Getting tickets: afs/[email protected]
Using Kerberos V5 ticket natively
About to resolve name admin to id in cell afs.example.com.
Error -1
Setting tokens. admin @ afs.example.com
█[laptop][Downloads][0]$
I'm also unable to read any AFS files:
cat /afs/afs.example.com/public/hola
cat: /afs/afs.example.com/public/hola: Connection timed out
How should human users of AFS interpret this "Error -1", and what can I do
about it?
I would also welcome suggestions as to how to alternative ways to achieve
my original goal, though I wouldn't feel inclined to open up all the AFS
ports directly to the public.
Thanks,
Ernesto
