University of Pretoria
Operational / Internal Site

EECE Kerberos / AFS

All staff and registered postgraduate students are provided with a Kerberos / AFS account. Selected undergraduate students, typically from 3rd year onwards, are also allowed to obtain Kerberos / AFS accounts. If you do not have an account and qualify for one, please contact the Departmental System Administrator to have an account created.

Home Directories

The user home directories are found under /afs/ A second level of subdirectories have been created to minimise the number of directories in the main home directory. The user's home directory will be in the second level subdirectory with name the last letter / number of the user's username. In other words, the home directory of the user with username johndoe will be /afs/


AFS is based on a token system, in which you are allowed to access your disk space if you have valid AFS tokens. If your computer is left on for an extended period of time, you will need to get AFS tokens again, and you will also need Kerberos tickets as well. To get these things, you can enter the following:

Once you have the necessary access credentials, connect to a cluster node or the passthrough servers. You can access your home directory via the above mentioned path. To see how much storage space you have, you can type fs listquota, which shows how much space you're using, the amount free, and some other statistics as well. Adding, deleting, and modifying information in this AFS space is done in the same way you would on a local hard disk.

kinit (your username here)

To see if you have AFS tokens, you can simply type tokens at the command prompt. If you are interested in your current Kerberos tickets, you can type klist at the prompt, and you will get a list of Kerberos tickets. Under Windows, you can use the Network Identity Manager to view the status of your tickets and tokens (it should be accessible as an icon on the right of your Windows task-bar / panel).

Kerberos v4

Note: you may see a message such as the following when running klist:

Kerberos 4 ticket cache: /tmp/tkt1045
klist: You have no tickets cached

You can ignore this warning as the EECE Cell only makes use of Kerberos v5. Kerberos v4 is an older, obsolete implementation.

Changing Passwords

On any Debian EECE machine, you can change your password using the Kerberos kpasswd command. Generally, the EECE Kerberos is so configured that you need to use a mixed case password of at least 6 characters, with digits included. In addition, the password you choose should not be any easily guessed sequence, such as a name, a phone number, an English word, an address, or any number associated with you (student number, license plate, etc.).

On a Windows machine, use the Network Identity manager to change your password.