Authentication in AFS is done via the Kerberos network security system. Once a user is validated to Kerberos via an AFS password, a "ticket" or "token" is given to that user, which will permit the user to access all services specified by the ACL (Access Control List) for that user in any given AFS directory. (more info)
Permissions
Information regarding the different types of permissions in AFS and how to set and list them. (more info)
File Sharing
Information regarding sharing files to single and multiple users via AFS permissions. (more info)
Password
General information about AFS passwords. (more info)
Long Running Jobs
Upon login to an AFS machine, a user is automatically granted a "token" by the Kerberos authentication system. This token allows the user access to directories in AFS where that user is explicitly allowed access, such as the user's login directory tree. Without a token, a user is in the category "system:anyuser" (anonymous), and has access only to those directories where system:anyuser is explicitly given access rights.
Tokens are on a per-machine basis: i.e., a user's tokens on machine-A and machine-B are not related.
Default token lifetime is generally 8 to 10 hours. For jobs expected to run longer than that, use krenew.