AFS Information


Authentication in AFS is done via the Kerberos network security system. Once a user is validated to Kerberos via an AFS password, a "ticket" or "token" is given to that user, which will permit the user to access all services specified by the ACL (Access Control List) for that user in any given AFS directory. (more info)


Information regarding the different types of permissions in AFS and how to set and list them. (more info)

File Sharing

Information regarding sharing files to single and multiple users via AFS permissions. (more info)


  • General information about AFS passwords. (more info)
  • AFS password expiration notification information. (more info)
  • The Password Expiration Date tool can help users check the expiration date of their AFS account password. (more info)

Long Running Jobs

  • Upon login to an AFS machine, a user is automatically granted a "token" by the Kerberos authentication system.  This token allows the user access to directories in AFS where that user is explicitly allowed access, such as the user's login directory tree.  Without a token, a user is in the category "system:anyuser" (anonymous), and has access only to those directories where system:anyuser is explicitly given access rights.
  • Tokens are on a per-machine basis: i.e., a user's tokens on machine-A and machine-B are not related.
  • Default token lifetime is generally 8 to 10 hours. For jobs expected to run longer than that, use krenew.

    For help in using krenew, contact

AFS Support Page

For general questions about AFS contact the IST Service Desk (973-596-2900). For specific questions or issues with AFS, please email

Last Updated: August 24, 2017