AFS, which stands for Andrew File System, is a distributed file system developed by Carnegie Mellon University. Later in its lifetime, it was developed further by Transarc Corporation and then IBM, when it bought out Transarc.  Under IBM, OpenAFS was developed as an open source version of Carnegie Mellon University’s AFS implementation. AFS distributes, stores, and joins files on networked computers, making it possible for users to access information located on any computer in a network. AFS focuses on security and scalability, or growing for more users, and can support thousands upon thousands of users while maintaining a high level of performance and functionality.


AFS has two main methods for achieving and maintaining security on a network. First, all users are authenticated using something known as Kerberos. Kerberos uses a combination of time stamps and keys to communicate between the user and the server(s) to establish identity. This allows the user to be “authorized” to use the system. Secondly, AFS uses an access control list, which specifies what access privileges users have to a directory, specifically, the right to lookup (l), insert (i), delete (d), read (r), write (w), lock (k), or administer (a) files in a directory.  These permissions are going to be important again in the Advanced Unix Chapter.


To aid in scalability, AFS employs something known as a volume. A volume is a container that keeps a set of related files and directories together on a disk partition, such as a user’s home directory. This makes it necessary for users to know what volume their files are in, but not the physical location of those files (server, driver, folder, etc). It also allows administrators to move volumes, add more volumes, storage space, etc. without having to worry about users losing the location of their files.