Skip to main content
To KTH's start page To KTH's start page

Kerberos tickets and AFS tokens on macOS

Many users have access to files and directories in AFS. To be able to take advantage of this, one must authenticate oneself in Kerberos and AFS. This document describes how to manually obtain kerbero tickets and AFS tokens to be able to read and write in AFS.

To connect to your AFS home directory from home, you need to be able to authenticate yourself with Kerberos tickets, have an AFS client installed and also valid AFS tokens. How to install and set up is described elsewhere on this site.

To get Kerberos tickets

The first step is to get kerbero tickets. The easiest way is via

It is located in /Applications/Utilities/

Then write

  kinit yourusernameatkth@KTH.SE

You can then see your kerbero tickets and their lifespan by writing


To end the validity of the tickets, write


To obtain AFS tokens

Finally, when you have kerbero tickets, you also need to be able to get valid AFS tickets, so-called "tokens", in order to be able to read and write your files that are in AFS. Open the Terminal program again and type


to obtain valid tokens.

You may need to enter the entire path - /usr/bin/aklog

To kill tokens, you can "unlog" in a Terminal window.

Make sure you have valid tickets

To check that you have valid kerbero tickets and tokens, do the following commands in Terminal:

"klist" to see the life of your kerbero tickets.

"tokens" to see the equivalent for AFS tokens.