Recently Apple released the next version of macOS, version 11.0, also known as
Big Sur. In addition to adding support for ARM-based Apple Silicon, Big Sur
removes most network APIs in the kernel from what is available for use by kernel
extensions. AuriStorFS, as a full-service file system, uses a kernel extension
to plug into the virtual filesystem (VFS) interface in order to provide access
to all processes on a machine. Following are details about installing and
configuring AuriStorFS for Big Sur. Note that some details differ between
Intel-based Macs, and systems using Apple Silicon. We will attempt to
distinguish where the steps differ.
You should also know that for Intel-based Macs, clients before AuriStorFS v0.204 when upgraded to Big Sur, will not have
access to AuriStorFS servers after upgrading; Clients which are running v0.204
for their prior macOS version will continue to have access to AuriStorFS, but as
always, AuriStor recommends that you install a matching client for the major
macOS release your system is running.
1) Download the AuriStorFS client installation package from https://www.auristor.com/filesystem/client-installer/
or your local licensed organization. If it does not mount, you will need to open
the dmg file you just downloaded.
2) Double-click on “Auristor.pkg” to open the installation app. Click “Allow” to
permit macOS to scan the application package to determine if it can be
installed. Assuming you are installing the correct version for your system's
version of macOS, the AuriStor End User License Agreement (EULA) will be
displayed for you to read and accept.
3) Read the AuriStor EULA. If you agree to the terms, click “Continue”. Otherwise,
terminate the installation app.
4) If you accepted the EULA, the installation app will display a "Read Me", which
contains basic information about the AuriStorFS installation. Read the “Read Me”
text and confirm that you are installing on Big Sur. Then click “Continue”.
5) A dialog requesting the system's default local AuriStorFS or OpenAFS cell name
will be displayed. Enter the name of the cell that you wish to be the default
for this machine.
6) An alias, which can be any name that you wish to use as an abbreviation for the
full cell name when accessing it via /afs, can also be provided. The alias is
optional. Note that entering a cell name for a cell which does not exist or is
not accessible to this system can cause delays when accessing the mounted
network drive. Select the installation location if the default is not the
desired location. Click “Install” when the installation location is correct.
7) Enter an Administrator account name and password, then click “Install Software”
to proceed.
8) The AuriStorFS client relies upon a proprietary System Extension. macOS Big Sur
blocks all third-party System Extensions by default. Click “Open Security
Preferences” to begin the process of approving the “AuriStor, Inc” System
Extension.
9) Click the lock at lower left to make changes.
10) Enter an Administrator account name and password, then click “Unlock” to
continue.
11) Click “Enable system extensions…” to continue.
Steps 12-22 apply to Apple Silicon systems only. Intel users may skip ahead to
step 23.
12) New Apple Silicon macs are configured from the
factory to only accept System Extensions from Apple. To permit third-party
System Extensions, the system must be rebooted and the Startup Security Utility
must be executed.
13) Click “Shutdown” and then hold either the “Touch ID” button or the Power button
for six seconds to enter the Startup Security Utility.
14) After the system reboots, the “Loading startup options …” message will be
displayed.
15) If this is the first time startup options are executed, you will be prompted for
your Language. Select the language of choice and click the right arrow to
continue.
16) macOS Recovery will examine the available volumes. Select the volume on which
the security policy should be set and then click “Security Policy …” to
continue.
17) The default policy is “Full Security” which only permits operating system
software and System Extensions from Apple to execute. Select the “Reduced
Security” policy and enable “Allow user management of kernel extensions from
identified developers”. (An identified developer in the context of macOS is a
developer organization registered in Apple’s Developer program that has been
approved for a System Extension Signing Certificate. “AuriStor, Inc.” is such a
developer.) After selecting the new security policy click “OK” to continue.
18) A dialog list containing the set of Administrator accounts is provided. Select
one, enter the matching password, and click “OK” to apply the Security Policy.
19) When the dialog clears the display will appear to be unchanged except that
neither “Cancel” nor “OK” are available. Select “Restart” from the Apple menu at
upper left to reboot the machine.
The system will restart.
20) After logging in to the desktop you will once again be prompted that the
“AuriStor, Inc.” System Extension has been blocked. Click “Open Security
Preferences” to continue.
21) Click the lock at lower left to make changes.
22) Enter an Administrator account name and password, then click “Unlock” to
continue.
23) The dialog will report “System software from developer ‘AuriStor, Inc.’ was
blocked from loading.” Click “Allow” to approve the “AuriStor, Inc.” System
Extension.
24) Now that the “AuriStor, Inc.” System Extension has been approved, the
system must be restarted to load it. Click “Restart” to continue.
25) After the system restarts and you have logged in to the desktop the “Security & Privacy”
will no longer prompt for “AuriStor, Inc.” approval.
26) Click the “˂” to return to the main System Preferences menu. The “AuriStor” icon will now be displayed.
27) Double-click the icon to open the AuriStorFS System Preferences dialog. When
prompted to create the “~/Library/LaunchAgents” directory, click “Create” to
continue.
28) Click “OK” to continue.
29) Click the lock at lower left to make changes.
30) Enter an Administrator account name and password, then click “OK” to continue.
31) For most configurations we recommend the following settings.
Check both "AuriStor Menu" and "Backgrounder"; in Kerberos Settings, check "Use aklog" and "Get credential at login time".
32) The AuriStor Menu will then be displayed. Click the Menu
and select “Get New Token” to acquire AuriStorFS tokens using Kerberos v5
authentication.
33) Enter your Kerberos v5 client principal and matching password,
then click “OK”.
34) If tokens are successfully acquired, the AuriStor Menu icon
will change to a checkmark badge. The token details will be listed in the
AuriStorFS Preferences dialog.
35) Open the “Terminal” application in /Applications/Utilities, and list the
“/afs” directory by running ls /afs. Upon first use of “/afs” by an application a dialog will
appear requesting permission. Click “OK” to continue.
36) After permission is
granted the contents of “/afs” will be displayed. By default, the “/afs”
directory only contains two or three entries:
- @cell – an alias to the default cell name
- The default cell name
- The alias name if configured.
To display tokens from the command line use “tokens”.
The AuriStorFS client configuration is located under the /etc/yfs directory and may be configured as with any other AuriStor client.