On most modern systems, using Kerberos 5 for authentication and the namei fileserver backend, no particular precautions need to be taken across operating system upgrades. Legacy confiruations involving kaserver authentication or inode fileserver backends will need to undertake the following precautions.
These actions include, but are not necessarily limited to, the following.
On platforms running the inode fileserver, unmount the AFS server partitions (mounted at /vicep
directories) on all file server machines, to prevent the vendor-supplied fsck program
from running on them when you reboot the machine during installation of the new operating system. Before upgrading the
operating system, it is prudent to comment out commands in the machine's initialization file that remount the server
partitions, to prevent them from being remounted until you can replace the standard fsck
program with the AFS-modified version. The instructions in this guide for installing AFS server machines explain how to
replace the fsck program. If you are unsure if your platform uses the inode fileserver, it is worth following this advice for all platforms.
Protect the AFS-modified versions of commands and configuration files from being overwritten by vendor-supplied versions. These include vfsck (the AFS version of fsck), and configuration files such as the one for the Pluggable Authentication Module (PAM). After you have successfully installed the operating system, remember to move the AFS-modified commands and files back to the locations where they are accessed during normal functioning.