[OpenAFS] AFS && Apache

Tino Schwarze tino.schwarze@informatik.tu-chemnitz.de
Wed, 15 May 2002 09:35:44 +0200

On Wed, May 15, 2002 at 08:49:27AM +0200, Turbo Fredriksson wrote:

> In the init scripts, i get a KerberosV ticket AND a
> AFS token...

Maybe it would suffice for your purpose to use a IP-based ACL? This is
easier than messing with tokens (which expire after some time and
therefore need to be reacquired). I also consider it to be equally
secure provided that there are no other services running on the web
server which can be used to retrieve files.

IP-based ACL works as follows:
- create a PTS user named like the IP, e.g.
  pts createuser
- add this IP to a PTS group - this is the only way to use it.
- wait up to 4 hours for the file server to notice the change

Of course, using Kerberos tickets and tokens is more in line with the
general setup...

HTH! Tino.

             * LINUX - Where do you want to be tomorrow? *