[OpenAFS] Running apache from afs

[seph]

> My question is, how do I run apache, so that it is always authenticated. (I
> really don't want system:anyuser to have readaccess to our webservers' (yep,
> more of them) files ... not to speak of write-access :)
> 
> I would prefer having the webservers in a seperate group (giving
> each one it's own account) ... and allowing only that group access
> to the files.

I would use an ip acl for this. that way the webservers don't have to
deal with getting tokens. something like:

pts createuser <ip of webserver 1>
pts createuser <ip of webserver 2>
pts creategroup web-servers
pts adduser web-servers <ip of webserver 1>
pts adduser web-servers <ip of webserver 2>

seph