[OpenAFS] Daemon logging to AFS-mounted logfile
Tino Schwarze
tino.schwarze@informatik.tu-chemnitz.de
Tue, 16 Jul 2002 08:52:20 +0200
On Mon, Jul 15, 2002 at 11:19:11PM +0200, Tino Schwarze wrote:
> > Is there a workaround for this, or am I limited to only having webpage
> > updates propogate throughout the system? These will be frontpage sites
> > so the file writing will be done by "nobody" or the apache daemon user
> > which I assume will not function in the same manner as logging.
>
> You might be able to use mod_auth_pam (I don't know the frontpage stuff)
> and have the server acquire a token on behalf of the user using
> PAM_SetCred.
Just for the sake of completeness and to feed this information to the
archives: The modified mod_auth_pam module is available at
/afs/tu-chemnitz.de/openafs/AddOn/mod_auth_pam
and
http://www.tu-chemnitz.de/urz/afs/openafs/download/AddOn/mod_auth_pam/
it supports a AuthPAM_SetCred on|off directive which allows the server
to acquire a token on behalf of the user. This in turn allows database
passwords etc. to be stored in a directory with tight access control
(the web server does not need read rights any more).
Note that this functionality is not AFS-specific, the module only adds
the pam_setcred() call neccessary to acquire credentials - a token in
conjunction with pam_afs.
HTH! Tino.
--
* LINUX - Where do you want to be tomorrow? *
http://www.tu-chemnitz.de/linux/tag/