[OpenAFS] AFS && Apache
Tino Schwarze
tino.schwarze@informatik.tu-chemnitz.de
Wed, 15 May 2002 09:35:44 +0200
On Wed, May 15, 2002 at 08:49:27AM +0200, Turbo Fredriksson wrote:
> In the init scripts, i get a KerberosV ticket AND a
> AFS token...
Maybe it would suffice for your purpose to use a IP-based ACL? This is
easier than messing with tokens (which expire after some time and
therefore need to be reacquired). I also consider it to be equally
secure provided that there are no other services running on the web
server which can be used to retrieve files.
IP-based ACL works as follows:
- create a PTS user named like the IP, e.g.
pts createuser 10.1.1.1
- add this IP to a PTS group - this is the only way to use it.
- wait up to 4 hours for the file server to notice the change
Of course, using Kerberos tickets and tokens is more in line with the
general setup...
HTH! Tino.
--
* LINUX - Where do you want to be tomorrow? *
http://www.tu-chemnitz.de/linux/tag/