[OpenAFS] AFS && Apache
Turbo Fredriksson
turbo@bayour.com
15 May 2002 09:47:03 +0200
>>>>> "Marcus" == Marcus Watts <mdw@umich.edu> writes:
Marcus> you probably somehow no longer have a token, and that's a
Marcus> kernel cache manager issue.
I set the variable 'KRB5CCNAME=FILE:/var/run/apache.krbenv', runs
'kinit -l 14d -k -t /etc/krb5.keytab.webserver webserver@BAYOUR.COM',
then I execute 'aklog'. AFTER that, I start apache... Oh, and I chown
/var/run/apache.krbenv as 33.33 (which apache is running as).
Now, doing a 'su - 33' then setting the KRB5CCNAME variable, I see
the ticket, BUT NOT THE TOKEN! Quite naturaly I can't access the web
directory...
Running 'aklog' and then logging out, I can now access the webdirectories
(via a webbrowser)...
So it seems that 'aklog' don't use the KRB5CCNAME variable, and that I
get the token in the user shell...
Maybe doing a 'su - 33 aklog' after the kinit might work?
--
Uzi Kennedy president Ft. Bragg Delta Force PLO security radar Ortega
Mossad iodine genetic CIA NORAD FSF
[See http://www.aclu.org/echelonwatch/index.html for more about this]