[OpenAFS] AFS && Apache

Nathan Neulinger nneul@umr.edu
15 May 2002 07:47:40 -0500 

Something I haven't heard mentioned is that I think you pretty much have
to have "FollowSymLinks" turned on in Options in order for AFS to work.
I'm not 100% positive on this, but I seem to recall apache having
trouble crossing mount points without this.

I may be misremembering though as we have some symlinks at low levels in
our cell, but I didn't think they would impact this.

It's something for you to try if you haven't.

-- Nathan


On Wed, 2002-05-15 at 04:10, Tino Schwarze wrote:
> On Wed, May 15, 2002 at 10:45:16AM +0200, Turbo Fredriksson wrote:
> 
> >     >> So it seems that 'aklog' don't use the KRB5CCNAME variable, and
> >     >> that I get the token in the user shell...
> > 
> >     Russ> If you're using a K5 aklog
> > 
> > I do...
> > 
> > But destroying the ticket, deleting the cache file, I still have 
> > a token.. (at least 'tokens' say so).
> 
> This is because the token is stored _in kernel_ (managed by the
> appropiate AFS part of the kernel). The token is either associated to a
> UID or to a PAG (process authentication group).
> 
> A PAG is a set of two group IDs (somewhere in the range of 32000-60000,
> don't know it exactly now) which act like a magic cookie and are
> inherited by _any_ child process.  Using PAGs (e.g. by issuing "klog
> -setpag") is the safest way to use tokens since a simple "su $user" does
> not give you the token.
> 
> IIRC there is no simple way to get rid of a PAG but to create a new one.
> This way, you can have multiple shells with different tokens.
> 
> As stated by others, the Kerberos TGT is only used to get the token and
> is not used any more later.
> 
> HTH! Tino.
> 
> -- 
>              * LINUX - Where do you want to be tomorrow? *
>                   http://www.tu-chemnitz.de/linux/tag/
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
-- 


------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216