[OpenAFS] Website files in AFS
Lukas Kubin
kubin@opf.slu.cz
Tue, 10 Feb 2004 17:19:23 +0100
Thank you for the link, I've read the page.
I don't understand the purpose of pagsh.openafs however. I tried the
following:
1. created system/webserver@MYREALM principal in K5
2. created system.webserver in pts
3. put system/webserver key into /etc/krb5.keytab
4. inserted following into apache's init script:
KRB5CCNAME=/tmp/krb5cc_system.webserver
kinit -k -t /etc/krb5.keytab system/webserver
aklog
The init script uses /bin/sh for execution.
Now the webserver serves files from AFS directories with "rl" rights for
system.webserver.
Is there something bad or a security item in the way I used it? What
would be the difference if I had used PAG?
Thank you.
lukas
Russ Allbery wrote:
> Lukas Kubin <kubin@opf.slu.cz> writes:
>
>
>>What is a common secure way in OpenAFS environment to allow Apache
>>webserver to access website files stored in users' home directories?
>
>
> Depending on what you mean by secure, you may find:
>
> <http://www.stanford.edu/services/afs/userguide/web-pages.html>
>
> useful.
>