[OpenAFS] Website files in AFS

Lukas Kubin kubin@opf.slu.cz
Tue, 10 Feb 2004 17:19:23 +0100


Thank you for the link, I've read the page.
I don't understand the purpose of pagsh.openafs however. I tried the 
following:

1. created system/webserver@MYREALM principal in K5
2. created system.webserver in pts
3. put system/webserver key into /etc/krb5.keytab
4. inserted following into apache's init script:

KRB5CCNAME=/tmp/krb5cc_system.webserver
kinit -k -t /etc/krb5.keytab system/webserver
aklog

The init script uses /bin/sh for execution.
Now the webserver serves files from AFS directories with "rl" rights for 
system.webserver.
Is there something bad or a security item in the way I used it? What 
would be the difference if I had used PAG?
Thank you.

lukas

Russ Allbery wrote:
> Lukas Kubin <kubin@opf.slu.cz> writes:
> 
> 
>>What is a common secure way in OpenAFS environment to allow Apache
>>webserver to access website files stored in users' home directories?
> 
> 
> Depending on what you mean by secure, you may find:
> 
>     <http://www.stanford.edu/services/afs/userguide/web-pages.html>
> 
> useful.
>