[OpenAFS] Website files in AFS
Noel Burton-Krahn
noel@bkbox.com
Tue, 10 Feb 2004 09:24:26 -0800
Hi Lukas,
I've done some work getting Apache to acquire AFS permissions. You're
welcome to try this:
http://search.cpan.org/~noelbk/Apache-AuthKrb5Afs-1.01/
--Noel
----- Original Message -----
From: "Lukas Kubin" <kubin@opf.slu.cz>
To: <openafs-info@openafs.org>
Cc: "Russ Allbery" <rra@stanford.edu>; <Todd_Lewis@unc.edu>
Sent: Tuesday, February 10, 2004 8:19 AM
Subject: Re: [OpenAFS] Website files in AFS
> Thank you for the link, I've read the page.
> I don't understand the purpose of pagsh.openafs however. I tried the
> following:
>
> 1. created system/webserver@MYREALM principal in K5
> 2. created system.webserver in pts
> 3. put system/webserver key into /etc/krb5.keytab
> 4. inserted following into apache's init script:
>
> KRB5CCNAME=/tmp/krb5cc_system.webserver
> kinit -k -t /etc/krb5.keytab system/webserver
> aklog
>
> The init script uses /bin/sh for execution.
> Now the webserver serves files from AFS directories with "rl" rights for
> system.webserver.
> Is there something bad or a security item in the way I used it? What
> would be the difference if I had used PAG?
> Thank you.
>
> lukas
>
> Russ Allbery wrote:
> > Lukas Kubin <kubin@opf.slu.cz> writes:
> >
> >
> >>What is a common secure way in OpenAFS environment to allow Apache
> >>webserver to access website files stored in users' home directories?
> >
> >
> > Depending on what you mean by secure, you may find:
> >
> > <http://www.stanford.edu/services/afs/userguide/web-pages.html>
> >
> > useful.
> >
>
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
>