[OpenAFS] AFS and Apache Virtual Directory

Russ Allbery rra@stanford.edu
Tue, 22 Nov 2005 16:22:32 -0800

Jim Rees <rees@umich.edu> writes:

> Those of you who are running apache authenticated to afs, I'm just
> curious... why?

I'm very unsure how to answer that question.

First try: Because unauthenticated access to AFS means either using
IP-based ACLs, which haven no encryption and have to be fiddled with every
time web servers move data centers or renumber for some reason and which
occasionally have other forms of odd problems, or opening the web content
up to system:anyuser even if it requires authentication via .htaccess.

Second try: One of the nice things about shared file systems is that they
let lots of people put data into them without having to log on to a
particular server.

I mean, it seems to me to be such an obvious thing to do that I don't even
know why it would surprise you.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>