[OpenAFS] (webserver security) AFS and Apache Virtual Directory

Sun, 18 Feb 2007 23:18:48 -0600

This is a multi-part message in MIME format.

------=_NextPart_000_0B60_01C753B3.251541F0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Jeffrey Altman <jaltman@secure-endpoints.com> wrote:
> You really can't keep a separate per-thread token with AFS unless you
> are willing to use a user-mode cache manager linked to Apache.  If you
> do, you can access AFS as the user for web operations but anything
> external such as CGI/PHP, Tomcat, or ColdFusion still loses.
>
> With Apache 2.0/2.1, it is possible to construct an implementation
> using the pre-fork model that allows you to associate a single token
> with each request that will also be used for CGI/PHP but not for
> Tomcat or ColdFusion.  In this model, you can set per-directory rules
> that indicate whether the external application should run with a
> web-server token, the user token, or no token at all and manipulate
> the contents of a per-process PAG.
>
> I am working with a member of the Apache development team to develop
> an Apache 2.0/2.1 module which will provide such functionality.

I know this is an old thread, but is there any progress on the above 
apache mod?

And if not, can someone provide more info on the pre-fork 
implementations mentioned above?  (Assuming something exists and its not 
a "code your own" solution.)

<<CDC 

------=_NextPart_000_0B60_01C753B3.251541F0
Content-Type: application/x-pkcs7-signature;
	name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIICWjCCAlYw
ggG/oAMCAQICEAhWgEQ4qkOn2uxIhNojhXAwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UEBhMCWkEx
JTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQ
ZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA3MDEzMTAzNTkzOFoXDTA4MDEzMTAzNTkz
OFowQjEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEfMB0GCSqGSIb3DQEJARYQY2Ns
YXVzZW5AYWNtLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA+BmKgqaKpfuBYDUeQPWu
zchpimXNJVeeOxZ92QyM6TpFbcm2K7w+Z5lTNreT4Hfyoc3VglWOWyfqDKgPj9AUVIiXB1Vlvb5/
LjMGB9ez5KaIrBeKQBvAYxMIJfC/MFhsLCcmxvJ8hK3EUBDgnBG1htaXebO8vFzTaj8jXNLmgBMC
AwEAAaMtMCswGwYDVR0RBBQwEoEQY2NsYXVzZW5AYWNtLm9yZzAMBgNVHRMBAf8EAjAAMA0GCSqG
SIb3DQEBBQUAA4GBAHXcwpE1P5w2JA7U0cuMbsO/0PbFF8eHTKeU+b5FRHK+Z3nVxEJRN8ZkhOTy
dkaphwWPb4p5+hL5XTYKalVllN3he8GB4OBbn3RYNLsx/Cu0ugiZD/j3ojWkdTB6ZBXF184PlO1O
37bSZG0C0cNOcl908/6Si7cKJ9Y2mX7g13wNMYIB2TCCAdUCAQEwdjBiMQswCQYDVQQGEwJaQTEl
MCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBl
cnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEAhWgEQ4qkOn2uxIhNojhXAwCQYFKw4DAhoFAKCB
ujAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNzAyMTkwNTE4NDha
MCMGCSqGSIb3DQEJBDEWBBSPuW2BNi9w4oAHvj5mtiR8nC80mTBbBgkqhkiG9w0BCQ8xTjBMMAoG
CCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG
9w0DAgIBKDAHBgUrDgMCHTANBgkqhkiG9w0BAQEFAASBgGW/GoCL2ye2+T+Qc6rtyCk/ZvXoow8I
XhyVuaVsauwSYPegJvokoGhGBmya5D3lrTfxgXBWQrDwpfx9mjxQ6TVrHVGaQdsG0KMFpqmmgSe9
/c2nEO1+OnIduoUSseV/2wfKK0Be9cgcLBw430WJrKZ5UtYGea5NdNGqEpTPZzRIAAAAAAAA

------=_NextPart_000_0B60_01C753B3.251541F0--