[OpenAFS] (webserver security) AFS and Apache Virtual Directory
Christopher D. Clausen
cclausen@acm.org
Mon, 19 Feb 2007 09:11:59 -0600
Simon Wilkinson <sxw@inf.ed.ac.uk> wrote:
> On 19 Feb 2007, at 05:18, Christopher D. Clausen wrote:
>> I know this is an old thread, but is there any progress on the above
>> apache mod?
>>
>> And if not, can someone provide more info on the pre-fork
>> implementations mentioned above? (Assuming something exists and
>> its not
>> a "code your own" solution.)
>
> There was a presentation at the last AFS Best Practices Workshop on
> mod_waklog - which gets
> AFS tokens based on the Kerberos credentials presented to the web
> server (the demonstration used
> cosign to transfer the credentials to the server, but it should be
> possible to use SPNEGO or WebLogin
> to do the same)
>
> More details are available from http://www.modwaklog.org/
Oh, hmm. I think I mis-understood something. I was looking for
something that allows back-end websites to run with different
credentials under the same apache instance. I believe that mod_waklog
uses only user supplied credentials? Am I missing something obvious?
I'd like to be able to seperate virtual hosts to have different access
to AFS for security, not authenticate users as themselves to AFS over
the web.
<<CDC