[OpenAFS] (webserver security) AFS and Apache Virtual Directory

Christopher D. Clausen cclausen@acm.org
Mon, 19 Feb 2007 09:11:59 -0600

Simon Wilkinson <sxw@inf.ed.ac.uk> wrote:
> On 19 Feb 2007, at 05:18, Christopher D. Clausen wrote:
>> I know this is an old thread, but is there any progress on the above
>> apache mod?
>> And if not, can someone provide more info on the pre-fork
>> implementations mentioned above?  (Assuming something exists and
>> its not
>> a "code your own" solution.)
> There was a presentation at the last AFS Best Practices Workshop on
> mod_waklog - which gets
> AFS tokens based on the Kerberos credentials presented to the web
> server (the demonstration used
> cosign to transfer the credentials to the server, but it should be
> possible to use SPNEGO or WebLogin
> to do the same)
> More details are available from http://www.modwaklog.org/

Oh, hmm.  I think I mis-understood something.  I was looking for 
something that allows back-end websites to run with different 
credentials under the same apache instance.  I believe that mod_waklog 
uses only user supplied credentials?  Am I missing something obvious? 
I'd like to be able to seperate virtual hosts to have different access 
to AFS for security, not authenticate users as themselves to AFS over 
the web.