[OpenAFS] Webserver, openAFS, kerberos

Thomas Kula kula@tproa.net
Mon, 26 Feb 2007 08:36:08 -0500

On Mon, Feb 26, 2007 at 01:52:14PM +0100, Alexander Al wrote:
> Hi,
> We have a openAFS-server on FC5 and in time we will provide
> a X window terminal server on our network. The latter isn't the problem.
> But there is also a request for servicing a Webserver. Now I have here
> a problem, is there a system or method that users can have a public_html
> folder in their home-dirs on the openAFS-server but Apache can read
> those directory's?

I use k5start [1] to run Apache with a keytab that is used to 
get get afs credentials, and then set the ACLs on the directories
holding the webpages appropriately so that the web server user 
can read the files. 

If you use public_html directories in a user's home directory,
the user's home directory, of course, will need to have
appropriate permissions so that the web server can get to
the public_html directory --- "system:anyuser l" or
"webuser l" or something like that.

[1]: http://www.eyrie.org/~eagle/software/kstart/

Thomas L. Kula | kula@tproa.net | http://kula.tproa.net/