[OpenAFS] httpd -setpag problems?!

TIARA System Man sysman@tiara.sinica.edu.tw
Fri, 11 Jul 2008 13:53:28 +0800 

------=_Part_2537_32149526.1215755609029
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

hi guys,

i followed the "Distributed Services with OpenAFS" book instructions to set
up a keytab file for web server. it worked for while in scientific linux 4.

recently, i would like to reconfigure web server in scientific linux 5. but
this time the web server can not work. i believe i did the exactly what i
did before. following are my environment:

i generated *http.lesoleil.tiara.sinica.edu.tw* a keytab.

##### set "http.lesoleil.tiara.sinica.edu.tw" in *webservers* group.
pts membership webservers
Members of webservers (id: -400) are:
  http.lesoleil.tiara.sinica.edu.tw

##### grant *webservers* has "rlidwk" rights
[root@lupus Sites]# fs listacl .
Access list for . is
Normal rights:
  webservers rlidwk
  system:backup rl
  system:administrators rlidwka
  xxxxx rlidwka

##### i verified *http.lesoleil.tiara.sinica.edu.tw* to access the web page
folders. it could access through keytab.
kinit -l 1d -k -t /etc/httpd/conf/http.keytab HTTP/
lesoleil.tiara.sinica.edu.tw
aklog

[root@lesoleil ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: HTTP/lesoleil.tiara.sinica.edu.tw@TIARA.SINICA.EDU.TW

Valid starting     Expires            Service principal
07/11/08 12:05:32  07/12/08 12:08:56  krbtgt/TIARA.SINICA.EDU.TW@
TIARA.SINICA.EDU.TW
07/11/08 12:05:38  07/12/08 12:08:56  afs@TIARA.SINICA.EDU.TW

Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
[root@lesoleil ~]# tokens

Tokens held by the Cache Manager:

User's (AFS ID 402) tokens for afs@tiara.sinica.edu.tw [Expires Jul 12
12:08]
   --End of list--

[root@lupus Sites]# touch test

BUT, i modify "/etc/rc.d/init.d/httpd" file as  following :
(omit)
PRE_CMD1="/usr/kerberos/bin/kinit -l 1d -k -t /etc/httpd/conf/http.keytab
HTTP/lesoleil.tiara.sinica.edu.tw"
PRE_CMD2="/usr/bin/aklog -d -setpag"
POST_CMD="/usr/kerberos/bin/kdestroy"
(omit)
start() {
        echo -n $"Starting $prog: "
        check13 || exit 1
        $PRE_CMD1 ; $PRE_CMD2
        LANG=$HTTPD_LANG daemon $httpd $OPTIONS
        RETVAL=$?
        echo
        [ $RETVAL = 0 ] && touch ${lockfile}
        $POST_CMD
        return $RETVAL
}
(omit)

restart the httpd. apache could not get the tokens. it allways compains

(13)Permission denied: /home/xxxxx/Sites/.htaccess pcfg_openfile: unable to
check htaccess file, ensure it is readable

i use openafs-client-1.4.7-68.SL5.x86_64 and kernel verion is
2.6.18-92.1.6.el5.

could any one help me to debug this? thanks a million!!

best, sam

-- 
Sam Tseng
Academia Sinica
Institute of Astronomy and Astrophysics
Tel.: +886-2-33652200 ext 742
Fax: +886-2-23677849

------=_Part_2537_32149526.1215755609029
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

hi guys,<br><br>i followed the &quot;Distributed Services with OpenAFS&quot; book instructions to set up a keytab file for web server. it worked for while in scientific linux 4. <br><br>recently, i would like to reconfigure web server in scientific linux 5. but this time the web server can not work.  i believe i did the exactly what i did before. following are my environment:<br>
<br>i generated *<a href="http://http.lesoleil.tiara.sinica.edu.tw">http.lesoleil.tiara.sinica.edu.tw</a>* a keytab. <br><br>##### set &quot;<a href="http://http.lesoleil.tiara.sinica.edu.tw">http.lesoleil.tiara.sinica.edu.tw</a>&quot; in *webservers* group.<br>
pts membership webservers<br>Members of webservers (id: -400) are:<br>&nbsp; <a href="http://http.lesoleil.tiara.sinica.edu.tw">http.lesoleil.tiara.sinica.edu.tw</a><br><br>##### grant *webservers* has &quot;rlidwk&quot; rights<br>
[root@lupus Sites]# fs listacl . <br>Access list for . is<br>Normal rights:<br>&nbsp; webservers rlidwk<br>&nbsp; system:backup rl<br>&nbsp; system:administrators rlidwka<br>&nbsp; xxxxx rlidwka<br><br>##### i verified *<a href="http://http.lesoleil.tiara.sinica.edu.tw">http.lesoleil.tiara.sinica.edu.tw</a>* to access the web page folders. it could access through keytab.<br>
kinit -l 1d -k -t /etc/httpd/conf/http.keytab HTTP/<a href="http://lesoleil.tiara.sinica.edu.tw">lesoleil.tiara.sinica.edu.tw</a><br>aklog<br clear="all"><br>[root@lesoleil ~]# klist <br>Ticket cache: FILE:/tmp/krb5cc_0<br>
Default principal: HTTP/<a href="http://lesoleil.tiara.sinica.edu.tw">lesoleil.tiara.sinica.edu.tw</a>@<a href="http://TIARA.SINICA.EDU.TW">TIARA.SINICA.EDU.TW</a><br><br>Valid starting&nbsp;&nbsp;&nbsp;&nbsp; Expires&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Service principal<br>
07/11/08 12:05:32&nbsp; 07/12/08 12:08:56&nbsp; krbtgt/<a href="http://TIARA.SINICA.EDU.TW">TIARA.SINICA.EDU.TW</a>@<a href="http://TIARA.SINICA.EDU.TW">TIARA.SINICA.EDU.TW</a><br>07/11/08 12:05:38&nbsp; 07/12/08 12:08:56&nbsp; <a href="mailto:afs@TIARA.SINICA.EDU.TW">afs@TIARA.SINICA.EDU.TW</a><br>
<br>Kerberos 4 ticket cache: /tmp/tkt0<br>klist: You have no tickets cached<br>[root@lesoleil ~]# tokens<br><br>Tokens held by the Cache Manager:<br><br>User&#39;s (AFS ID 402) tokens for <a href="mailto:afs@tiara.sinica.edu.tw">afs@tiara.sinica.edu.tw</a> [Expires Jul 12 12:08]<br>
&nbsp;&nbsp; --End of list--<br><br>[root@lupus Sites]# touch test<br><br>BUT, i modify &quot;/etc/rc.d/init.d/httpd&quot; file as&nbsp; following :<br>(omit)<br>PRE_CMD1=&quot;/usr/kerberos/bin/kinit -l 1d -k -t /etc/httpd/conf/http.keytab HTTP/<a href="http://lesoleil.tiara.sinica.edu.tw">lesoleil.tiara.sinica.edu.tw</a>&quot;<br>
PRE_CMD2=&quot;/usr/bin/aklog -d -setpag&quot;<br>POST_CMD=&quot;/usr/kerberos/bin/kdestroy&quot;<br>(omit)<br>start() {<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; echo -n $&quot;Starting $prog: &quot;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; check13 || exit 1<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; $PRE_CMD1 ; $PRE_CMD2<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; LANG=$HTTPD_LANG daemon $httpd $OPTIONS<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; RETVAL=$?<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; echo<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [ $RETVAL = 0 ] &amp;&amp; touch ${lockfile}<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; $POST_CMD<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return $RETVAL<br>}<br>(omit)<br><br>restart the httpd. apache could not get the tokens. it allways compains <br>
<br>(13)Permission denied: /home/xxxxx/Sites/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable<br><br>i use openafs-client-1.4.7-68.SL5.x86_64 and kernel verion is 2.6.18-92.1.6.el5.<br><br>could any one help me to debug this? thanks a million!!<br>
<br>best, sam<br><br>-- <br>Sam Tseng<br>Academia Sinica<br>Institute of Astronomy and Astrophysics<br>Tel.: +886-2-33652200 ext 742<br>Fax: +886-2-23677849

------=_Part_2537_32149526.1215755609029--