[OpenAFS] Apache2 and openafs

Garrett Wollman wollman@csail.mit.edu
Tue, 8 Jul 2014 18:48:06 -0400

<<On Tue, 8 Jul 2014 14:10:14 +0200, Georg Sluyterman <georg@sman.dk> said:

> What is the preferred way to run apache2 and ensure that it has a valid =
> token? Is there a working script for /etc/init.d that works well, or =
> perhaps something for djb daemontools?=20

Well, we modified the Debian rc script to:

1) Create its own PAG by changing the shebang line to invoke pagsh,

2) Run k5start as a daemon in that PAG,

3) Start apache in that PAG.

On shutdown it simply stops both the k5start daemon and apache.  I
don't promise that this is the best way to do it; I'd rather have an
Apache module that did it, in all honesty, but don't have the
developer resources to do that.

(I'd actually like to have Apache be capable of running dynamic
content in a separate PAG under a separate user identity, similar to
how it can be made to work for the regular Unix authorization model.
Then each user could get a separate instance for their content.  On
the other hand, it seems unlikely that we'll still be doing shared
hosting from AFS in five years' time.)