[OpenAFS] Apache2 and OpenAFS
Daria Phoebe Brashear
dariaphoebe@your-file-system.com
Sat, 10 Oct 2015 09:33:51 -0400
--001a1130c35699fe4d0521c025b9
Content-Type: text/plain; charset=UTF-8
On debian i'm using k5start run from /etc/default/apache2, in a mode where
it gets (and renews) tokens as the www-data user, PAG-less. if you want to
use a PAG, you need to wrap both the token-getting *and* the httpds in the
same PAG; one way would be to replace the sh script which launches
everything with a pagsh script. There are also wrappers that exist. In
either case you need to deal with making sure the changes stay in place
when you update packages
On Wed, Oct 7, 2015 at 6:43 AM, Andreas Ladanyi <andreas.ladanyi@kit.edu>
wrote:
> Hi,
>
> i have OpenAFS volumes / mounts which contains Apache web content.
>
> My question is which is the easiest way to get tgt/token/PAG for the
> apache user so the apache could access to the web content in the AFS
> volume.
>
> I read that one way is to use pagsh to get an authentification object
> (pag) without login.
>
>
> regards,
> Andreas
>
>
--001a1130c35699fe4d0521c025b9
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">On debian i'm using k5start run from /etc/default/apac=
he2, in a mode where it gets (and renews) tokens as the www-data user, PAG-=
less. if you want to use a PAG, you need to wrap both the token-getting *an=
d* the httpds in the same PAG; one way would be to replace the sh script wh=
ich launches everything with a pagsh script. There are also wrappers that e=
xist. In either case you need to deal with making sure the changes stay in =
place when you update packages<br></div><div class=3D"gmail_extra"><br><div=
class=3D"gmail_quote">On Wed, Oct 7, 2015 at 6:43 AM, Andreas Ladanyi <spa=
n dir=3D"ltr"><<a href=3D"mailto:andreas.ladanyi@kit.edu" target=3D"_bla=
nk">andreas.ladanyi@kit.edu</a>></span> wrote:<br><blockquote class=3D"g=
mail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-l=
eft:1ex">Hi,<br>
<br>
i have OpenAFS volumes / mounts which contains Apache web content.<br>
<br>
My question is which is the easiest way to get tgt/token/PAG for the<br>
apache user so the apache could access to the web content in the AFS<br>
volume.<br>
<br>
I read that one way is to use pagsh to get an authentification object<br>
(pag) without login.<br>
<br>
<br>
regards,<br>
Andreas<br>
<br>
</blockquote></div><br></div>
--001a1130c35699fe4d0521c025b9--