[OpenAFS] mod_waklog question

Jason Edgecombe jwedgeco@uncc.edu
Mon, 24 Jul 2017 08:13:10 -0400 

--f403045e36ccd2130905550f25ab
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Andreas,

=E2=80=8BI'm glad that you solved the problem and got things to work.=E2=80=
=8B

Jason

---------------------------------------------------------------------------
Jason Edgecombe | Linux Administrator
UNC Charlotte | The William States Lee College of Engineering
9201 University City Blvd. | Charlotte, NC 28223-0001
Phone: 704-687-1943
jwedgeco@uncc.edu | http://engr.uncc.edu |  Facebook
---------------------------------------------------------------------------
If you are not the intended recipient of this transmission or a person
responsible for delivering it to the intended recipient, any disclosure,
copying, distribution, or other use of any of the information in this
transmission is strictly prohibited. If you have received this transmission
in error, please notify me immediately by reply e-mail or by telephone at
704-687-1943.  Thank you.

On Mon, Jul 24, 2017 at 4:21 AM, Andreas Ladanyi <andreas.ladanyi@kit.edu>
wrote:

> Hi Jason,
>
> i want to feedback that i found the issue in the past.
>
> The problem was that not all subdirectories were set with the AFS apache
> username and rl permission because i was using "fs sa ...." instead "find
> .... -type d -exec fs sa .... ".
>
> So now it seems to work :-)
>
> thanks and regards,
> Andreas
>
> Andreas,
>
> Try modifying your systemd unit file to add the "-t" parameter as follows=
:
>
> ExecStart=3D/usr/bin/k5start -o apache -K30 -t -f /etc/httpd.keytab
> httpd-principal-name -- /usr/sbin/httpd $OPTIONS -DFOREGROUND
>
>
> The "-t" option runs the aklog command to grab tokens. I don't use this
> because my AFS folders are granted via IP ACLs and the kerberos credentia=
ls
> are only used for accessing kerberized SMB shares.
>
> i already used the -t option.
>
>
> Sincerely,
> Jason
>
>
>

--f403045e36ccd2130905550f25ab
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:arial,he=
lvetica,sans-serif">Hi Andreas,</div><div class=3D"gmail_default" style=3D"=
font-family:arial,helvetica,sans-serif"><br></div><div class=3D"gmail_defau=
lt" style=3D"font-family:arial,helvetica,sans-serif">=E2=80=8BI&#39;m glad =
that you solved the problem and got things to work.=E2=80=8B</div><div clas=
s=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-serif"><br></=
div><div class=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-=
serif">Jason</div><div class=3D"gmail_extra"><br clear=3D"all"><div><div cl=
ass=3D"m_-1246046588518037395gmail_signature" data-smartmail=3D"gmail_signa=
ture"><div dir=3D"ltr">------------------------------<wbr>-----------------=
-------------<wbr>---------------<br>
Jason Edgecombe | Linux Administrator<br>
UNC Charlotte | The William States Lee College of Engineering<br>
9201 University City Blvd. | Charlotte, NC 28223-0001<br>
Phone: <a href=3D"tel:704-687-1943" value=3D"+17046871943" target=3D"_blank=
"><span>704</span>-<span>687</span>-<span>1943</span></a><br>
<a href=3D"mailto:jwedgeco@uncc.edu" target=3D"_blank">jwedgeco@uncc.edu</a=
> | <a href=3D"http://engr.uncc.edu" target=3D"_blank">http://engr.uncc.edu=
</a> | =C2=A0Facebook<br>
------------------------------<wbr>------------------------------<wbr>-----=
----------<br>
If you are not the intended recipient of this transmission or a person=20
responsible for delivering it to the intended recipient, any disclosure,
 copying, distribution, or other use of any of the information in this=20
transmission is strictly prohibited. If you have received this=20
transmission in error, please notify me immediately by reply e-mail or=20
by telephone at<br>
<a href=3D"tel:704-687-1943" value=3D"+17046871943" target=3D"_blank"><span=
>704</span>-<span>687</span>-<span>1943</span></a>.=C2=A0 Thank you.</div><=
/div></div>
<br><div class=3D"gmail_quote">On Mon, Jul 24, 2017 at 4:21 AM, Andreas Lad=
anyi <span dir=3D"ltr">&lt;<a href=3D"mailto:andreas.ladanyi@kit.edu" targe=
t=3D"_blank">andreas.ladanyi@kit.edu</a>&gt;</span> wrote:<br><blockquote c=
lass=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;=
padding-left:1ex">
 =20
   =20
 =20
  <div text=3D"#000000" bgcolor=3D"#FFFFFF">
    <div class=3D"m_-1246046588518037395m_-7759126731290467022moz-cite-pref=
ix">Hi Jason,<br>
      <br>
      i want to feedback that i found the issue in the past.<br>
      <br>
      The problem was that not all subdirectories were set with the AFS
      apache username and rl permission because i was using &quot;fs sa ...=
.&quot;
      instead &quot;find .... -type d -exec fs sa .... &quot;.<br>
      <br>
      So now it seems to work :-)<br>
      <br>
      thanks and regards,<br>
      Andreas<br>
      <br>
    </div><span>
    <blockquote type=3D"cite">
      <div dir=3D"ltr">
        <div class=3D"gmail_default" style=3D"font-family:arial,helvetica,s=
ans-serif">Andreas,</div>
        <div class=3D"gmail_default" style=3D"font-family:arial,helvetica,s=
ans-serif"><br>
        </div>
        <div class=3D"gmail_default" style=3D"font-family:arial,helvetica,s=
ans-serif">Try modifying
          your systemd unit file to add the &quot;-t&quot; parameter as fol=
lows:</div>
        <div class=3D"gmail_default" style=3D"font-family:arial,helvetica,s=
ans-serif">
          <blockquote type=3D"cite" style=3D"font-family:arial,sans-serif;f=
ont-size:12.8px">
            <div dir=3D"ltr">
              <div class=3D"gmail_default">
                <div class=3D"gmail_default"><font face=3D"arial, helvetica=
,
                    sans-serif">ExecStart=3D/usr/bin/k5start -o apache
                    -K30 -t -f /etc/httpd.keytab httpd-principal-name --
                    /usr/sbin/httpd $OPTIONS -DFOREGROUND</font></div>
              </div>
            </div>
          </blockquote>
        </div>
        <div class=3D"gmail_default" style=3D"font-family:arial,helvetica,s=
ans-serif"><br>
        </div>
        <div class=3D"gmail_default" style=3D"font-family:arial,helvetica,s=
ans-serif">The &quot;-t&quot; option
          runs the aklog command to grab tokens. I don&#39;t use this
          because my AFS folders are granted via IP ACLs and the
          kerberos credentials are only used for accessing kerberized
          SMB shares.</div>
      </div>
    </blockquote></span>
    i already used the -t option.<br>
    <blockquote type=3D"cite">
      <div dir=3D"ltr">
        <div class=3D"gmail_default" style=3D"font-family:arial,helvetica,s=
ans-serif"><br>
        </div>
        <div class=3D"gmail_default" style=3D"font-family:arial,helvetica,s=
ans-serif">Sincerely,</div>
        <div class=3D"gmail_default" style=3D"font-family:arial,helvetica,s=
ans-serif">Jason</div>
      </div>
    </blockquote>
    <br>
  </div>

</blockquote></div><br></div></div>

--f403045e36ccd2130905550f25ab--