Christopher D. Clausen wrote: > Adam Chlipala <[EMAIL PROTECTED]> wrote: > >> Christopher D. Clausen wrote: >> >>> I don't think its going to be possible to have resonable apache >>> performance and still be able to have apache acquire tickets based on >>> host headers for seperate sites. >>> >> I suspect it wouldn't be much of a problem to suexec without picking >> up AFS tickets. My guess is that most dynamic content programs >> wouldn't try to write to home directories, and database access would >> work fine. For the (I hope) relatively few cases where this wouldn't >> work, could we just ask members to run k5start instances? >> > > You mean share AFS read access? Sounds good to me, but then any user > could potentially read any other users database passwords, but I don't > see a good, easy way around that. > No, I mean start with no AFS rights beyond what system:anyuser gets. No databases passwords are involved with Postgres, since ident authentication is completely reliable on a network we control. The world of MySQL would certainly be murkier.
_______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
