On Jan 27, 1:13pm, Michael R. Beddingfield wrote:
> Subject: Web Server and AFS
> We are currently planning to bring up a Web server for the first time.
> I know we are a bit behind the curve on this, but I work for a very
> conservative company! Anyway, we are planning to locate our Web pages
> in AFS, and the Web server will have to have access to this space.
>
> We think that we can use just one server to access these pages, but we
> would also like to have some of the pages accessible to only some
> people, and we don't mind having them enter a password to access these
> pages.
>
> Now, has anyone had experience authenticating to AFS from a Web server?
> The thought being that if we can acquire a token for the Web user, then
> we can use ACLs to secure our Web pages that have sensitive info in
> them?
>
> Any help on this would be greatly appreciated!!!
>-- End of excerpt from Michael R. Beddingfield
The way I've seen this done is to run the server with access privs
(either by running the web server software on a host which is given
IP based AFS group access or by a re-auth AFS token for the server
process and children). Then you can just use the web server password
access protection mechanism since system:anyuser wouldn't have access
anymore. Ofcourse if everyone who'll need access is using afs clients
then it's possible to just use file://localhost/afs/<cell>/<rest-of-path>
style URLs to the docs protected by normal AFS means so long as they're
browser is running AFS authenticated because of their token.
--
Lou Langholtz (http://www.cs.utah.edu/~ldl/)
