Andrew Mickish <[EMAIL PROTECTED]> wrote:
}At Vanderbilt we are starting the transition to serve web files from AFS
}rather than the web server's local disk. A couple of questions have come up,
}such as using symbolic links to AFS vs. defining script aliases in the web
}server configuration file, and how to provide secure http access to files
}that apparently need system:anyuser rl permissions in AFS (thereby allowing
}an AFS user to circumvent the web security just by cd'ing to the file).
}
}Do anyone have policies, procedures, or suggestions that would help us
}make this transition? Your advice is most appreciated.
We've modified our httpd to acquire a kerberos tickets
(from a srvtab) and a PAG and then aklog so it accesses
files as the user 'www'. This is using MIT's Kerberos
server rather than Transarc's kaserver, FWIW.
John
--
John Hascall, Software Engr. Shut up, be happy. The conveniences you
ISU Computation Center demanded are now mandatory. -Jello Biafra
[EMAIL PROTECTED]
http://www.cc.iastate.edu/staff/systems/john/welcome.html <-- the usual crud
