Andrew Mickish wrote:
>
> At Vanderbilt we are starting the transition to serve web files from AFS
> rather than the web server's local disk. A couple of questions have come up,
> such as using symbolic links to AFS vs. defining script aliases in the web
> server configuration file, and how to provide secure http access to files
> that apparently need system:anyuser rl permissions in AFS (thereby allowing
> an AFS user to circumvent the web security just by cd'ing to the file).
>
> Do anyone have policies, procedures, or suggestions that would help us
> make this transition? Your advice is most appreciated.
>
> --Andrew Mickish
> http://www.mc.vanderbilt.edu/~mickish/
Like Iowa State, we also hacked httpd to authenticate to the ka server,
but with a slight twist. We make every user authenticate right now. We
want to allow public info to be available without a login, and will
probably do what Iowa did for the server to get around the
system:anyuser problem for these files.
BTW: We are using AFS's KA server...Mic
