David Botsch <[EMAIL PROTECTED]> writes: > Here, to run apache inside a pag with tokens, we did 3 things:
> 1. edit the httpd init script to use pagsh as the shell (1st line) - > this will start apache inside its own pag and means you can service > start/restart httpd > 2. put the password for webuser in a root restricted file > 3. in the init script, pass contents of file to a program called "reauth" .. > reauth gets tokens inside pag already set up, and every x seconds, will > renew those tokens. You can do the same thing with kstart if you want, running it in daemon mode, and use a keytab rather than a password in a file, which I find more convenient to manage. The reason why we don't do this is that if you want to run your reauthenticating daemon under something like supervise, it requires setting up a separate supervise process under the PAG, which then isn't monitored by svscan, etc. It works; it was just more convenient for us to do everything out of /service. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
