[OpenAFS] httpd -setpag problems?!

Thu, 10 Jul 2008 22:54:16 -0700 

hi guys,

i followed the "Distributed Services with OpenAFS" book instructions to set
up a keytab file for web server. it worked for while in scientific linux 4.

recently, i would like to reconfigure web server in scientific linux 5. but
this time the web server can not work. i believe i did the exactly what i
did before. following are my environment:

i generated *http.lesoleil.tiara.sinica.edu.tw* a keytab.

##### set "http.lesoleil.tiara.sinica.edu.tw" in *webservers* group.
pts membership webservers
Members of webservers (id: -400) are:
  http.lesoleil.tiara.sinica.edu.tw

##### grant *webservers* has "rlidwk" rights
[EMAIL PROTECTED] Sites]# fs listacl .
Access list for . is
Normal rights:
  webservers rlidwk
  system:backup rl
  system:administrators rlidwka
  xxxxx rlidwka

##### i verified *http.lesoleil.tiara.sinica.edu.tw* to access the web page
folders. it could access through keytab.
kinit -l 1d -k -t /etc/httpd/conf/http.keytab HTTP/
lesoleil.tiara.sinica.edu.tw
aklog

[EMAIL PROTECTED] ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: HTTP/[EMAIL PROTECTED]

Valid starting     Expires            Service principal
07/11/08 12:05:32  07/12/08 12:08:56  krbtgt/TIARA.SINICA.EDU.TW@
TIARA.SINICA.EDU.TW
07/11/08 12:05:38  07/12/08 12:08:56  [EMAIL PROTECTED]

Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
[EMAIL PROTECTED] ~]# tokens

Tokens held by the Cache Manager:

User's (AFS ID 402) tokens for [EMAIL PROTECTED] [Expires Jul 12
12:08]
   --End of list--

[EMAIL PROTECTED] Sites]# touch test

BUT, i modify "/etc/rc.d/init.d/httpd" file as  following :
(omit)
PRE_CMD1="/usr/kerberos/bin/kinit -l 1d -k -t /etc/httpd/conf/http.keytab
HTTP/lesoleil.tiara.sinica.edu.tw"
PRE_CMD2="/usr/bin/aklog -d -setpag"
POST_CMD="/usr/kerberos/bin/kdestroy"
(omit)
start() {
        echo -n $"Starting $prog: "
        check13 || exit 1
        $PRE_CMD1 ; $PRE_CMD2
        LANG=$HTTPD_LANG daemon $httpd $OPTIONS
        RETVAL=$?
        echo
        [ $RETVAL = 0 ] && touch ${lockfile}
        $POST_CMD
        return $RETVAL
}
(omit)

restart the httpd. apache could not get the tokens. it allways compains

(13)Permission denied: /home/xxxxx/Sites/.htaccess pcfg_openfile: unable to
check htaccess file, ensure it is readable

i use openafs-client-1.4.7-68.SL5.x86_64 and kernel verion is
2.6.18-92.1.6.el5.

could any one help me to debug this? thanks a million!!

best, sam

-- 
Sam Tseng
Academia Sinica
Institute of Astronomy and Astrophysics
Tel.: +886-2-33652200 ext 742
Fax: +886-2-23677849

Reply via email to