Hi All, I'm working on a hosting environment for our campus, the foundation of which is OpenAFS. I had previously configured the environment using waklog and mpm-itk for isolating each virtual host's processes by launching them with their assigned AFS identity and UNIX uid. This worked well, but I was asked to add PHP APC support (for those unfamiliar with it PHP APC does byte code and key/value caching). With mod_php the APC cache is shared all virtual hosts which is just ripe for disaster as any virtual host can view and modify the cached entries of another.
I've devised another approach, dropping the mpm-itk patches and using suEXEC and fastcgi for php instead. I need to use fastcgi so that the php interpreter stays alive and the APC cache has some persistence between requests. The one piece to the puzzle that I'm missing is having fastcgi obtain AFS tokens. Because the fastcgi processes aren't spawned by the httpd worker handling the request waklog isn't able to pass along any credentials. This is a problem. Has anybody encountered this situation and come up with a working solution? My current approach involves patching suexec and fastcgi to pass extra arguments that indicate which kerb principal to use for obtaining tokens, but I'm really not thrilled about it as its something I highly doubt would be accepted upstream. Thanks! -Aaron -- Aaron Knister Systems Administrator Division of Information Technology University of Maryland, Baltimore County [email protected]
