[OpenAFS] Java AFS API?
We have a Java servlet that is currently pulling data from AFS and treating it like local disk or an NFS mount. Is this the best way to do this? Is there a Java API or some way for servlets to access AFS directly? For this application, we have AFS set to not need tokens (via an internal host acl). ...Chris -- Chris Kurtz, [EMAIL PROTECTED] Systems Manager Mars Space Flight Facility Arizona State University ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Java AFS API?
On Jul 10, 2008, at 4:29 PM, Chris Kurtz wrote: We have a Java servlet that is currently pulling data from AFS and treating it like local disk or an NFS mount. Is this the best way to do this? Is there a Java API or some way for servlets to access AFS directly? For this application, we have AFS set to not need tokens (via an internal host acl). That's the best thing to do -- you should run your JVM within a a PAG that has tokens to provide it with some authentication, though. -rob ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] httpd -setpag problems?!
hi guys,
i followed the Distributed Services with OpenAFS book instructions to set
up a keytab file for web server. it worked for while in scientific linux 4.
recently, i would like to reconfigure web server in scientific linux 5. but
this time the web server can not work. i believe i did the exactly what i
did before. following are my environment:
i generated *http.lesoleil.tiara.sinica.edu.tw* a keytab.
# set http.lesoleil.tiara.sinica.edu.tw in *webservers* group.
pts membership webservers
Members of webservers (id: -400) are:
http.lesoleil.tiara.sinica.edu.tw
# grant *webservers* has rlidwk rights
[EMAIL PROTECTED] Sites]# fs listacl .
Access list for . is
Normal rights:
webservers rlidwk
system:backup rl
system:administrators rlidwka
x rlidwka
# i verified *http.lesoleil.tiara.sinica.edu.tw* to access the web page
folders. it could access through keytab.
kinit -l 1d -k -t /etc/httpd/conf/http.keytab HTTP/
lesoleil.tiara.sinica.edu.tw
aklog
[EMAIL PROTECTED] ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: HTTP/[EMAIL PROTECTED]
Valid starting ExpiresService principal
07/11/08 12:05:32 07/12/08 12:08:56 krbtgt/TIARA.SINICA.EDU.TW@
TIARA.SINICA.EDU.TW
07/11/08 12:05:38 07/12/08 12:08:56 [EMAIL PROTECTED]
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
[EMAIL PROTECTED] ~]# tokens
Tokens held by the Cache Manager:
User's (AFS ID 402) tokens for [EMAIL PROTECTED] [Expires Jul 12
12:08]
--End of list--
[EMAIL PROTECTED] Sites]# touch test
BUT, i modify /etc/rc.d/init.d/httpd file as following :
(omit)
PRE_CMD1=/usr/kerberos/bin/kinit -l 1d -k -t /etc/httpd/conf/http.keytab
HTTP/lesoleil.tiara.sinica.edu.tw
PRE_CMD2=/usr/bin/aklog -d -setpag
POST_CMD=/usr/kerberos/bin/kdestroy
(omit)
start() {
echo -n $Starting $prog:
check13 || exit 1
$PRE_CMD1 ; $PRE_CMD2
LANG=$HTTPD_LANG daemon $httpd $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ] touch ${lockfile}
$POST_CMD
return $RETVAL
}
(omit)
restart the httpd. apache could not get the tokens. it allways compains
(13)Permission denied: /home/x/Sites/.htaccess pcfg_openfile: unable to
check htaccess file, ensure it is readable
i use openafs-client-1.4.7-68.SL5.x86_64 and kernel verion is
2.6.18-92.1.6.el5.
could any one help me to debug this? thanks a million!!
best, sam
--
Sam Tseng
Academia Sinica
Institute of Astronomy and Astrophysics
Tel.: +886-2-33652200 ext 742
Fax: +886-2-23677849
