[OpenAFS] Java AFS API?
We have a Java servlet that is currently pulling data from AFS and treating it like local disk or an NFS mount. Is this the best way to do this? Is there a Java API or some way for servlets to access AFS directly? For this application, we have AFS set to not need tokens (via an internal host acl). ...Chris -- Chris Kurtz, [EMAIL PROTECTED] Systems Manager Mars Space Flight Facility Arizona State University ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Java AFS API?
On Jul 10, 2008, at 4:29 PM, Chris Kurtz wrote: We have a Java servlet that is currently pulling data from AFS and treating it like local disk or an NFS mount. Is this the best way to do this? Is there a Java API or some way for servlets to access AFS directly? For this application, we have AFS set to not need tokens (via an internal host acl). That's the best thing to do -- you should run your JVM within a a PAG that has tokens to provide it with some authentication, though. -rob ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] httpd -setpag problems?!
hi guys, i followed the Distributed Services with OpenAFS book instructions to set up a keytab file for web server. it worked for while in scientific linux 4. recently, i would like to reconfigure web server in scientific linux 5. but this time the web server can not work. i believe i did the exactly what i did before. following are my environment: i generated *http.lesoleil.tiara.sinica.edu.tw* a keytab. # set http.lesoleil.tiara.sinica.edu.tw in *webservers* group. pts membership webservers Members of webservers (id: -400) are: http.lesoleil.tiara.sinica.edu.tw # grant *webservers* has rlidwk rights [EMAIL PROTECTED] Sites]# fs listacl . Access list for . is Normal rights: webservers rlidwk system:backup rl system:administrators rlidwka x rlidwka # i verified *http.lesoleil.tiara.sinica.edu.tw* to access the web page folders. it could access through keytab. kinit -l 1d -k -t /etc/httpd/conf/http.keytab HTTP/ lesoleil.tiara.sinica.edu.tw aklog [EMAIL PROTECTED] ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: HTTP/[EMAIL PROTECTED] Valid starting ExpiresService principal 07/11/08 12:05:32 07/12/08 12:08:56 krbtgt/TIARA.SINICA.EDU.TW@ TIARA.SINICA.EDU.TW 07/11/08 12:05:38 07/12/08 12:08:56 [EMAIL PROTECTED] Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [EMAIL PROTECTED] ~]# tokens Tokens held by the Cache Manager: User's (AFS ID 402) tokens for [EMAIL PROTECTED] [Expires Jul 12 12:08] --End of list-- [EMAIL PROTECTED] Sites]# touch test BUT, i modify /etc/rc.d/init.d/httpd file as following : (omit) PRE_CMD1=/usr/kerberos/bin/kinit -l 1d -k -t /etc/httpd/conf/http.keytab HTTP/lesoleil.tiara.sinica.edu.tw PRE_CMD2=/usr/bin/aklog -d -setpag POST_CMD=/usr/kerberos/bin/kdestroy (omit) start() { echo -n $Starting $prog: check13 || exit 1 $PRE_CMD1 ; $PRE_CMD2 LANG=$HTTPD_LANG daemon $httpd $OPTIONS RETVAL=$? echo [ $RETVAL = 0 ] touch ${lockfile} $POST_CMD return $RETVAL } (omit) restart the httpd. apache could not get the tokens. it allways compains (13)Permission denied: /home/x/Sites/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable i use openafs-client-1.4.7-68.SL5.x86_64 and kernel verion is 2.6.18-92.1.6.el5. could any one help me to debug this? thanks a million!! best, sam -- Sam Tseng Academia Sinica Institute of Astronomy and Astrophysics Tel.: +886-2-33652200 ext 742 Fax: +886-2-23677849