IBM HTTP Server help: AFS Directives

AFS Directives

AFSAuthType

By enabling AFS authorization you give users the ability to access files and directories stored in the AFS filespace directly from their Web browsers. The user will be prompted for userid and password to gain access to this location and AFS will provide the authentication.

AFSDefaultCell

Specify this parameter only if this location exists on a cell other than the default cell specified in SetAFSDefaultCell.

Example:

SetAFSDeaultCell webc
SetAFSCacheExpiration 300
SetAFSTokenExpiration 600
SetAFSAccessLog /usr/HTTP/logs/forbiddenlog
SetAFSDebugLevel 50
 
 
<location /afs> <Location /afs>
AFSAuthType AFS
AFSDefaultCell mycellname
AFSLoginPrompt [admin@<%cmycellname>]
</Location>

AFSLoginPrompt

To customize the authorization dialog box that is displayed when a user attempts to access the AFS file space via a Web browser, add the line AFSLoginPrompt Custom_Text directly below the line AFSAuthType AFS in the Location directive added in the previous step. (Custom_Text is the text that you want to appear in the dialog box that prompts users to enter an AFS user name and password to access the AFS filespace).

You can include the following expressions to further customize the text that appears in the authorization dialog box. The expressions must be provided as part of the Custom_Text in angle brackets (<>).

If you choose, you can also provide alternate text to display if an expression cannot be displayed. To do this, specify the alternate text immediately after the expression and within the angle brackets. For example, <%ccellname> is displayed as the AFS cell name where the file resides, unless that information cannot be determined, in which case the word "cellname" is displayed instead.

SetAFSDefaultCell

Enter the name of the default AFS cell to be accessed via the Apache server and the AFS Web Security Pack, for example yourcompany.com. (If a user attempts to access a file or directory in an AFS cell other than the default cell from a Web browser, the user must specify the foreign cell name as part of the username when authenticating to AFS, for example smith@anothercompany.com.)

SetAFSCacheExpiration

Enter the maximum lifetime in seconds of an AFS token that is stored in the local cache or accept the default recommendation of 300 seconds (5 minutes).

SetAFSTokenExpiration

Enter the maximum lifetime in seconds of an AFS token that is stored in the AFS kernel Cache Manager or accept the default recommendation of 600 seconds (10 minutes).

SetAFSWeblogPath

Specify the full pathname of the AFS Web Security Pack weblog_starter program, including the "weblog_starter" file name.

SetAFSAccessLog

Specify the full path of the log file in which failed access attempts are to be recorded. By logging attempts to access AFS in which permission is denied, you can attempt to determine if users are attempting to access information that they are not authorized to view.

SetAFSDebugLevel

To enable logging of attempts to access AFS in which permission is denied.

Related Information