By enabling AFS authorization you give users the ability to access files and directories stored in the AFS filespace directly from their Web browsers. The user will be prompted for userid and password to gain access to this location and AFS will provide the authentication.
Specify this parameter only if this location exists on a cell other than the default cell specified in SetAFSDefaultCell.
Example:
SetAFSDeaultCell webc |
SetAFSCacheExpiration 300 |
SetAFSTokenExpiration 600 |
SetAFSAccessLog /usr/HTTP/logs/forbiddenlog |
SetAFSDebugLevel 50 |
<location /afs> <Location /afs> |
AFSAuthType AFS |
AFSDefaultCell mycellname |
AFSLoginPrompt [admin@<%cmycellname>] |
</Location> |
To customize the authorization dialog box that is displayed when a user attempts to access the AFS file space via a Web browser, add the line AFSLoginPrompt Custom_Text directly below the line AFSAuthType AFS in the Location directive added in the previous step. (Custom_Text is the text that you want to appear in the dialog box that prompts users to enter an AFS user name and password to access the AFS filespace).
You can include the following expressions to further customize the text that appears in the authorization dialog box. The expressions must be provided as part of the Custom_Text in angle brackets (<>).
yourcompany.com
is presented with an authorization dialog box
that says: AFS Login for /afs/yourcompany.com.
AFS Login for
/afs/yourcompany.com/
If you choose, you can also provide alternate text to display if an expression cannot be displayed. To do this, specify the alternate text immediately after the expression and within the angle brackets. For example, <%ccellname> is displayed as the AFS cell name where the file resides, unless that information cannot be determined, in which case the word "cellname" is displayed instead.
Enter the name of the default AFS cell to be accessed via the Apache server and the AFS Web Security Pack, for example yourcompany.com. (If a user attempts to access a file or directory in an AFS cell other than the default cell from a Web browser, the user must specify the foreign cell name as part of the username when authenticating to AFS, for example smith@anothercompany.com.)
Enter the maximum lifetime in seconds of an AFS token that is stored in the local cache or accept the default recommendation of 300 seconds (5 minutes).
Enter the maximum lifetime in seconds of an AFS token that is stored in the AFS kernel Cache Manager or accept the default recommendation of 600 seconds (10 minutes).
Specify the full pathname of the AFS Web Security Pack weblog_starter program, including the "weblog_starter" file name.
Specify the full path of the log file in which failed access attempts are to be recorded. By logging attempts to access AFS in which permission is denied, you can attempt to determine if users are attempting to access information that they are not authorized to view.
To enable logging of attempts to access AFS in which permission is denied.