Copyright 2000, International Business Machines Corporation and others. All Rights Reserved. This software has been released under the terms of the IBM Public License. For details, see the LICENSE file in the top-level source directory or online at http://www.openafs.org/dl/license10.html Installation instructions for Apache AFS Web Secure (Version 1 for Apache version 1.2.6) Prerequisites:- Ensure the following files exist:- - weblog - weblog_starter - libapacheafs.a - mod_afs.c In addition to these you should know the location of the AFS library libsys.a The mod_afs.c file should be in the apache src directory with all the other module files. weblog and weblog_starter should be in the same directory - this could be any directory (preferably outside AFS - if it is in AFS then system:anyuser should have the appropriate ACL on that directory). Editing the following files in the apache src and conf directories:- 1. Configuration (or the current Configuration file) EXTRA_LIBS= libapacheafs.a libsys.a NOTE - specify the full path of these libraries - libsys.a is probably in /usr/afsws/lib/afs/libsys.a and you can put libapacheafs.a wherever you want. At the end of the configuration file where the modules are add Module afs_module mod_afs.o Optional: if you want the server to attempt to stop completely if AFS initialization fails then add -DSHUTDOWN_IF_AFS_FAILS to the EXTRA_CFLAGS line. Otherwise, on startup if the initialization procedure fails, the apache server will continue running but AFS authentication will always fail. 2. httpd.conf (or whatever configuration file the server uses on startup with the -f flag) NOTE: ensure that you provide the entire path for the ErrorLog and PidFile Directives instead of attempting to have apache prepend ServerRoot. See below for an explanation of arguments to these Apache Directives. SetAFSDefaultCell [cell] SetAFSMountpointDir [dir] SetAFSCacheExpiration [time] SetAFSTokenExpiration [time] SetAFSWeblogPath [path] SetAFSLocation [loc] > SetHandler afs-Authentication AllowOverride None NOTE:- SetAFSLocation should be the same as the Location and should be a path relative to the server-document-root NOTE: loc and dir should *NOT* be the same. There should be no symbolic link, file or directory in the DocumentRoot directory with the same name as the loc directive. cell: REQUIRED directive. Default AFS cell name. This cell will be used unless the user specifies a different cell by using the user@cellname syntax when prompted for a username and password. REQUIRED OPTION. dir: REQUIRED directive. Path to the directory or symbolic link relative to the server document root directory where the AFS cell mount points are. If you want symbolic links to be followed make sure you have the Options FollowSymLinks directive set. time: OPTIONAL directive Seconds for AFS token cache expiration (cacheExpiration is for the local cache and tokenExpiration is for the AFS kernel cache manager). path: REQUIRED directive. The full or relative (to server binary) path for weblog binary. loc: REQUIRED directive. Some location relative to the server root MAKE SURE THAT THERE DOESN"T ALREADY EXIST A DIRECTORY BY THIS SAME NAME. This should be the same (case sensitive) as the argument to the Location directive. Eg. /afs Configure and make apache and start it up with the new config file. NOTE: Add the following to the shutdown or stopd file to shutdown the weblog_starter process BEFORE the kill -TERM for httpd.pid kill -TERM `cat .afs` Eg. if the httpd.pid file is in /local/stronghold/apache/logs/httpd.pid then the stopd file should look something like this kill -TERM `cat /local/stronghold/apache/logs/httpd.pid.afs` kill -TERM `cat /local/stronghold/apache/logs/httpd.pid` POINTERS TO APACHE AND SSL:- 1. Apache Home Page http://www.apache.org 2. Stronghold Home: http://www.c2.net International: http://www.int.c2.net 3. Apache-SSL Home: http://www.apache-ssl.org 4. SSLeay FAQ http://www.psy.uq.edu.au:8080/~ftp/Crypto/