X-Git-Url: https://sipb.mit.edu/gitweb.cgi/wiki.git/blobdiff_plain/b3725891cd0bb6d80471552a3acdc10a80628fda..6d684f44d9a0ebb6857da0cfb8496d4f1e0f7ecf:/doc/afs-and-you.html diff --git a/doc/afs-and-you.html b/doc/afs-and-you.html index 2deaf64..d2934c4 100644 --- a/doc/afs-and-you.html +++ b/doc/afs-and-you.html @@ -19,7 +19,7 @@
-If you make a directory listable and readable by system:anyuser then it can be viewed by any user on the web via the UTLs mentioned above +If you make a directory listable and readable by system:anyuser then it can be viewed by any user on the web via the URLs mentioned above
Unfortunately, adding specific users to an AFS ACL does not mean they can see the folder when they access it from the web. IS&T, however, does provide a solution to this. First, make sure that the wanted directory is not readable by system:anyuser. Create a file named .htaccess.mit in that directory. In that file you can do one of three things,
<limit GET> - require valid-user - </limit> +require valid-user
<limit GET> - require user fawkes jflorey sipbtest jarandom - </limit> - +require user fawkes jflorey sipbtest jarandom
<limit GET> - require group sipb-staff sipb-prospectives - </limit> +require group sipb-staff sipb-prospectives
Note that you cannot mix users and groups in the same directory
. @@ -250,7 +243,7 @@ Thereafter, the users should be able to get to the folders at https:/ see also: http://ist.mit.edu/services/web/reference/web-resources/httpsThere are two likely possibilities. First, its likely that your tokens may have expired. You can check this by running tokens. If they are, in fact, expired (or missing) get new tokens as follows: first, make sure you have valid kerberos tickets and then run aklog. Another possibility is that you have tokens but not for the correct cell. tokens will tell you what tokens you already have. In all likelihood, if you are reading this, you probably want aklog athena sipb. Finally, a third possibility is that your group membership has changed since you acquired tokens. Try running aklog -force