Started January 19th, 2007. The goal of the project is to develop an open-source, enterprise-class "AFS WebDAV" gateway to provide Kerberos authenticated, high-efficiency AFS sessions without the OpenAFS client via an unprivileged gateway server.
Deployed at https://webdav-test.mit.edu/.
Use lighttpd as a WebDAV backend with an Apache-based front-end handler and authorizer. The following extra Apache modules are critical:
- with a negotiate delegation patch
Bad ideas using other WebDAV backends
These other implementations still minimally consist of a Apache + mod_ssl core. Both of these ideas were abandoned after sufficient experimentation.
- requires terrible dependence on sudo and setuid programs for securing operations
The privilege separation of this model can hardly be defended. This coupled with complicating FIFO pass-throughs made v.A an instructive learning experience but should not be explored further.
- stateless; extremely inefficient producing noticeable client-side delays
Browsing a folder (with most GUI clients) often spawns an arsenal of subrequests on the order of the number of items in the folder to retrieve additional properties on member items. Since mod_waklog's design performs a full kinit->aklog->pag_I/O->unlog->kdestroy sequence on every request, these kinds of client operations incur significant delays and ruin the end-user experience.