Protecting a Web Directory via Certificates - more technical background
Context
You have a web directory, and you want to use certificates to limit who has access.
The basic instructions are here: Web Publishing - Access privileges on web.mit.edu. A more technical explanation of how it works follows.
Protecting a Directory
In order to certificate-protect a directory, you need to do some setup with "fs sa", and also some setup with a .htaccess.mit file. "fs sa" controls what the AFS server will allow you to do. .htaccess.mit controlls what the web.mit.edu server will allow you to do. - You use "fs sa" to ensure that your authors have "rlidwka" permisson, which will let you upload new web pages and administer the file. - You use "fs sa" to ensure that the group "system:anyuser" has no permission, to make sure that people can't sneak in behind your back and read the files straight out of AFS, bypassing the web server. - You use "fs sa" to ensure that the group "system:htaccess.mit" (the web.mit.edu servers) has "rl" permission, which lets the web servers read the HTML code in your files. - Because the web server has "rl" permission, it can read the files and can show them to people who go to http://web.mit.edu/.../ You use the .htaccess.mit file to give the web server instructions about who it is allowed to show the files to. So... If you want members of "museum-photos" to be able to see the files via http://web.mit.edu/museum/photos/ , then yes, you need to put require group museum-photos into the .htaccess.mit file, which will instruct the web server to check certificates and only show the pages to the right people. But you also need to use "fs sa" to set things up so that the web server can read the files, and so that you can update the files.