tute.mit.edu: overview
This is a draft. --a.s. 7-23-98
tute.mit.edu is an IS-supported
webserver that serves pages only to
members of the MIT community.
It has some similarities to
web.mit.edu, which is also an
IS-supported webserver, but
the main difference between the two is that
web.mit.edu does
not impose any restrictions on its http connections.
tute.mit.edu serves pages only to the MIT community by restricting
http connections to browsers that are actually "at" MIT (that is,
they are connected to MITnet), and by restricting https connections
to browsers that can provide an MIT certificate.
If a browser is not at MIT, or it cannot provide an MIT certificate,
tute.mit.edu will not serve pages to it.
tute.mit.edu: Roughly How It Works
The default port for a webserver to listen on is port 80. On
tute.mit.edu, there is a daemon listening on that port that performs
the initial screening and triage of http connections.
Basically, if the connection comes from an MIT address (as determined
by the daemon), it is directed to the http daemon on the system; otherwise,
it is directed to the https daemon on the system, where the browser
will need to provide an MIT certificate. Thus, tute.mit.edu is a webserver
which serves pages only to the MIT community, since it only allows http
connections to MITnet systems, and it only allows https connections to
systems with valid MIT certificates.
Similarities between web.mit.edu and tute.mit.edu
From a browser on a system on MITnet or from a browser with an
MIT certificate, these pages should appear the
same:
- MIT homepage via web.mit.edu,
which has no special restrictions on http connections; this link
should succeed for any browser
- MIT homepage via tute.mit.edu,
which restricts http and https connections to the MIT community; this
link should fail for systems and users that are not part of the MIT
community
Both web.mit.edu and tute.mit.edu are IS-supported webservers, both run
customized httpd services (for example, to allow the use of MIT "locker
names" in URLs), and both are AFS clients (thus, they can easily serve
the same world-readble pages).
Differences between web.mit.edu and tute.mit.edu
The first difference between the two is that web.mit.edu imposes no special
restrictions on its http connections; it allows http connections from
anywhere. tute.mit.edu restricts its connections to members of the MIT
community.
The second difference between the two is that the webserver processes on
web.mit.edu run without any authentication in the athena.mit.edu AFS cell,
so it can only access files that are stored in AFS directories that allow
access to "system:anyuser".
tute.mit.edu is associated with the 'mitweb' AFS user, and so in addition
to files that "system:anyuser" can access, it can access files
in directories that allow access to
"mitweb". The current 'pts' entry is
athena% pts memb mitweb
Members of mitweb (id: -99253) are:
rcmd.tuscany
18.86.0.41
athena%
It is also worth noting that the https deamon on tute handles full
paths in URLs; it does not support MIT "short forms" in the way that
the http processes on both web.mit.edu and tute.mit.edu do.
Note for Owners of Web Content at MIT
See the cwis-provided guides for
writing HTML that makes effective use of MIT web services, including
using tute.mit.edu to restrict access to the MIT community.
Note for MIT People and Access to Web Content
You can find how to get an
MIT certificate, and we are working on a document describing
how to use them. [I might also say something about AFS acls here and
access via file://, but maybe it'd be confusing...]
Other documentation
See also:
- Goal and
Design, which led to implementation on tute.mit.edu
- Technical
Considerations, which also affected the implementation on
tute.mit.edu
- Sources, binaries, configuration files and installation guidelines
will be found in the
wwwprod locker
salemme@mit.edu
Last updated
$Date: 1999/02/04 16:43:32 $ GMT