Hi. I am using Apache-2.2.2 with mod_auth_kerb-5.3, php-5.2.1, openldap-2.3.27 cyrus-sasl-2.1.21 and heindal-0.7.2 on a Linux-from-scratch based system. The problem I'm presenting is probably a PHP issue or an Apache issue, or a mod_auth_kerb issue. I could not understand which one causes the problem. I am trying to connect using SASL and GSSAPI to the LDAP server from a PHP script that runs on the Apache server. The script (in short) does the following: putenv("KRB5CCNAME=" . $_SERVER['KRB5CCNAME']); echo getenv("KRB5CCNAME"); system("klist"); $ldapconn = ldap_connect("ldap://example.org") || die(...); ldap_sasl_bind($ldapconn, NULL, NULL, "GSSAPI") || die(...); When I run the script manually from a shell that has a proper KRB5CCNAME environment variable, both the system("klist") and the ldap_sasl_bind(...) work as they should. When I run `restart Apache' and then enter to the PHP page for the first time both work as well. The KRB5CCNAME written is /tmp/krb5ccname_apache_<something> After that, each time I enter the page I get some other KRB5CCNAME (other than the one I got before), the system("klist") command works as it should, but ldap_sasl_bind returns "Local error". In this case I also get an error written to /var/log/auth. This error says that the file /tmp/krb5ccname_apache_<something> could not be found (this is the same <something> that was written by PHP after I restarted Apache). This means that the authentication process tries to use the previous file-name. I added a debug print to PHP's ldap_sasl_bind function that prints `getenv("KRB5CCNAME")' to Apache's error-log. The KRB5CCNAME written to the error-log is the same as the one PHP outputs. Not the one written to the auth log. Why isn't the KRB5CCNAME variable passed on? Which of the three (PHP, Apache, mod_auth_kerb) keeps the first KRB5CCNAME? How do I cause the new KRB5CCNAME to be used for authentication? Any ideas? Thanks, Gil Ran. P.S. I am not on the list, please cc me. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php