Re: [modauthkerb] Cannot retrieve KRB5CCNAME if logged in with kerberos ticket

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Maybe you are hitting this bug?

https://bugzilla.redhat.com/show_bug.cgi?id=687975 
mod_auth_kerb using krb5passwd and keepalive and credential delegation
loses delegation after first request on connection

On Mon, 2012-08-27 at 17:29 -0400, Mauricio Tavares wrote:
> Quick-n-easy question: I have my apache virtual host configured to use
> kerberos authentication:
> 
>         <Location />
>                 AuthType KerberosV5
>                 KrbAuthRealms DOMAIN.COM
>                 KrbServiceName HTTP
>                 Krb5Keytab /etc/apache2/krb5.keytab
>                 KrbMethodNegotiate on
>                 KrbMethodK5Passwd on
>                 KrbAuthoritative off
>                 KrbSaveCredentials on
>                 Require valid-user
>         </Location>
> 
> And then I created the following test page:
> 
> <html>
> <head>
>         <title>PHP Test</title>
> </head>
> <body>
>         <h1>PHP Kerberos Test</h1>
> <?php
>         echo "user = {$_SERVER['PHP_AUTH_USER']}<br/>";
>         echo "REMOTE_USER={$_SERVER['REMOTE_USER']}<br/>";
>         putenv("KRB5CCNAME={$_SERVER['KRB5CCNAME']}");
>         echo "KRB5CCNAME={$_SERVER['KRB5CCNAME']}<br/>";
> 
>         exit();
> ?>
>   </body>
> </html>
> 
> And I have mod_auth_kerb php5 modules enabled in apache. When I try to
> connect to the above test page using a kerberos ticket, I do see the
> PHP_AUTH_USER and REMOTE_USER (which are the same). But I get nothing
> in KRB5CCNAME. Now, if I destory my kerberos ticket and login using
> kerberos user/pw, At first I do get the filename associated with
> KRB5CCNAME. But, if I wait less than 15s to refresh the page, I get
> nothing for KRB5CCNAME; if I wait more than 15s, I will get the
> filename for KRB5CCNAME.
> 
> Does anyone know what I may be doing wrong?
> 
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> modauthkerb-help mailing list
> modauthkerb-help@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/modauthkerb-help



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux