Re: [modauthkerb] Cannot retrieve KRB5CCNAME if logged in with kerberos ticket

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Aug 27, 2012 at 7:14 PM, Benjamin Kahn <xkahn@xxxxxxxxx> wrote:
> Maybe you are hitting this bug?
>
> https://bugzilla.redhat.com/show_bug.cgi?id=687975
> mod_auth_kerb using krb5passwd and keepalive and credential delegation
> loses delegation after first request on connection
>
      Good question, because it sure looks rather similar.

> On Mon, 2012-08-27 at 17:29 -0400, Mauricio Tavares wrote:
>> Quick-n-easy question: I have my apache virtual host configured to use
>> kerberos authentication:
>>
>>         <Location />
>>                 AuthType KerberosV5
>>                 KrbAuthRealms DOMAIN.COM
>>                 KrbServiceName HTTP
>>                 Krb5Keytab /etc/apache2/krb5.keytab
>>                 KrbMethodNegotiate on
>>                 KrbMethodK5Passwd on
>>                 KrbAuthoritative off
>>                 KrbSaveCredentials on
>>                 Require valid-user
>>         </Location>
>>
>> And then I created the following test page:
>>
>> <html>
>> <head>
>>         <title>PHP Test</title>
>> </head>
>> <body>
>>         <h1>PHP Kerberos Test</h1>
>> <?php
>>         echo "user = {$_SERVER['PHP_AUTH_USER']}<br/>";
>>         echo "REMOTE_USER={$_SERVER['REMOTE_USER']}<br/>";
>>         putenv("KRB5CCNAME={$_SERVER['KRB5CCNAME']}");
>>         echo "KRB5CCNAME={$_SERVER['KRB5CCNAME']}<br/>";
>>
>>         exit();
>> ?>
>>   </body>
>> </html>
>>
>> And I have mod_auth_kerb php5 modules enabled in apache. When I try to
>> connect to the above test page using a kerberos ticket, I do see the
>> PHP_AUTH_USER and REMOTE_USER (which are the same). But I get nothing
>> in KRB5CCNAME. Now, if I destory my kerberos ticket and login using
>> kerberos user/pw, At first I do get the filename associated with
>> KRB5CCNAME. But, if I wait less than 15s to refresh the page, I get
>> nothing for KRB5CCNAME; if I wait more than 15s, I will get the
>> filename for KRB5CCNAME.
>>
>> Does anyone know what I may be doing wrong?
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> modauthkerb-help mailing list
>> modauthkerb-help@xxxxxxxxxxxxxxxxxxxxx
>> https://lists.sourceforge.net/lists/listinfo/modauthkerb-help
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux