On Mon, Aug 27, 2012 at 7:14 PM, Benjamin Kahn <xkahn@xxxxxxxxx> wrote: > Maybe you are hitting this bug? > > https://bugzilla.redhat.com/show_bug.cgi?id=687975 > mod_auth_kerb using krb5passwd and keepalive and credential delegation > loses delegation after first request on connection > Good question, because it sure looks rather similar. > On Mon, 2012-08-27 at 17:29 -0400, Mauricio Tavares wrote: >> Quick-n-easy question: I have my apache virtual host configured to use >> kerberos authentication: >> >> <Location /> >> AuthType KerberosV5 >> KrbAuthRealms DOMAIN.COM >> KrbServiceName HTTP >> Krb5Keytab /etc/apache2/krb5.keytab >> KrbMethodNegotiate on >> KrbMethodK5Passwd on >> KrbAuthoritative off >> KrbSaveCredentials on >> Require valid-user >> </Location> >> >> And then I created the following test page: >> >> <html> >> <head> >> <title>PHP Test</title> >> </head> >> <body> >> <h1>PHP Kerberos Test</h1> >> <?php >> echo "user = {$_SERVER['PHP_AUTH_USER']}<br/>"; >> echo "REMOTE_USER={$_SERVER['REMOTE_USER']}<br/>"; >> putenv("KRB5CCNAME={$_SERVER['KRB5CCNAME']}"); >> echo "KRB5CCNAME={$_SERVER['KRB5CCNAME']}<br/>"; >> >> exit(); >> ?> >> </body> >> </html> >> >> And I have mod_auth_kerb php5 modules enabled in apache. When I try to >> connect to the above test page using a kerberos ticket, I do see the >> PHP_AUTH_USER and REMOTE_USER (which are the same). But I get nothing >> in KRB5CCNAME. Now, if I destory my kerberos ticket and login using >> kerberos user/pw, At first I do get the filename associated with >> KRB5CCNAME. But, if I wait less than 15s to refresh the page, I get >> nothing for KRB5CCNAME; if I wait more than 15s, I will get the >> filename for KRB5CCNAME. >> >> Does anyone know what I may be doing wrong? >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> modauthkerb-help mailing list >> modauthkerb-help@xxxxxxxxxxxxxxxxxxxxx >> https://lists.sourceforge.net/lists/listinfo/modauthkerb-help > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php