Package: libapache2-mod-auth-kerb Version: 5.4-2.1 Severity: wishlist I am trying to use mpm_itk along with mod_auth_kerb to force authentication before running a CGI script as a user (in this case, the git smart HTTP server). However, mod_auth_kerb reads the keytab after it has dropped privileges, resulting in the problem that the user to which privileges have been dropped cannot read the keytab file. This is, of course, by design—ordinary users should not have access to the Apache keytab.
Would it be possible to read the keytab on startup before dropping privileges so that this use case (and suexec, and so on) works? -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.11-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
