On Wed, Sep 17, 2008 at 8:25 AM, Andreas Roth <[EMAIL PROTECTED]> wrote: > Hello, > > i'm using mod_auth_kerb version 5.3 (from ubuntu intrepid) and apache2 on a > ubuntu hardy machine. I set up the kerberos authentication using mod_auth_kerb > and it works well, but i have one problem: When i use a CGI-Script (e.g. shell > script) set environment variable KRB5CCNAME is set, but when i use a PHP- > Script (just calling phpinfo() ) the environment variable is not set. > Is this the correct behaviour? I would like to use the kerberos cache within > my PHP scripts; how can i do this?
Andreas, I don't have a definitive answer for you but here are a few thoughts: Try adding KRB5CCNAME to the safe_mode_allowed_env_vars INI property. However, instinct tells me this is probably not the problem. Note that the $_ENV global and getenv() function can return different results - try running a simple script that uses getenv instead to see if KRB5CCNAME is set. I have a feeling this is going to be the issue which is to say there is no issue since any Kerberos aware client will use getenv(). Also, I think you have to set a mod_auth_kerb option to indicate that you want KRB5CCNAME set (although apparently you have already done this if it works under a cgi script). Finally, if your KDC is AD you might want to checkout our Plexcel product (see signature). Plexcel for PHP does SPNEGO or explicit Kerberos logons, delegation, script-level group based access control, setting / changing passwords, account management w/ name canonicalization, "Sites and Services" support, DNS caching, redundancy / fail-over, support for multiple SPNs in your keytab for virtual hosting, plugins for popular PHP applications and more. Many of these details are impossible or very difficult to implement with the standard OSS stack. Anyway, if you try Plexcel or have any questions about it, please contact IOPLEX Software support directly and I'll help you in whatever way I can. Mike -- Michael B Allen PHP Active Directory SPNEGO SSO http://www.ioplex.com/ ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
