[PHP] Re: [modauthkerb] Cannot retrieve KRB5CCNAME if logged in with kerberos ticket

Tue, 28 Aug 2012 06:08:29 -0700 

On Mon, Aug 27, 2012 at 7:14 PM, Benjamin Kahn <[email protected]> wrote:
> Maybe you are hitting this bug?
>
> https://bugzilla.redhat.com/show_bug.cgi?id=687975
> mod_auth_kerb using krb5passwd and keepalive and credential delegation
> loses delegation after first request on connection
>
      Good question, because it sure looks rather similar.

> On Mon, 2012-08-27 at 17:29 -0400, Mauricio Tavares wrote:
>> Quick-n-easy question: I have my apache virtual host configured to use
>> kerberos authentication:
>>
>>         <Location />
>>                 AuthType KerberosV5
>>                 KrbAuthRealms DOMAIN.COM
>>                 KrbServiceName HTTP
>>                 Krb5Keytab /etc/apache2/krb5.keytab
>>                 KrbMethodNegotiate on
>>                 KrbMethodK5Passwd on
>>                 KrbAuthoritative off
>>                 KrbSaveCredentials on
>>                 Require valid-user
>>         </Location>
>>
>> And then I created the following test page:
>>
>> <html>
>> <head>
>>         <title>PHP Test</title>
>> </head>
>> <body>
>>         <h1>PHP Kerberos Test</h1>
>> <?php
>>         echo "user = {$_SERVER['PHP_AUTH_USER']}<br/>";
>>         echo "REMOTE_USER={$_SERVER['REMOTE_USER']}<br/>";
>>         putenv("KRB5CCNAME={$_SERVER['KRB5CCNAME']}");
>>         echo "KRB5CCNAME={$_SERVER['KRB5CCNAME']}<br/>";
>>
>>         exit();
>> ?>
>>   </body>
>> </html>
>>
>> And I have mod_auth_kerb php5 modules enabled in apache. When I try to
>> connect to the above test page using a kerberos ticket, I do see the
>> PHP_AUTH_USER and REMOTE_USER (which are the same). But I get nothing
>> in KRB5CCNAME. Now, if I destory my kerberos ticket and login using
>> kerberos user/pw, At first I do get the filename associated with
>> KRB5CCNAME. But, if I wait less than 15s to refresh the page, I get
>> nothing for KRB5CCNAME; if I wait more than 15s, I will get the
>> filename for KRB5CCNAME.
>>
>> Does anyone know what I may be doing wrong?
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> modauthkerb-help mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/modauthkerb-help
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to