Maybe you are hitting this bug?
https://bugzilla.redhat.com/show_bug.cgi?id=687975
mod_auth_kerb using krb5passwd and keepalive and credential delegation
loses delegation after first request on connection
On Mon, 2012-08-27 at 17:29 -0400, Mauricio Tavares wrote:
> Quick-n-easy question: I have my apache virtual host configured to use
> kerberos authentication:
>
>
> AuthType KerberosV5
> KrbAuthRealms DOMAIN.COM
> KrbServiceName HTTP
> Krb5Keytab /etc/apache2/krb5.keytab
> KrbMethodNegotiate on
> KrbMethodK5Passwd on
> KrbAuthoritative off
> KrbSaveCredentials on
> Require valid-user
>
>
> And then I created the following test page:
>
>
>
> PHP Test
>
>
> PHP Kerberos Test
> echo "user = {$_SERVER['PHP_AUTH_USER']}";
> echo "REMOTE_USER={$_SERVER['REMOTE_USER']}";
> putenv("KRB5CCNAME={$_SERVER['KRB5CCNAME']}");
> echo "KRB5CCNAME={$_SERVER['KRB5CCNAME']}";
>
> exit();
> ?>
>
>
>
> And I have mod_auth_kerb php5 modules enabled in apache. When I try to
> connect to the above test page using a kerberos ticket, I do see the
> PHP_AUTH_USER and REMOTE_USER (which are the same). But I get nothing
> in KRB5CCNAME. Now, if I destory my kerberos ticket and login using
> kerberos user/pw, At first I do get the filename associated with
> KRB5CCNAME. But, if I wait less than 15s to refresh the page, I get
> nothing for KRB5CCNAME; if I wait more than 15s, I will get the
> filename for KRB5CCNAME.
>
> Does anyone know what I may be doing wrong?
>
> --
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> ___
> modauthkerb-help mailing list
> modauthkerb-h...@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/modauthkerb-help
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
