On Jul 25, 2007, at 2:55 AM, Mikkel Kruse Johnsen wrote: >> Is the KRB5CCNAME being set in the environment of the subprocess. > > Don't know how to check this. The KRB5CCNAME is in the env. with > the attached patch but the credetials is never saved to that file.
Protect CGI's and access a cgi that prints the environment. I think Apache comes with a couple: printenv (perl script), and test-cgi (sh script). I slightly customized the test-cgi as follows (for Solaris): ----------------- #!/bin/sh # disable filename globbing set -f echo "Content-type: text/plain; charset=iso-8859-1" echo echo CGI/1.0 test script report: echo echo argc is $#. argv is "$*". echo echo SERVER_SOFTWARE = $SERVER_SOFTWARE echo SERVER_NAME = $SERVER_NAME echo GATEWAY_INTERFACE = $GATEWAY_INTERFACE echo SERVER_PROTOCOL = $SERVER_PROTOCOL echo SERVER_PORT = $SERVER_PORT echo REQUEST_METHOD = $REQUEST_METHOD echo HTTP_ACCEPT = "$HTTP_ACCEPT" echo PATH_INFO = "$PATH_INFO" echo PATH_TRANSLATED = "$PATH_TRANSLATED" echo SCRIPT_NAME = "$SCRIPT_NAME" echo QUERY_STRING = "$QUERY_STRING" echo REMOTE_HOST = $REMOTE_HOST echo REMOTE_ADDR = $REMOTE_ADDR echo REMOTE_USER = $REMOTE_USER echo AUTH_TYPE = $AUTH_TYPE echo KRB5CCNAME = $KRB5CCNAME echo CONTENT_TYPE = $CONTENT_TYPE echo CONTENT_LENGTH = $CONTENT_LENGTH echo echo "Output from /usr/bin/klist:" echo /usr/bin/klist -f 2>&1 ------------------------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. [EMAIL PROTECTED], or [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos