--On Wednesday, March 23, 2005 2:50 PM -0800 Ben Poliakoff <[EMAIL PROTECTED]> wrote:
[ Hope this isn't too off topic for this list... ]
At long last the most recent versions of Authen::SASL::Cyrus seem to work properly (allowing me to write scripts that do GSSAPI authenticated binds when connecting to an LDAP server).
But I'm having a bit of trouble in trying to get Authen::SASL::Cyrus to work *usefully* with GSSAPI while running under mod_perl.
The problem is that when mod_perl compiles the script (as the apache user) it calls out to libsasl and libgssapi_krb5 (et al) and consquently embeds the credential cache location, specified in $ENV{KRB5CCNAME}, in the compiled script.
In other words the compiled script always looks for the kerberos credential cache in the apache user's $ENV{KRB5CCNAME}. This would be OK if my web application wasn't trying to authenticate to LDAP using credentials *other* than those in the apache user's $ENV{KRB5CCNAME}.
I'm using a web single signon system (umich's cosign) that can retrieve a kerberos ticket for a user. As far as I can tell there isn't a way to specify a credential cache with Authen::SASL::Cyrus (or is there?).
Has anyone had some experience with this sort of issue?
So you are saying essentially, that you want your application to ignore the Kerberos *standard* and do something non-compliant. I don't find that to be a particularly wise assumption to behave upon, myself.
The pieces involved that are looking at the KRB5CCNAME environment variable are embedded in the Kerberos libraries, so I doubt you will have much luck doing what you want, short of writing MIT and Heimdal and asking them to please break the Kerberos standard for you.
I'm glad to hear the latest Authen::SASL::Cyrus from CPAN actually works, I'll go try it out. I guess ADAMSON finally woke up and ported in the fixes from Patrick.
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
"These censorship operations against schools and libraries are stronger than ever in the present religio-political climate. They often focus on fantasy and sf books, which foster that deadly enemy to bigotry and blind faith, the imagination." -- Ursula K. Le Guin
