In article <[EMAIL PROTECTED]> you wrote
(many years ago):
> At long last the most recent versions of Authen::SASL::Cyrus seem
> to work properly (allowing me to write scripts that do GSSAPI
> authenticated binds when connecting to an LDAP server).
>
> But I'm having a bit of trouble in trying to get Authen::SASL::Cyrus to
> work *usefully* with GSSAPI while running under mod_perl.
>
> The problem is that when mod_perl compiles the script (as the apache
> user) it calls out to libsasl and libgssapi_krb5 (et al) and consquently
> embeds the credential cache location, specified in $ENV{KRB5CCNAME}, in
> the compiled script.
>
> In other words the compiled script always looks for the kerberos
> credential cache in the apache user's $ENV{KRB5CCNAME}. This would be
> OK if my web application wasn't trying to authenticate to LDAP using
> credentials *other* than those in the apache user's $ENV{KRB5CCNAME}.
>
> I'm using a web single signon system (umich's cosign) that can retrieve
> a kerberos ticket for a user. As far as I can tell there isn't a way to
> specify a credential cache with Authen::SASL::Cyrus (or is there?).
Hello,
I've just hit this same problem getting our mod_perl application to use
a credcache as specified by
PerlSetEnv KRB5CCNAME
The application ends up trying to use root's KRB5CCNAME instead (as the
server is started as root).
Was this problem ever solved before? I can't see any way round this
currently.
Thanks,
Dominic.
--
Dominic Hargreaves, Systems Development and Support Team
Computing Services, University of Oxford
