> The problem I'm having now, is that c-client is able to kerberos
> authentication properly if php is compiled as a CGI, but when compiled as
> a server module, the ticket file gets mucked up.  imap_open() invokes



When you say the ticket file gets mucked up, do you actually have an actual
file, and perhaps an analysis of what exactly is in there compared with
module/CGI modes?  I have no idea what a Kerebos ticket file is, but I
reckon analyzing what's inside it under the two cases might be fruitful.

You're not using suExec wrapped around the CGI version to change the user
PHP runs as, are you?...

That *FOR* *SURE* could have a huge impact on Kerebos, eh?

Another thing that changes for sure between Module/CGI is that PHP CGI runs
as a separate process ID.  Does Kerebos care about process IDs?

I'm guessing that a CGI run might somehow manage to have different PATH/path
settings since the Module and the CGI almost certainly live in different
directories...  Where are the Kerebos keys living?

Like, after your PHP Module authenticates, will that particular httpd
process then be authenticated from that point forward?...  I have no idea
how this stuff works, but if httpd is going to be able to masquerede as the
formerly authenticated Kerebos user, then the Module not working is a
feature, not a bug...

Also -- Is Apache itself utilizing Kerebos for anyting?  Perhaps whatever
Apache is doing to load Kerebos is messing up PHP's attemtps to load it, but
when they are in separate processes (CGI) then their two Kerebos loadings
don't tromp on each other.

Finally, perhaps the order of events is important -- If Apache is loading
some Kerebos stuff, then running PHP as a CGI, all is good.  But if your PHP
Module is loaded, then Apache loads Kerebos, it's too late for PHP to
utilize it.  Try moving your PHP Module stuff (LoadModule, AddModule, all of
it) to the very end of httpd.conf -- Leave comments where it used to be so
if it works you have some sort of documentation for the next poor schnook
(maybe you in a year) that has to edit httpd.conf, and you can put things
back where they belong if it doesn't help.

Disclaimer:  If you think I actually know what I'm talking about here, you
are sorely mistaken :-)   [Not least of which is I think I just mis-spelled
Kereberos about a half-dozen times...]

WARNING [EMAIL PROTECTED] address is an endangered species -- Use
Wanna help me out?  Like Music?  Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.com/volunteer.htm

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to