On 6/21/2011 9:29 PM, Deon George wrote: > Hi Adam > > On 22/06/11 05:41, Adam Allred wrote: >> That last sentence...that's the kicker. Apache wakes up, services your >> first request after getting credentials (in this case, getting the >> basic tree layout), and then intentionally deletes the credentials >> cache that provides the ability to perform an ldap_sasl_bind. Any >> subsequent attempts will, of course, fail miserably. That's why >> phpldapadmin fails to work. It doesn't have the necessary credentials >> to do GSSAPI authentication. > Thats not true. I have exactly that setup, which I used to fix PLA. > > My environment is using mod_auth_kerb, openldap 2.3, kerberous 5 and > apache 2.2. You must have "KrbSaveCredentials On" for PHP to get access > to the TGT. The cache file is deleted after each request (after PHP has > used it). > >> The real kicker here is that as far as the GSSAPI is concerned, this >> operation is correct. We don't want a credentials cache to lay around, >> and we don't want phpldapadmin to cache a username and password in >> "plain text" (even if in memory). > With GSSAPI authentication, PLA doesnt store/use a username/password - > however that information is available to PHP via the PHP_AUTH_* > variables. Unless of course you use Negotiate instead of Basic > authentication (with the supported browser), then PHP only gets the > principle used to login. > > ...deon > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual environment with vRanger. > Installation's a snap, and flexible recovery options mean your data is safe, > secure and there when you need it. Data protection magic? > Nope - It's vRanger. Get your free trial download today. > http://p.sf.net/sfu/quest-sfdev2dev > _______________________________________________ > phpldapadmin-users mailing list > phpldapadmin-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/phpldapadmin-users Well....damn. Back to the drawing board.
Adam ------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev _______________________________________________ phpldapadmin-users mailing list phpldapadmin-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpldapadmin-users
