On 6/21/2011 9:29 PM, Deon George wrote:
> Hi Adam
>
> On 22/06/11 05:41, Adam Allred wrote:
>> That last sentence...that's the kicker. Apache wakes up, services your
>> first request after getting credentials (in this case, getting the
>> basic tree layout), and then intentionally deletes the credentials
>> cache that provides the ability to perform an ldap_sasl_bind. Any
>> subsequent attempts will, of course, fail miserably. That's why
>> phpldapadmin fails to work. It doesn't have the necessary credentials
>> to do GSSAPI authentication.
> Thats not true. I have exactly that setup, which I used to fix PLA.
>
> My environment is using mod_auth_kerb, openldap 2.3, kerberous 5 and
> apache 2.2. You must have "KrbSaveCredentials On" for PHP to get access
> to the TGT. The cache file is deleted after each request (after PHP has
> used it).
>
>> The real kicker here is that as far as the GSSAPI is concerned, this
>> operation is correct. We don't want a credentials cache to lay around,
>> and we don't want phpldapadmin to cache a username and password in
>> "plain text" (even if in memory).
> With GSSAPI authentication, PLA doesnt store/use a username/password -
> however that information is available to PHP via the PHP_AUTH_*
> variables. Unless of course you use Negotiate instead of Basic
> authentication (with the supported browser), then PHP only gets the
> principle used to login.
>
> ...deon
>
> ------------------------------------------------------------------------------
> Simplify data backup and recovery for your virtual environment with vRanger.
> Installation's a snap, and flexible recovery options mean your data is safe,
> secure and there when you need it. Data protection magic?
> Nope - It's vRanger. Get your free trial download today.
> http://p.sf.net/sfu/quest-sfdev2dev
> _______________________________________________
> phpldapadmin-users mailing list
> phpldapadmin-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/phpldapadmin-users
Well....damn. Back to the drawing board.

Adam

------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Data protection magic?
Nope - It's vRanger. Get your free trial download today.
http://p.sf.net/sfu/quest-sfdev2dev
_______________________________________________
phpldapadmin-users mailing list
phpldapadmin-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/phpldapadmin-users

Reply via email to