[PHP] Re: [modauthkerb] Cannot retrieve KRB5CCNAME if logged in with kerberos ticket
On Tue, 2012-08-28 at 09:07 -0400, Mauricio Tavares wrote: > > https://bugzilla.redhat.com/show_bug.cgi?id=687975 > > mod_auth_kerb using krb5passwd and keepalive and credential delegation > > loses delegation after first request on connection > > > Good question, because it sure looks rather similar. Try the patch and see if it helps: https://bugzilla.redhat.com/attachment.cgi?id=522350 Or try Fedora 17 or RHEL 6.3. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [modauthkerb] Cannot retrieve KRB5CCNAME if logged in with kerberos ticket
On Mon, Aug 27, 2012 at 7:14 PM, Benjamin Kahn wrote: > Maybe you are hitting this bug? > > https://bugzilla.redhat.com/show_bug.cgi?id=687975 > mod_auth_kerb using krb5passwd and keepalive and credential delegation > loses delegation after first request on connection > Good question, because it sure looks rather similar. > On Mon, 2012-08-27 at 17:29 -0400, Mauricio Tavares wrote: >> Quick-n-easy question: I have my apache virtual host configured to use >> kerberos authentication: >> >> >> AuthType KerberosV5 >> KrbAuthRealms DOMAIN.COM >> KrbServiceName HTTP >> Krb5Keytab /etc/apache2/krb5.keytab >> KrbMethodNegotiate on >> KrbMethodK5Passwd on >> KrbAuthoritative off >> KrbSaveCredentials on >> Require valid-user >> >> >> And then I created the following test page: >> >> >> >> PHP Test >> >> >> PHP Kerberos Test >> > echo "user = {$_SERVER['PHP_AUTH_USER']}"; >> echo "REMOTE_USER={$_SERVER['REMOTE_USER']}"; >> putenv("KRB5CCNAME={$_SERVER['KRB5CCNAME']}"); >> echo "KRB5CCNAME={$_SERVER['KRB5CCNAME']}"; >> >> exit(); >> ?> >> >> >> >> And I have mod_auth_kerb php5 modules enabled in apache. When I try to >> connect to the above test page using a kerberos ticket, I do see the >> PHP_AUTH_USER and REMOTE_USER (which are the same). But I get nothing >> in KRB5CCNAME. Now, if I destory my kerberos ticket and login using >> kerberos user/pw, At first I do get the filename associated with >> KRB5CCNAME. But, if I wait less than 15s to refresh the page, I get >> nothing for KRB5CCNAME; if I wait more than 15s, I will get the >> filename for KRB5CCNAME. >> >> Does anyone know what I may be doing wrong? >> >> -- >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> ___ >> modauthkerb-help mailing list >> modauthkerb-h...@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/modauthkerb-help > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [modauthkerb] Cannot retrieve KRB5CCNAME if logged in with kerberos ticket
Maybe you are hitting this bug? https://bugzilla.redhat.com/show_bug.cgi?id=687975 mod_auth_kerb using krb5passwd and keepalive and credential delegation loses delegation after first request on connection On Mon, 2012-08-27 at 17:29 -0400, Mauricio Tavares wrote: > Quick-n-easy question: I have my apache virtual host configured to use > kerberos authentication: > > > AuthType KerberosV5 > KrbAuthRealms DOMAIN.COM > KrbServiceName HTTP > Krb5Keytab /etc/apache2/krb5.keytab > KrbMethodNegotiate on > KrbMethodK5Passwd on > KrbAuthoritative off > KrbSaveCredentials on > Require valid-user > > > And then I created the following test page: > > > > PHP Test > > > PHP Kerberos Test > echo "user = {$_SERVER['PHP_AUTH_USER']}"; > echo "REMOTE_USER={$_SERVER['REMOTE_USER']}"; > putenv("KRB5CCNAME={$_SERVER['KRB5CCNAME']}"); > echo "KRB5CCNAME={$_SERVER['KRB5CCNAME']}"; > > exit(); > ?> > > > > And I have mod_auth_kerb php5 modules enabled in apache. When I try to > connect to the above test page using a kerberos ticket, I do see the > PHP_AUTH_USER and REMOTE_USER (which are the same). But I get nothing > in KRB5CCNAME. Now, if I destory my kerberos ticket and login using > kerberos user/pw, At first I do get the filename associated with > KRB5CCNAME. But, if I wait less than 15s to refresh the page, I get > nothing for KRB5CCNAME; if I wait more than 15s, I will get the > filename for KRB5CCNAME. > > Does anyone know what I may be doing wrong? > > -- > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > ___ > modauthkerb-help mailing list > modauthkerb-h...@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/modauthkerb-help -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php