[PHP] Re: [modauthkerb] Cannot retrieve KRB5CCNAME if logged in with kerberos ticket
On Tue, 2012-08-28 at 09:07 -0400, Mauricio Tavares wrote: > > https://bugzilla.redhat.com/show_bug.cgi?id=687975 > > mod_auth_kerb using krb5passwd and keepalive and credential delegation > > loses delegation after first request on connection > > > Good question, because it sure looks rather similar. Try the patch and see if it helps: https://bugzilla.redhat.com/attachment.cgi?id=522350 Or try Fedora 17 or RHEL 6.3. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [modauthkerb] Cannot retrieve KRB5CCNAME if logged in with kerberos ticket
On Mon, Aug 27, 2012 at 7:14 PM, Benjamin Kahn wrote:
> Maybe you are hitting this bug?
>
> https://bugzilla.redhat.com/show_bug.cgi?id=687975
> mod_auth_kerb using krb5passwd and keepalive and credential delegation
> loses delegation after first request on connection
>
Good question, because it sure looks rather similar.
> On Mon, 2012-08-27 at 17:29 -0400, Mauricio Tavares wrote:
>> Quick-n-easy question: I have my apache virtual host configured to use
>> kerberos authentication:
>>
>>
>> AuthType KerberosV5
>> KrbAuthRealms DOMAIN.COM
>> KrbServiceName HTTP
>> Krb5Keytab /etc/apache2/krb5.keytab
>> KrbMethodNegotiate on
>> KrbMethodK5Passwd on
>> KrbAuthoritative off
>> KrbSaveCredentials on
>> Require valid-user
>>
>>
>> And then I created the following test page:
>>
>>
>>
>> PHP Test
>>
>>
>> PHP Kerberos Test
>> > echo "user = {$_SERVER['PHP_AUTH_USER']}";
>> echo "REMOTE_USER={$_SERVER['REMOTE_USER']}";
>> putenv("KRB5CCNAME={$_SERVER['KRB5CCNAME']}");
>> echo "KRB5CCNAME={$_SERVER['KRB5CCNAME']}";
>>
>> exit();
>> ?>
>>
>>
>>
>> And I have mod_auth_kerb php5 modules enabled in apache. When I try to
>> connect to the above test page using a kerberos ticket, I do see the
>> PHP_AUTH_USER and REMOTE_USER (which are the same). But I get nothing
>> in KRB5CCNAME. Now, if I destory my kerberos ticket and login using
>> kerberos user/pw, At first I do get the filename associated with
>> KRB5CCNAME. But, if I wait less than 15s to refresh the page, I get
>> nothing for KRB5CCNAME; if I wait more than 15s, I will get the
>> filename for KRB5CCNAME.
>>
>> Does anyone know what I may be doing wrong?
>>
>> --
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> ___
>> modauthkerb-help mailing list
>> modauthkerb-h...@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/modauthkerb-help
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [modauthkerb] Cannot retrieve KRB5CCNAME if logged in with kerberos ticket
Maybe you are hitting this bug?
https://bugzilla.redhat.com/show_bug.cgi?id=687975
mod_auth_kerb using krb5passwd and keepalive and credential delegation
loses delegation after first request on connection
On Mon, 2012-08-27 at 17:29 -0400, Mauricio Tavares wrote:
> Quick-n-easy question: I have my apache virtual host configured to use
> kerberos authentication:
>
>
> AuthType KerberosV5
> KrbAuthRealms DOMAIN.COM
> KrbServiceName HTTP
> Krb5Keytab /etc/apache2/krb5.keytab
> KrbMethodNegotiate on
> KrbMethodK5Passwd on
> KrbAuthoritative off
> KrbSaveCredentials on
> Require valid-user
>
>
> And then I created the following test page:
>
>
>
> PHP Test
>
>
> PHP Kerberos Test
> echo "user = {$_SERVER['PHP_AUTH_USER']}";
> echo "REMOTE_USER={$_SERVER['REMOTE_USER']}";
> putenv("KRB5CCNAME={$_SERVER['KRB5CCNAME']}");
> echo "KRB5CCNAME={$_SERVER['KRB5CCNAME']}";
>
> exit();
> ?>
>
>
>
> And I have mod_auth_kerb php5 modules enabled in apache. When I try to
> connect to the above test page using a kerberos ticket, I do see the
> PHP_AUTH_USER and REMOTE_USER (which are the same). But I get nothing
> in KRB5CCNAME. Now, if I destory my kerberos ticket and login using
> kerberos user/pw, At first I do get the filename associated with
> KRB5CCNAME. But, if I wait less than 15s to refresh the page, I get
> nothing for KRB5CCNAME; if I wait more than 15s, I will get the
> filename for KRB5CCNAME.
>
> Does anyone know what I may be doing wrong?
>
> --
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> ___
> modauthkerb-help mailing list
> modauthkerb-h...@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/modauthkerb-help
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
