Public bug reported: This is a bug that was reported in https://bugzilla.redhat.com/show_bug.cgi?id=687975; does it also affect ubuntu? Reason I ask is that I seem to be able to reproduce it in 12.04.
Steps: 1. Need php5-ldap libapache2-mod-auth-kerb libsasl2-modules-ldap 2. Configure apache host to do kerberos, including having a keytab for apache. 3. Setup the apache virtual host site to use mod_auth_kerb: <Location "/"> Options FollowSymLinks AuthType Kerberos KrbAuthRealms DOMAIN.COM KrbServiceName HTTP Krb5Keytab /etc/apache2/krb5.keytab KrbMethodNegotiate on KrbMethodK5Passwd on # The saveCredentials entry is important for php to get KRB5CCNAME KrbSaveCredentials on Require valid-user </Location> 4. create test.php (yes I am using php) file: <html> <head> <title>PHP Test</title> </head> <body> <h1>PHP Kerberos Test</h1> <?php // LDAP parameters echo "user = {$_SERVER['PHP_AUTH_USER']}<br/>"; echo "REMOTE_USER={$_SERVER['REMOTE_USER']}<br/>"; echo "KRB5CCNAME={$_SERVER['KRB5CCNAME']}<br/>"; exit(); ?> </body> </html> 5. Connect to page. First time you log in you should see something like: PHP Kerberos Test user=raubvogel REMOTE_USER=raubvo...@domain.com KRB5CCNAME=FILE:/tmp/krb5cc_apache_0156Pt 6. Immediately reload page. You will now see PHP Kerberos Test user=raubvogel REMOTE_USER=raubvo...@domain.com KRB5CCNAME= 7. Wait 15 seconds and try again: PHP Kerberos Test user=raubvogel REMOTE_USER=raubvo...@domain.com KRB5CCNAME=FILE:/tmp/krb5cc_apache_Q3sMmK Did I missconfigure anything? ** Affects: libapache-mod-auth-kerb (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libapache-mod-auth-kerb in Ubuntu. https://bugs.launchpad.net/bugs/1042856 Title: libapache2-mod-auth-kerb using krb5passwd and keepalive and credential delegation loses delegation after first request on connection To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libapache-mod-auth-kerb/+bug/1042856/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs