Hi Russ,
if ($ENV{REMOTE_USER}&& $WebKDC::Config::REMUSER_ENABLED) {
if ($ENV{KRB5CCNAME}&& $WebKDC::Config::WEBKDC_PRINCIPAL) {
$self->add_proxy_token;
} else {
$self->add_remuser_token;
}
}
thanks a lot. You are right... The REMOTE_USER was not set. In previous
versions it worked fine, but in new version it is a problem. So I added
just before code above several lines:
if ((exists($ENV{SSL_CLIENT_CERT})) && ($ENV{SSL_CLIENT_CERT} ne
'')) {
my $cert=$ENV{SSL_CLIENT_CERT};
open (CERTUSER, "echo \"$cert\"|/usr/local/bin/get_upn.sh |");
chomp(my $certuser = lc(<CERTUSER>));
$ENV{REMOTE_USER} = $certuser;
close(CERTUSER);
}
Our external scritpt get_upn.sh parses user certificate and returns
username in format user@realm. I hope its secure enough :)
Now it works. Thanks again!
Petr Grolmus
