[Bug 1042856] [NEW] libapache2-mod-auth-kerb using krb5passwd and keepalive and credential delegation loses delegation after first request on connection
Raubvogel
1042856 at bugs.launchpad.net
Tue Aug 28 17:12:13 UTC 2012
Public bug reported:
This is a bug that was reported in
https://bugzilla.redhat.com/show_bug.cgi?id=687975; does it also affect
ubuntu? Reason I ask is that I seem to be able to reproduce it in 12.04.
Steps:
1. Need php5-ldap libapache2-mod-auth-kerb libsasl2-modules-ldap
2. Configure apache host to do kerberos, including having a keytab for apache.
3. Setup the apache virtual host site to use mod_auth_kerb:
<Location "/">
Options FollowSymLinks
AuthType Kerberos
KrbAuthRealms DOMAIN.COM
KrbServiceName HTTP
Krb5Keytab /etc/apache2/krb5.keytab
KrbMethodNegotiate on
KrbMethodK5Passwd on
# The saveCredentials entry is important for php to get KRB5CCNAME
KrbSaveCredentials on
Require valid-user
</Location>
4. create test.php (yes I am using php) file:
<html>
<head>
<title>PHP Test</title>
</head>
<body>
<h1>PHP Kerberos Test</h1>
<?php
// LDAP parameters
echo "user = {$_SERVER['PHP_AUTH_USER']}<br/>";
echo "REMOTE_USER={$_SERVER['REMOTE_USER']}<br/>";
echo "KRB5CCNAME={$_SERVER['KRB5CCNAME']}<br/>";
exit();
?>
</body>
</html>
5. Connect to page. First time you log in you should see something like:
PHP Kerberos Test
user=raubvogel
REMOTE_USER=raubvogel at DOMAIN.COM
KRB5CCNAME=FILE:/tmp/krb5cc_apache_0156Pt
6. Immediately reload page. You will now see
PHP Kerberos Test
user=raubvogel
REMOTE_USER=raubvogel at DOMAIN.COM
KRB5CCNAME=
7. Wait 15 seconds and try again:
PHP Kerberos Test
user=raubvogel
REMOTE_USER=raubvogel at DOMAIN.COM
KRB5CCNAME=FILE:/tmp/krb5cc_apache_Q3sMmK
Did I missconfigure anything?
** Affects: libapache-mod-auth-kerb (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libapache-mod-auth-kerb in Ubuntu.
https://bugs.launchpad.net/bugs/1042856
Title:
libapache2-mod-auth-kerb using krb5passwd and keepalive and credential
delegation loses delegation after first request on connection
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libapache-mod-auth-kerb/+bug/1042856/+subscriptions
More information about the Ubuntu-server-bugs
mailing list