libapache2-mod-auth-kerb using krb5passwd and keepalive and credential delegation loses delegation after first request on connection
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libapache-mod-auth-kerb (Ubuntu) |
Confirmed
|
High
|
Unassigned |
Bug Description
This is a bug that was reported in https:/
Steps:
1. Need php5-ldap libapache2-
2. Configure apache host to do kerberos, including having a keytab for apache.
3. Setup the apache virtual host site to use mod_auth_kerb:
<Location "/">
Options FollowSymLinks
AuthType Kerberos
Krb5Keytab /etc/apache2/
# The saveCredentials entry is important for php to get KRB5CCNAME
Require valid-user
</Location>
4. create test.php (yes I am using php) file:
<html>
<head>
<title>PHP Test</title>
</head>
<body>
<h1>PHP Kerberos Test</h1>
<?php
// LDAP parameters
echo "user = {$_SERVER[
echo "REMOTE_
echo "KRB5CCNAME=
exit();
?>
</body>
</html>
5. Connect to page. First time you log in you should see something like:
PHP Kerberos Test
user=raubvogel
<email address hidden>
KRB5CCNAME=
6. Immediately reload page. You will now see
PHP Kerberos Test
user=raubvogel
<email address hidden>
KRB5CCNAME=
7. Wait 15 seconds and try again:
PHP Kerberos Test
user=raubvogel
<email address hidden>
KRB5CCNAME=
Did I missconfigure anything?
Indeed the commit listed on the redhat bug is not applied in precise, or even the precise version. Marking this bug confirmed on account of that.