libapache2-mod-auth-kerb using krb5passwd and keepalive and credential delegation loses delegation after first request on connection

Asked by Raubvogel

This is a bug that was reported in; does it also affect ubuntu? Reason I ask is that I seem to be able to reproduce it in 12.04.

1. Need php5-ldap libapache2-mod-auth-kerb libsasl2-modules-ldap
2. Configure apache host to do kerberos, including having a keytab for apache.
3. Setup the apache virtual host site to use mod_auth_kerb:

    <Location "/">
        Options FollowSymLinks
        AuthType Kerberos
        KrbAuthRealms DOMAIN.COM
        KrbServiceName HTTP
        Krb5Keytab /etc/apache2/krb5.keytab
        KrbMethodNegotiate on
        KrbMethodK5Passwd on
        # The saveCredentials entry is important for php to get KRB5CCNAME
        KrbSaveCredentials on
        Require valid-user

4. create test.php (yes I am using php) file:

        <title>PHP Test</title>
        <h1>PHP Kerberos Test</h1>
        // LDAP parameters
        echo "user = {$_SERVER['PHP_AUTH_USER']}<br/>";
        echo "REMOTE_USER={$_SERVER['REMOTE_USER']}<br/>";
        echo "KRB5CCNAME={$_SERVER['KRB5CCNAME']}<br/>";


5. Connect to page. First time you log in you should see something like:

PHP Kerberos Test

<email address hidden>

6. Immediately reload page. You will now see

PHP Kerberos Test

<email address hidden>

7. Wait 15 seconds and try again:

PHP Kerberos Test

<email address hidden>

Did I missconfigure anything?

Revision history for this message
actionparsnip (andrew-woodhead666) said :

I suggest you report a bug, link the redhat bug too, it may help

Can you help with this problem?

Provide an answer of your own, or ask Raubvogel for more information if necessary.

To post a message you must log in.