[modauthkerb] Negotiate on Windows with cross-realm trust ADand MIT Kereros.

Henry B. Hotz hotz at jpl.nasa.gov
Wed Jul 25 15:18:47 EDT 2007


On Jul 25, 2007, at 2:55 AM, Mikkel Kruse Johnsen wrote:

>> Is the KRB5CCNAME being set in the environment of the subprocess.
>
> Don't know how to check this. The KRB5CCNAME is in the env. with  
> the attached patch but the credetials is never saved to that file.

Protect CGI's and access a cgi that prints the environment.  I think  
Apache comes with a couple:  printenv (perl script), and test-cgi (sh  
script).

I slightly customized the test-cgi as follows (for Solaris):
-----------------
#!/bin/sh

# disable filename globbing
set -f

echo "Content-type: text/plain; charset=iso-8859-1"
echo

echo CGI/1.0 test script report:
echo

echo argc is $#. argv is "$*".
echo

echo SERVER_SOFTWARE = $SERVER_SOFTWARE
echo SERVER_NAME = $SERVER_NAME
echo GATEWAY_INTERFACE = $GATEWAY_INTERFACE
echo SERVER_PROTOCOL = $SERVER_PROTOCOL
echo SERVER_PORT = $SERVER_PORT
echo REQUEST_METHOD = $REQUEST_METHOD
echo HTTP_ACCEPT = "$HTTP_ACCEPT"
echo PATH_INFO = "$PATH_INFO"
echo PATH_TRANSLATED = "$PATH_TRANSLATED"
echo SCRIPT_NAME = "$SCRIPT_NAME"
echo QUERY_STRING = "$QUERY_STRING"
echo REMOTE_HOST = $REMOTE_HOST
echo REMOTE_ADDR = $REMOTE_ADDR
echo REMOTE_USER = $REMOTE_USER
echo AUTH_TYPE = $AUTH_TYPE
echo KRB5CCNAME = $KRB5CCNAME
echo CONTENT_TYPE = $CONTENT_TYPE
echo CONTENT_LENGTH = $CONTENT_LENGTH
echo
echo "Output from /usr/bin/klist:"
echo
/usr/bin/klist -f 2>&1
------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu





More information about the Kerberos mailing list