Solved

Apache doesn't return REMOTE_USER variable

Posted on 2009-05-15
15
2,374 Views
Last Modified: 2013-12-13
Ubuntu Linux 8.04 Apache 2.2 mod_auth_kerb php5 (non-cgi)

Apache's httpd.conf:

<Files ~ "^/WordPress/wp-admin/">
AuthType Kerberos
Require valid-user
</Files>

(SUCCESS) UnitTest1: kinit, klist both tested successfully as myUserName.
(SUCCESS)  UnitTest2: Can access the files only when logged into Windows Vista as a Domain User.
(FAILURE)  UnitTest3: phpinfo() function does not show an Apache REMOTE_USER variable.

Please share your knowledge of where my configuration is missing.
0
Comment
Question by:whittet
  • 4
  • 3
  • 2
  • +1
15 Comments
 
LVL 27

Expert Comment

by:caterham_www
ID: 24413802
> <Files ~ "^/WordPress/wp-admin/">
AuthType Kerberos
Require valid-user
</Files>

Files is to match against filenames, use DirectoryMatch to match against a directory.
<DirectoryMatch "^/var/www/WordPress/wp-admin">

AuthType Kerberos

Require valid-user

</DirectoryMatch>

Open in new window

0
 
LVL 1

Author Comment

by:whittet
ID: 24413963
As I tried to say above.  The permissions piece works, but the REMOTE_USER has no value in phpinfo().
Here is my syntax.

<Directory /wordpress>
  <IfModule mod_auth_kerb>
    AuthType Kerberos
    AuthName "MYDOMAIN Login"
    KrbAuthRealms MYDOMAIN.LOCAL
    KrbServiceName HTTP
    Krb5Keytab /etc/krb5.keytab
    KrbMethodNegotiate on
    KrbMethodK5Passwd off
    KrbSaveCredentials on
    KrbAuthoritative on
  </IfModule>

  <Files ~ "^(wp-admin/|(wp-login|wp-register)\.php)">
    Order allow,deny
    Allow from all

    Require valid-user
  </Files>
</Directory>

0
 
LVL 21

Expert Comment

by:Julian Matz
ID: 24414486
Hi whittet,

Please try the following two variables:

echo $_SERVER['PHP_AUTH_USER'] . '<br />';
echo $_SERVER['PHP_AUTH_PW'] . '<br />';

0
 
LVL 21

Expert Comment

by:Julian Matz
ID: 24414507
Or try the full snippet below...


<?php

if (!isset($_SERVER['PHP_AUTH_USER'])) {

    header('WWW-Authenticate: Basic realm="TEST"');

    header('HTTP/1.0 401 Unauthorized');

    echo 'Text to send if user hits Cancel button';

    exit;

} else {

    echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";

    echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";

}

?>

Open in new window

0
 
LVL 1

Author Comment

by:whittet
ID: 24414670
julianmatz - Those values are not set.

I tried all the suggestions from this http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_23840099.html, but was under the impression that mod_auth_kerb was an alternative to mod_ntlm or winbind.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 50

Expert Comment

by:Steve Bink
ID: 24416489
Are you running safe mode?
0
 
LVL 1

Author Comment

by:whittet
ID: 24418137
No safe mode.
0
 
LVL 50

Accepted Solution

by:
Steve Bink earned 500 total points
ID: 24424999
According to the PHP docs, those values are only available under basic and digest authentication types.  There are other things to check (such as the cgi.rfc2616_headers configuration item), but I think kerberos counts as external authentication.

http://www.php.net/manual/en/features.http-auth.php
0
 
LVL 50

Expert Comment

by:Steve Bink
ID: 25986888
I provided an answer to the question of why the values are not populated.  Granted, the user never came back to confirm they could be matched in a different location, but the original question was about "why".
0
 
LVL 50

Expert Comment

by:Steve Bink
ID: 26005395
I believe my comment at #24424999 answered the original question.  Further input from the OP could have taken this a little further, but the solution was provided.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now