Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Apache doesn't return REMOTE_USER variable

Posted on 2009-05-15
15
Medium Priority
?
2,657 Views
Last Modified: 2013-12-13
Ubuntu Linux 8.04 Apache 2.2 mod_auth_kerb php5 (non-cgi)

Apache's httpd.conf:

<Files ~ "^/WordPress/wp-admin/">
AuthType Kerberos
Require valid-user
</Files>

(SUCCESS) UnitTest1: kinit, klist both tested successfully as myUserName.
(SUCCESS)  UnitTest2: Can access the files only when logged into Windows Vista as a Domain User.
(FAILURE)  UnitTest3: phpinfo() function does not show an Apache REMOTE_USER variable.

Please share your knowledge of where my configuration is missing.
0
Comment
Question by:whittet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
15 Comments
 
LVL 27

Expert Comment

by:caterham_www
ID: 24413802
> <Files ~ "^/WordPress/wp-admin/">
AuthType Kerberos
Require valid-user
</Files>

Files is to match against filenames, use DirectoryMatch to match against a directory.
<DirectoryMatch "^/var/www/WordPress/wp-admin">
AuthType Kerberos
Require valid-user
</DirectoryMatch>

Open in new window

0
 
LVL 1

Author Comment

by:whittet
ID: 24413963
As I tried to say above.  The permissions piece works, but the REMOTE_USER has no value in phpinfo().
Here is my syntax.

<Directory /wordpress>
  <IfModule mod_auth_kerb>
    AuthType Kerberos
    AuthName "MYDOMAIN Login"
    KrbAuthRealms MYDOMAIN.LOCAL
    KrbServiceName HTTP
    Krb5Keytab /etc/krb5.keytab
    KrbMethodNegotiate on
    KrbMethodK5Passwd off
    KrbSaveCredentials on
    KrbAuthoritative on
  </IfModule>

  <Files ~ "^(wp-admin/|(wp-login|wp-register)\.php)">
    Order allow,deny
    Allow from all

    Require valid-user
  </Files>
</Directory>

0
 
LVL 21

Expert Comment

by:Julian Matz
ID: 24414486
Hi whittet,

Please try the following two variables:

echo $_SERVER['PHP_AUTH_USER'] . '<br />';
echo $_SERVER['PHP_AUTH_PW'] . '<br />';

0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 21

Expert Comment

by:Julian Matz
ID: 24414507
Or try the full snippet below...


<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="TEST"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Text to send if user hits Cancel button';
    exit;
} else {
    echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
    echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
?>

Open in new window

0
 
LVL 1

Author Comment

by:whittet
ID: 24414670
julianmatz - Those values are not set.

I tried all the suggestions from this http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_23840099.html, but was under the impression that mod_auth_kerb was an alternative to mod_ntlm or winbind.
0
 
LVL 51

Expert Comment

by:Steve Bink
ID: 24416489
Are you running safe mode?
0
 
LVL 1

Author Comment

by:whittet
ID: 24418137
No safe mode.
0
 
LVL 51

Accepted Solution

by:
Steve Bink earned 2000 total points
ID: 24424999
According to the PHP docs, those values are only available under basic and digest authentication types.  There are other things to check (such as the cgi.rfc2616_headers configuration item), but I think kerberos counts as external authentication.

http://www.php.net/manual/en/features.http-auth.php
0
 
LVL 51

Expert Comment

by:Steve Bink
ID: 25986888
I provided an answer to the question of why the values are not populated.  Granted, the user never came back to confirm they could be matched in a different location, but the original question was about "why".
0
 
LVL 51

Expert Comment

by:Steve Bink
ID: 26005395
I believe my comment at #24424999 answered the original question.  Further input from the OP could have taken this a little further, but the solution was provided.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question