Solved

Apache doesn't return REMOTE_USER variable

Posted on 2009-05-15
15
2,467 Views
Last Modified: 2013-12-13
Ubuntu Linux 8.04 Apache 2.2 mod_auth_kerb php5 (non-cgi)

Apache's httpd.conf:

<Files ~ "^/WordPress/wp-admin/">
AuthType Kerberos
Require valid-user
</Files>

(SUCCESS) UnitTest1: kinit, klist both tested successfully as myUserName.
(SUCCESS)  UnitTest2: Can access the files only when logged into Windows Vista as a Domain User.
(FAILURE)  UnitTest3: phpinfo() function does not show an Apache REMOTE_USER variable.

Please share your knowledge of where my configuration is missing.
0
Comment
Question by:whittet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
15 Comments
 
LVL 27

Expert Comment

by:caterham_www
ID: 24413802
> <Files ~ "^/WordPress/wp-admin/">
AuthType Kerberos
Require valid-user
</Files>

Files is to match against filenames, use DirectoryMatch to match against a directory.
<DirectoryMatch "^/var/www/WordPress/wp-admin">
AuthType Kerberos
Require valid-user
</DirectoryMatch>

Open in new window

0
 
LVL 1

Author Comment

by:whittet
ID: 24413963
As I tried to say above.  The permissions piece works, but the REMOTE_USER has no value in phpinfo().
Here is my syntax.

<Directory /wordpress>
  <IfModule mod_auth_kerb>
    AuthType Kerberos
    AuthName "MYDOMAIN Login"
    KrbAuthRealms MYDOMAIN.LOCAL
    KrbServiceName HTTP
    Krb5Keytab /etc/krb5.keytab
    KrbMethodNegotiate on
    KrbMethodK5Passwd off
    KrbSaveCredentials on
    KrbAuthoritative on
  </IfModule>

  <Files ~ "^(wp-admin/|(wp-login|wp-register)\.php)">
    Order allow,deny
    Allow from all

    Require valid-user
  </Files>
</Directory>

0
 
LVL 21

Expert Comment

by:Julian Matz
ID: 24414486
Hi whittet,

Please try the following two variables:

echo $_SERVER['PHP_AUTH_USER'] . '<br />';
echo $_SERVER['PHP_AUTH_PW'] . '<br />';

0
Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

 
LVL 21

Expert Comment

by:Julian Matz
ID: 24414507
Or try the full snippet below...


<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="TEST"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Text to send if user hits Cancel button';
    exit;
} else {
    echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
    echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
?>

Open in new window

0
 
LVL 1

Author Comment

by:whittet
ID: 24414670
julianmatz - Those values are not set.

I tried all the suggestions from this http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_23840099.html, but was under the impression that mod_auth_kerb was an alternative to mod_ntlm or winbind.
0
 
LVL 50

Expert Comment

by:Steve Bink
ID: 24416489
Are you running safe mode?
0
 
LVL 1

Author Comment

by:whittet
ID: 24418137
No safe mode.
0
 
LVL 50

Accepted Solution

by:
Steve Bink earned 500 total points
ID: 24424999
According to the PHP docs, those values are only available under basic and digest authentication types.  There are other things to check (such as the cgi.rfc2616_headers configuration item), but I think kerberos counts as external authentication.

http://www.php.net/manual/en/features.http-auth.php
0
 
LVL 50

Expert Comment

by:Steve Bink
ID: 25986888
I provided an answer to the question of why the values are not populated.  Granted, the user never came back to confirm they could be matched in a different location, but the original question was about "why".
0
 
LVL 50

Expert Comment

by:Steve Bink
ID: 26005395
I believe my comment at #24424999 answered the original question.  Further input from the OP could have taken this a little further, but the solution was provided.
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Help with mod_substitute 18 44
Wordpress and Wufoo 1 40
warning code: class php incomplete message 6 39
How to use session variables in php? 22 52
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question