Solved

Apache doesn't return REMOTE_USER variable

Posted on 2009-05-15
15
2,388 Views
Last Modified: 2013-12-13
Ubuntu Linux 8.04 Apache 2.2 mod_auth_kerb php5 (non-cgi)

Apache's httpd.conf:

<Files ~ "^/WordPress/wp-admin/">
AuthType Kerberos
Require valid-user
</Files>

(SUCCESS) UnitTest1: kinit, klist both tested successfully as myUserName.
(SUCCESS)  UnitTest2: Can access the files only when logged into Windows Vista as a Domain User.
(FAILURE)  UnitTest3: phpinfo() function does not show an Apache REMOTE_USER variable.

Please share your knowledge of where my configuration is missing.
0
Comment
Question by:whittet
  • 4
  • 3
  • 2
  • +1
15 Comments
 
LVL 27

Expert Comment

by:caterham_www
ID: 24413802
> <Files ~ "^/WordPress/wp-admin/">
AuthType Kerberos
Require valid-user
</Files>

Files is to match against filenames, use DirectoryMatch to match against a directory.
<DirectoryMatch "^/var/www/WordPress/wp-admin">
AuthType Kerberos
Require valid-user
</DirectoryMatch>

Open in new window

0
 
LVL 1

Author Comment

by:whittet
ID: 24413963
As I tried to say above.  The permissions piece works, but the REMOTE_USER has no value in phpinfo().
Here is my syntax.

<Directory /wordpress>
  <IfModule mod_auth_kerb>
    AuthType Kerberos
    AuthName "MYDOMAIN Login"
    KrbAuthRealms MYDOMAIN.LOCAL
    KrbServiceName HTTP
    Krb5Keytab /etc/krb5.keytab
    KrbMethodNegotiate on
    KrbMethodK5Passwd off
    KrbSaveCredentials on
    KrbAuthoritative on
  </IfModule>

  <Files ~ "^(wp-admin/|(wp-login|wp-register)\.php)">
    Order allow,deny
    Allow from all

    Require valid-user
  </Files>
</Directory>

0
 
LVL 21

Expert Comment

by:Julian Matz
ID: 24414486
Hi whittet,

Please try the following two variables:

echo $_SERVER['PHP_AUTH_USER'] . '<br />';
echo $_SERVER['PHP_AUTH_PW'] . '<br />';

0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 21

Expert Comment

by:Julian Matz
ID: 24414507
Or try the full snippet below...


<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="TEST"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Text to send if user hits Cancel button';
    exit;
} else {
    echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
    echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
?>

Open in new window

0
 
LVL 1

Author Comment

by:whittet
ID: 24414670
julianmatz - Those values are not set.

I tried all the suggestions from this http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_23840099.html, but was under the impression that mod_auth_kerb was an alternative to mod_ntlm or winbind.
0
 
LVL 50

Expert Comment

by:Steve Bink
ID: 24416489
Are you running safe mode?
0
 
LVL 1

Author Comment

by:whittet
ID: 24418137
No safe mode.
0
 
LVL 50

Accepted Solution

by:
Steve Bink earned 500 total points
ID: 24424999
According to the PHP docs, those values are only available under basic and digest authentication types.  There are other things to check (such as the cgi.rfc2616_headers configuration item), but I think kerberos counts as external authentication.

http://www.php.net/manual/en/features.http-auth.php
0
 
LVL 50

Expert Comment

by:Steve Bink
ID: 25986888
I provided an answer to the question of why the values are not populated.  Granted, the user never came back to confirm they could be matched in a different location, but the original question was about "why".
0
 
LVL 50

Expert Comment

by:Steve Bink
ID: 26005395
I believe my comment at #24424999 answered the original question.  Further input from the OP could have taken this a little further, but the solution was provided.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question