--On Thursday, March 24, 2005 7:23 AM -0800 Ben Poliakoff <benp@xxxxxxxx>
wrote:
So you are saying essentially, that you want your application to ignore
the Kerberos *standard* and do something non-compliant. I don't find
that to be a particularly wise assumption to behave upon, myself.
I guess in my attempt at brevity I left out some details. I'm perfectly
happy with the krb5 libraries' use of KRB5CCNAME. The single sign on
system that I'm using populates $ENV{KRB5CCNAME} with the location of
the ticket of the authenticated user.
Perl scripts that run under mod_cgi work fine since they spawn a process
and inherit $ENV{KRB5CCNAME}. But when running under *mod_perl* the
script is compiled using apache user's environment, so it's stuck looking
in the default location for the apache user's ccache.
I was wondering whether anyone on this list has encountered this sort
of problem before, and knew of a way to get a script to reevaluate or
reset a variable that had been inherited at compile time. This issue
is, admittedly, not explicitly tied to perl-ldap. But I thought that it
might be a common enough issue for people working with perl-ldap that
the members of this list might have some helpful insights.
Ben,
Ah okay, that makes more sense. I've never used mod_perl, myself. I
imagine that you would have to hack mod_perl in this case to behave like
mod_cgi. It is something I'll need to play with myself, I think, with
Stanford's SSO web software (http://webauthv3.stanford.edu) for one of the
applications I maintain, since I want to updated it to use the credentials
passed in from the server (rather than its own, as it does currently).
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin
|
Try Searching:
servers, voip, java, networking, microsoft ...
|
|
|
| 
