Re: [modauthkerb] How to use a received forwardable ticket
Brought to you by:
kouril
From: Rob C. <rcr...@re...> - 2010-08-09 17:38:34
|
Yves Martin wrote: > Hello, > > I would like to know how a code (in PHP or Perl for example) running in > Apache2/mod_auth_kerb can use the received forwardable TGT to > authenticate a HTTP request to another server - in my case a Java JBoss > server. > > Does it work ? How it works (process context or variables) ? How to use > it - if different from a normal "httpclient" call with kerberos > authentication ? > > Thank you in advance for your help > You'll get the environment variable KRB5CCNAME set. From that point you should just be able to use kerberized applications. I don't believe there is anything special you need to do the client end. Here is a sample python CGI: import ldap import ldap.sasl import os sasl_auth = ldap.sasl.sasl({}, "GSSAPI") conn = ldap.initialize("ldap://localhost:389/") conn.protocol_version = 3 print "Content-type: text/plain" print "" try: print "KRB5CCNAME is", os.environ["KRB5CCNAME"] try: conn.sasl_interactive_bind_s("", sasl_auth) except ldap.LDAPError,e: print "Error using SASL mechanism", sasl_auth.mech, str(e) else: print "Sucessfully bound to LDAP using SASL mechanism", sasl_auth.mech conn.unbind() except KeyError,e: print "not set." |