You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Mike Diehn <mi...@diehn.net> on 2009/07/06 19:14:36 UTC

Can a PerlAuthzHandler access ENV variables set by mod_auth_kerb?


Hello, all.

I'm authenticating users with mod_auth_krb and setting KrbSaveCredentials
to on.  I've found that the credentials are stored in a file in /tmp.  The
name of the file is passed to CGI programs as the contents of an ENV var
named KRB5CCNAME.

I'm handling the authorization phase with a mod_perl2 PerlAuthzHandler
script.  I want to use the credentials that mod_auth_kerb just verified. 
By this phase, the name of the credential cache file has been stored
somewhere by mod_auth_kerb.

The question is this:

   How can I get that filename?
   How can I read the ENV that will ultimately go to CGI scripts?

PerlPassEnv seems not to do it.


Thanks,
Mike

-- 
Mike Diehn
Enfield, NH
mike@diehn.net

Re: Can a PerlAuthzHandler access ENV variables set by mod_auth_kerb?

Posted by William T <di...@gmail.com>.

On Mon, Jul 6, 2009 at 10:14 AM, Mike Diehn<mi...@diehn.net> wrote:
>
>
> Hello, all.
>
> I'm authenticating users with mod_auth_krb and setting KrbSaveCredentials
> to on.  I've found that the credentials are stored in a file in /tmp.  The
> name of the file is passed to CGI programs as the contents of an ENV var
> named KRB5CCNAME.
>
> I'm handling the authorization phase with a mod_perl2 PerlAuthzHandler
> script.  I want to use the credentials that mod_auth_kerb just verified.
> By this phase, the name of the credential cache file has been stored
> somewhere by mod_auth_kerb.
>
> The question is this:
>
>   How can I get that filename?
>   How can I read the ENV that will ultimately go to CGI scripts?
>
> PerlPassEnv seems not to do it.

On Mon, Jul 6, 2009 at 10:14 AM, Mike Diehn<mi...@diehn.net> wrote:
>
> Hello, all.
>
> I'm authenticating users with mod_auth_krb and setting KrbSaveCredentials
> to on.  I've found that the credentials are stored in a file in /tmp.  The
> name of the file is passed to CGI programs as the contents of an ENV var
> named KRB5CCNAME.
>
> I'm handling the authorization phase with a mod_perl2 PerlAuthzHandler
> script.  I want to use the credentials that mod_auth_kerb just verified.
> By this phase, the name of the credential cache file has been stored
> somewhere by mod_auth_kerb.
>
> The question is this:
>
>   How can I get that filename?
>   How can I read the ENV that will ultimately go to CGI scripts?
>
> PerlPassEnv seems not to do it.

You need both PassEnv and PerlPassEnv.  Alternatively you may be able
to access the variable using subprocess_env.

http://perl.apache.org/docs/2.0/api/Apache2/RequestRec.html#C_subprocess_env_

-wjt