Can a PerlAuthzHandler access ENV variables set by mod_auth_kerb?

Can a PerlAuthzHandler access ENV variables set by mod_auth_kerb?

am 06.07.2009 19:14:36 von Mike Diehn

Hello, all.

I'm authenticating users with mod_auth_krb and setting KrbSaveCredentials
to on. I've found that the credentials are stored in a file in /tmp. The
name of the file is passed to CGI programs as the contents of an ENV var
named KRB5CCNAME.

I'm handling the authorization phase with a mod_perl2 PerlAuthzHandler
script. I want to use the credentials that mod_auth_kerb just verified.
By this phase, the name of the credential cache file has been stored
somewhere by mod_auth_kerb.

The question is this:

How can I get that filename?
How can I read the ENV that will ultimately go to CGI scripts?

PerlPassEnv seems not to do it.


Thanks,
Mike

--
Mike Diehn
Enfield, NH
mike@diehn.net

Re: Can a PerlAuthzHandler access ENV variables set by mod_auth_kerb?

am 07.07.2009 19:08:51 von William T

On Mon, Jul 6, 2009 at 10:14 AM, Mike Diehn wrote:
>
>
> Hello, all.
>
> I'm authenticating users with mod_auth_krb and setting KrbSaveCredentials
> to on. =A0I've found that the credentials are stored in a file in /tmp. =
=A0The
> name of the file is passed to CGI programs as the contents of an ENV var
> named KRB5CCNAME.
>
> I'm handling the authorization phase with a mod_perl2 PerlAuthzHandler
> script. =A0I want to use the credentials that mod_auth_kerb just verified=
..
> By this phase, the name of the credential cache file has been stored
> somewhere by mod_auth_kerb.
>
> The question is this:
>
> =A0 How can I get that filename?
> =A0 How can I read the ENV that will ultimately go to CGI scripts?
>
> PerlPassEnv seems not to do it.

On Mon, Jul 6, 2009 at 10:14 AM, Mike Diehn wrote:
>
> Hello, all.
>
> I'm authenticating users with mod_auth_krb and setting KrbSaveCredentials
> to on. I've found that the credentials are stored in a file in /tmp. Th=
e
> name of the file is passed to CGI programs as the contents of an ENV var
> named KRB5CCNAME.
>
> I'm handling the authorization phase with a mod_perl2 PerlAuthzHandler
> script. I want to use the credentials that mod_auth_kerb just verified.
> By this phase, the name of the credential cache file has been stored
> somewhere by mod_auth_kerb.
>
> The question is this:
>
> How can I get that filename?
> How can I read the ENV that will ultimately go to CGI scripts?
>
> PerlPassEnv seems not to do it.

You need both PassEnv and PerlPassEnv. Alternatively you may be able
to access the variable using subprocess_env.

http://perl.apache.org/docs/2.0/api/Apache2/RequestRec.html# C_subprocess_en=
v_

-wjt