when prevauth succeed KRB5CCNAME is not set
Brought to you by:
kouril
Menu
▾
▴
#55 when prevauth succeed KRB5CCNAME is not set
When prevauth is not null the ccache s not generate . To generate it requires most of the code of the non prevauth case.
Locally I disabled:
if ( (prevauth = already_succeeded(r, auth_line)) == NULL) {
in
kerb_authenticate_user
as otherwise no cache is generated (and the old one has vanished in the mean time). This is visible in php and others as $_SERVER['KRB5CCNAME'] is not defined and thus ldap_sasl_bind food chain ails back to a ccname /tmp/krb5cc_33 (where 33 is www-data, the user apache is run on) thus fails.
Could the code about prevauth be plain removed ?
For example using sasl + gssapi with phpldapadmin fails randomly (depending on which child get the request and if this child has prevauth) to bind to a my ldap.
I would tag this bug blocker as prevauth when used always fails to generate proper context and when not used ... is useless.
Hi, this is in fact a blocking bug for me. If there any drawback (expect performance) about disabling prevauth ?