Find the answer to your Linux question:
Results 1 to 6 of 6
I'm using kerberos for authentication and its working great. I'm also using PHP's $_SERVER['REMOTE_USER'] to display the user info. the only problem is apache cant make up its mind on ...
  1. 07-19-2009 #1
    NeoIce
    NeoIce is offline
    Just Joined!
    Join Date
    Aug 2008
    Location
    Seattle, WA
    Posts
    46

    apache2, mod_auth_kerb and access.log



    I'm using kerberos for authentication and its working great. I'm also using PHP's $_SERVER['REMOTE_USER'] to display the user info.

    the only problem is apache cant make up its mind on the REMOTE_USER in the access.log. about 2/3rds of the logs are simply user and about 1/3rd are the full user@DOMAIN like PHP reports. does anyone know the reasoning for this or a solution to get consistent usernames, preferably user@DOMAIN? (for analytics)

    thanks,
    -rb
    Reply With Quote Reply With Quote
  2. 07-20-2009 #2
    aram535
    aram535 is offline
    Just Joined!
    Join Date
    Jul 2009
    Posts
    58
    I would say that's a very weird question. Apache actually reads the variable from an environment variable. Maybe dump out the env settings on each login to see if the variable REMOTE_USER is set or not.

    Are all users using the same connection method? SSH vs Telnet vs VNC, etc... maybe one or more of them isn't setting the proper env variable.
    Reply With Quote Reply With Quote
  3. 07-21-2009 #3
    NeoIce
    NeoIce is offline
    Just Joined!
    Join Date
    Aug 2008
    Location
    Seattle, WA
    Posts
    46
    Quote Originally Posted by aram535 View Post
    I would say that's a very weird question. Apache actually reads the variable from an environment variable. Maybe dump out the env settings on each login to see if the variable REMOTE_USER is set or not.

    Are all users using the same connection method? SSH vs Telnet vs VNC, etc... maybe one or more of them isn't setting the proper env variable.
    "Although these variables are referred to as environment variables, they are not the same as the environment variables controlled by the underlying operating system."

    Environment Variables in Apache - Apache HTTP Server
    Reply With Quote Reply With Quote
  4. 07-21-2009 #4
    aram535
    aram535 is offline
    Just Joined!
    Join Date
    Jul 2009
    Posts
    58
    True, not all env variables are from a shell, some are... including remote user - specially since they're authenticating.
    Reply With Quote Reply With Quote
  5. 07-21-2009 #5
    NeoIce
    NeoIce is offline
    Just Joined!
    Join Date
    Aug 2008
    Location
    Seattle, WA
    Posts
    46
    Quote Originally Posted by aram535 View Post
    True, not all env variables are from a shell, some are... including remote user - specially since they're authenticating.
    the authentication is separate from the PAM/UNIX auth framework. people arent authenticating to Apache via SSH or VNC, they're authenticating via the web browser and the Apache authentication.

    mod_auth_basic - Apache HTTP Server

    unless I'm misunderstanding something about how apache operates. feel free to include a documentation link of some sort.
    Reply With Quote Reply With Quote
  6. 07-21-2009 #6
    aram535
    aram535 is offline
    Just Joined!
    Join Date
    Jul 2009
    Posts
    58
    I think we're confusing the issue.

    1. Authentication to system.
    2. user variable is set
    3. http request comes in,
    4. log entry is created -- user variable should be set.

    So what I am saying is that it looks like the type of authentication may or may not be setting the user that apache can read.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules