[OpenAFS-devel] mod_auth_gssapi + mod_waklog

David Barstis dbarstis@nd.edu
Fri, 15 Dec 2023 11:34:25 -0500


--0000000000004c42ad060c8efbeb
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

I've set up an Apache 2.4 server with mod _auth_gssapi and mod_waklog. To
test I created a simple script in cgi-bin to run klist -f and tokens then
echo KRB5CCNAME. cgi-bin is protected with a .htaccess file that does the
GSSAPI/Kerberos authentication. WaklogAFSCell is defined
and WaklogEnabled and WaklogUseUserTokens are set to On.

Running the script shows that I'm not getting a token.

Ticket cache: FILE:/var/run/httpd/htcacheclean/user@MY.SCHOOL.EDU
Default principal: user@MY.SCHOOL.EDU

Valid starting     Expires            Service principal
12/14/23 15:23:21  01/13/24 15:23:21  krbtgt/MY.SCHOOL.EDU@MY.SCHOOL.EDU
Flags: FfT


Tokens held by the Cache Manager:

   --End of list--
=E2=80=9CKRB5CCNAME=3DFILE:/var/run/httpd/htcacheclean/user@MY.SCHOOL.EDU=
=E2=80=9D

I set LogLevel to debug and can see entries for mod_waklog and phase calls.
Can anyone offer any suggestions, tips, advice to help me troubleshoot? Any
and all advice would be greatly appreciated.

--=20
--------------------------------------------------------
David R. Barstis
Center for Research Computing
University of Notre Dame
Notre Dame, IN  46556
(574) 631-8575
--------------------------------------------------------

--0000000000004c42ad060c8efbeb
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">I&#39;ve set up an Apache 2.4 server with mod _auth_gssapi=
 and mod_waklog. To<br>test I created a simple script in cgi-bin to run kli=
st -f and tokens then<br>echo KRB5CCNAME. cgi-bin is protected with a .htac=
cess file that does the<br>GSSAPI/Kerberos authentication. WaklogAFSCell is=
 defined<br>and WaklogEnabled and WaklogUseUserTokens are set to On.<br><br=
>Running the script shows that I&#39;m not getting a token.<br><br>Ticket c=
ache: FILE:/var/run/httpd/htcacheclean/<a href=3D"mailto:user@MY.SCHOOL.EDU=
">user@MY.SCHOOL.EDU</a><br>Default principal: <a href=3D"mailto:user@MY.SC=
HOOL.EDU">user@MY.SCHOOL.EDU</a><br><br>Valid starting =C2=A0 =C2=A0 Expire=
s =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Service principal<br>12/14/23 15=
:23:21 =C2=A001/13/24 15:23:21 =C2=A0krbtgt/<a href=3D"mailto:MY.SCHOOL.EDU=
@MY.SCHOOL.EDU">MY.SCHOOL.EDU@MY.SCHOOL.EDU</a><br>	Flags: FfT<br><br><br>T=
okens held by the Cache Manager:<br><br>=C2=A0 =C2=A0--End of list--<br>=E2=
=80=9CKRB5CCNAME=3DFILE:/var/run/httpd/htcacheclean/<a href=3D"mailto:user@=
MY.SCHOOL.EDU">user@MY.SCHOOL.EDU</a>=E2=80=9D<br><br>I set LogLevel to deb=
ug and can see entries for mod_waklog and phase calls.<br>Can anyone offer =
any suggestions, tips, advice to help me troubleshoot? Any<br>and all advic=
e would be greatly appreciated.<br><div><br></div><span class=3D"gmail_sign=
ature_prefix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature" data=
-smartmail=3D"gmail_signature"><div dir=3D"ltr"><div><div dir=3D"ltr">-----=
---------------------------------------------------
<br>David R. Barstis
<br>Center for Research Computing=C2=A0<br>University of Notre Dame
<br>Notre Dame, IN=C2=A0 46556=C2=A0</div><div dir=3D"ltr">(574) 631-8575<b=
r>--------------------------------------------------------
</div></div></div></div></div>

--0000000000004c42ad060c8efbeb--