Я пытаюсь настроить mod_auth_gssapi для хранения учетных данных пользователей в каталоге ccache клиента, но каталог остается пустым, несмотря на то, что в журналах трассировки указано, что учетные данные были сохранены (последняя строка в журнале трассировки).
Что может быть причиной?
отредактируйте с некоторыми подробностями о среде:
Centos7
Selinux disabled
drwx------. 2 apache apache 6 8. Mär 20:40 /tmp/httpd_krb5cc/
Httpd.conf:
<Location />
# enable kerberos auth
AuthType GSSAPI
AuthName "KRB credentials required"
GssapiBasicAuth On
GssapiBasicAuthMech krb5
Require valid-user
GssapiLocalName On
# client keytab to allow GSSAPI to initiate via keytab on its own.
GssapiCredStore keytab:/etc/httpd/httpd.keytab
# delegation of credentials
GssapiCredStore ccache:FILE:/tmp/httpd_krb5ccache
GssapiDelegCcacheDir /tmp/httpd_krb5cc
# GssapiDelegCcachePerms mode:0644
Options +ExecCGI
</Location>
mod_gssapi След:
[330] 1583971434.451698: Negotiated enctype based on authenticator: aes256-cts
[330] 1583971434.451699: Authenticator contains subkey: aes256-cts/D3F4
[330] 1583971434.451700: Resolving unique ccache of type MEMORY
[330] 1583971434.451701: Initializing MEMORY:0R7erFw with default princ jpetermann@LAB.BIZ
[330] 1583971434.451702: Storing jpetermann@LAB.BIZ -> krbtgt/LAB.BIZ@LAB.BIZ in MEMORY:0R7erFw
[330] 1583971434.451704: Creating AP-REP, time 1583971440.32151, subkey aes256-cts/A569, seqnum 125695843
[330] 1583971434.451710: Initializing FILE:/tmp/httpd_krb5cc/jpetermann@LAB.BIZ with default princ jpetermann@LAB.BIZ
[330] 1583971434.451731: Destroying ccache MEMORY:0R7erFw
[330] 1583971434.451737: Decrypted AP-REQ with server principal srv-apache@LAB.BIZ: aes256-cts/E8C6
[330] 1583971434.451738: AP-REQ ticket: jpetermann@LAB.BIZ -> srv-apache@LAB.BIZ, session key aes256-cts/C33B
[330] 1583971434.451739: Negotiated enctype based on authenticator: aes256-cts
[330] 1583971434.451740: Authenticator contains subkey: aes256-cts/7B6C
[330] 1583971434.451741: Resolving unique ccache of type MEMORY
[330] 1583971434.451742: Initializing MEMORY:mtQEBh2 with default princ jpetermann@LAB.BIZ
[330] 1583971434.451743: Storing jpetermann@LAB.BIZ -> krbtgt/LAB.BIZ@LAB.BIZ in MEMORY:mtQEBh2
[330] 1583971434.451745: Creating AP-REP, time 1583971441.32156, subkey aes256-cts/B35B, seqnum 458233866
[330] 1583971434.451751: Initializing FILE:/tmp/httpd_krb5cc/jpetermann@LAB.BIZ with default princ jpetermann@LAB.BIZ
[330] 1583971434.451772: Destroying ccache MEMORY:mtQEBh2