1. Forum
  2. USENET
  3. comp.sys.ibm.as400.misc

  • EIM and kerberos authentication in http

    From Marco Franchini@marco.franchini.it@gmail.com to comp.sys.ibm.as400.misc on Wed Dec 11 09:47:00 2019
    From Newsgroup: comp.sys.ibm.as400.misc

    I need to know the username of remote users who accesses to the webserver via browser

    I configured EIM on MYAS400 and the entries listed below are in keytab

    krbsvr400/MYAS400@SOCIETA.IT
    HTTP/MYAS400@SOCIETA.IT
    HOST/MYAS400@SOCIETA.IT
    cifs/MYAS400@SOCIETA.IT
    krbsvr400/MYAS400.societa.it@SOCIETA.IT
    HTTP/MYAS400.SOCIETA.IT@SOCIETA.IT
    HOST/MYAS400.societa.it@SOCIETA.IT
    cifs/MYAS400.societa.it@SOCIETA.IT


    I have configured a webserver in /QOpenSys
    /QOpenSys/test
    and in /QOpenSys/test/appl/bin I put a script testcgi.sh to run


    Script testcgi.sh:

    #!/QOpenSys/usr/bin/sh
    echo "Content-type: text/plain\n\n<HTML>\n"
    echo "---- test environment variable REMOTE_USER ----"
    echo REMOTE_USER=[$REMOTE_USER] "\n"


    I entered in httpd.conf the entries for kerberos authentication

    <Directory /QOpenSys/test/appl/bin>
    order allow,deny
    allow from all
    AuthType Kerberos
    PasswdFile %%KERBEROS%%
    UserID %%CLIENT%%
    Require valid-user
    </Directory>
    ScriptAlias /testcgi/ /QOpenSys/test/appl/bin/


    when I run the script http://MYAS400/testcgi/testcgi.sh
    I get the error 403

    removing the entrances for KERBEROS authentication the script works correctly but REMOTE_USER variable is not set


    can anyone help my ?
    thanks

    --- Synchronet 3.21d-Linux NewsLink 1.2