way to get username & domainname?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

way to get username & domainname?

笠置 剛史
hello all,

I can implement transparent authentication using Tickets by refering to following site.

using mod_auth_kerb and Windows 2000/2003 as KDC
http://www.grolmsnet.de/kerbtut/

As transparent authentication don't require username & password, Web server don't get username from web browser.
I'm trying to get username & domainname to reflect front page from person to person.
How do I get?

So I have tried following ways.
1,using environment variable by perl
e.g. REMOTE_USER REMOTE_IDENT AUTH_USER LOGON_USER
These variables were empty.

2.using WSH by VBScript
 This way can display,but I must operate ActiveX popup windows.
I don't want to configure web browser if at all possible.
(because I must configure not one but many browser. )

It's my guess that there is some other way,because system is maintaining a log of principalname(username@realm).
Is there any way to get username & domainname utilizing log?

Any idea and who knows what else ?

System Environment:
Web Server : Apahce kerberized wiht mod_auth_kerb
Web Browser : WinXP with IE
KDC : Win2kServer

Please, no flames about my bad English.
Thanks!!

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: way to get username & domainname?

笠置 剛史

hi,Achim

> > So I have tried following ways.
> > 1,using environment variable by perl
> > e.g. REMOTE_USER REMOTE_IDENT AUTH_USER LOGON_USER
> > These variables were empty.
>

Achim Grolms <[hidden email]> wrote:

> In Perl you can have a look at the keys of %ENV hash to find what you are
> looking for.
>
> Why don't you let Perl do the work for you and printout the Environment?

-----------from here-----------from here------------------
DOCUMENT_ROOT = /var/www/html
GATEWAY_INTERFACE = CGI/1.1
HTTP_ACCEPT = */*
HTTP_ACCEPT_ENCODING = gzip, deflate
HTTP_ACCEPT_LANGUAGE = ja
HTTP_CONNECTION = Keep-Alive
HTTP_HOST = server.hogehoge
HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
PATH = /sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin
QUERY_STRING =
REMOTE_ADDR = 192.168.0.52
REMOTE_HOST = client.hogehoge
REMOTE_PORT = 1364
REQUEST_METHOD = GET
REQUEST_URI = /cgi-bin/demo.pl
SCRIPT_FILENAME = /var/www/cgi-bin/demo.pl
SCRIPT_NAME = /cgi-bin/demo.pl
SERVER_ADDR = 192.168.0.100
SERVER_ADMIN = root@localhost
SERVER_NAME = server.hogehoge
SERVER_PORT = 80
SERVER_PROTOCOL = HTTP/1.1
SERVER_SIGNATURE = Apache/2.0.53 (Fedora) Server at server.hogehoge Port 80
SERVER_SOFTWARE = Apache/2.0.53 (Fedora)

added variables
REMOTE_USER =
REMOTE_IDENT =
AUTH_USER =
USER_NAME =
USER =
LOGNAME =
LOGON_USER =
-----------to here-----------to here------------------

I added 7 variables beacuse no variable in output by using "keys %ENV".
No information I want to know.

Any ways to get username & domainname from browser?

Please, no flames about my bad English.
Thanks!!


________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: way to get username & domainname?

笠置 剛史
In reply to this post by 笠置 剛史
Hi Achim,

I can solve this problem by drawing upon a way you said.
Cgi-bin directory isn't contained within territory of Kerberos Authentication!
I didn't pick up on this.

I changed httpd.conf as follows.
(I've written Kerberos config on httpd.conf not .htaccess)

------------from here-------------from here---------
#<Directory /var/www/html>       //Before
 <Directory /var/www>            //After
    AuthType Kerberos
    ---
    abbr.
    ---
 </Directory>
------------to here---------------to here----------

I could get value of "REMOTE_USER" variable(i.e. principal name)by this change.

You made the point right!
Thank you very very much! Achim!!

Please, no flames about my bad English.
Thanks!!


Achim Grolms <[hidden email]> wrote:

> Hallo,
> in normale case mod_auth_kerb sets the environment variable
> with the Kerberos principal of the user as you expect.
> In your case I think that Authentication does not work!
>
> Are you really, really sure Authentication is activated for your cgi-bin
> directory?
>
>
> Achim
>
>
> -----------from here-----------from here------------------
> DOCUMENT_ROOT = /var/www/html
> GATEWAY_INTERFACE = CGI/1.1
> HTTP_ACCEPT =  /
> HTTP_ACCEPT_ENCODING = gzip, deflate
> HTTP_ACCEPT_LANGUAGE = ja
> HTTP_CONNECTION = Keep-Alive
> HTTP_HOST = server.hogehoge
> HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
> CLR 1.1.4322)
> PATH = /sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin
> QUERY_STRING =
> REMOTE_ADDR = 192.168.0.52
> REMOTE_HOST = client.hogehoge
> REMOTE_PORT = 1364
> REQUEST_METHOD = GET
> REQUEST_URI = /cgi-bin/demo.pl
> SCRIPT_FILENAME = /var/www/cgi-bin/demo.pl
> SCRIPT_NAME = /cgi-bin/demo.pl
> SERVER_ADDR = 192.168.0.100
> SERVER_ADMIN = root@localhost
> SERVER_NAME = server.hogehoge
> SERVER_PORT = 80
> SERVER_PROTOCOL = HTTP/1.1
> SERVER_SIGNATURE = Apache/2.0.53 (Fedora) Server at server.hogehoge Port 80
> SERVER_SOFTWARE = Apache/2.0.53 (Fedora)
>

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos