Can a PerlAuthzHandler access ENV variables set by mod_auth_kerb?

Hello, all.

I'm authenticating users with mod_auth_krb and setting KrbSaveCredentials
to on.  I've found that the credentials are stored in a file in /tmp.  The
name of the file is passed to CGI programs as the contents of an ENV var
named KRB5CCNAME.

I'm handling the authorization phase with a mod_perl2 PerlAuthzHandler
script.  I want to use the credentials that mod_auth_kerb just verified. 
By this phase, the name of the credential cache file has been stored
somewhere by mod_auth_kerb.

The question is this:

   How can I get that filename?
   How can I read the ENV that will ultimately go to CGI scripts?

PerlPassEnv seems not to do it.

Thanks,
Mike

--

-- 
Mike Diehn
Enfield, NH
mike <at> diehn.net

About doctoral research project

Information about doctoral research project

Dear mod_perl contributors,

This is to inform briefly about my research purpose in relation to the 
mod_perl project. I’m a PhD student in educational science at University 
of Oslo, Norway. The research is focused on interaction and knowledge 
sharing in open source projects. More specific, it’s about how shared 
understandings evolve around open source codes.

Due to the dynamic distributed peer review and high quality output of 
the mod_perl project, it is of special interest for gaining deeper 
insight into the ‘knowledge machineries’ associated with open source 
software development.

The plan is to read through the mailing list archive available at 
http://mail-archives.apache.org/mod_mbox/perl-modperl/ and study the 
content of postings from two contrasting sub-groups within the project 
that contributes frequent and less frequent.

The research is conducted from July 15th until November 29th this year. 
Results will be published and shared in a monograph with the working 
title “Intersubjectivity around expert objects - Inquiries into the 
knowledge practices of software development”.

Keep up the good work.

Best regards, Pål Fugelli
PhD Researcher University of Oslo

Re: About doctoral research project

Pål Fugelli wrote:
> Information about doctoral research project
> 
...
Allright guys, so now you know : we're being watched.
Thus in the next month or so, no trolls or flames, be nice and 
considerate, check you spelling, verify your quotes, and write only nice 
things about perl and about doctoral researchers.

Re: Can a PerlAuthzHandler access ENV variables set by mod_auth_kerb?

On Mon, Jul 6, 2009 at 10:14 AM, Mike Diehn<mike <at> diehn.net> wrote:
>
>
> Hello, all.
>
> I'm authenticating users with mod_auth_krb and setting KrbSaveCredentials
> to on.  I've found that the credentials are stored in a file in /tmp.  The
> name of the file is passed to CGI programs as the contents of an ENV var
> named KRB5CCNAME.
>
> I'm handling the authorization phase with a mod_perl2 PerlAuthzHandler
> script.  I want to use the credentials that mod_auth_kerb just verified.
> By this phase, the name of the credential cache file has been stored
> somewhere by mod_auth_kerb.
>
> The question is this:
>
>   How can I get that filename?
>   How can I read the ENV that will ultimately go to CGI scripts?
>
> PerlPassEnv seems not to do it.

On Mon, Jul 6, 2009 at 10:14 AM, Mike Diehn<mike <at> diehn.net> wrote:
>
> Hello, all.
>
> I'm authenticating users with mod_auth_krb and setting KrbSaveCredentials
> to on.  I've found that the credentials are stored in a file in /tmp.  The
> name of the file is passed to CGI programs as the contents of an ENV var
> named KRB5CCNAME.

Apache Mobile Filter

Re: Apache Mobile Filter

On Wed, Jul 8, 2009 at 2:29 PM, Idel Fuschini<idel.fuschini <at> gmail.com> wrote:
> I have published the last version of "Apache Mobile Filter".
>
> For more info: http://www.idelfuschini.it/it/apache-mobile-filter-v2x.html

Looks interesting, but for future reference, when posting links to the
list, you might want to consider sending your email in plain text
rather than html:

http://perl.apache.org/maillist/email-etiquette.html#Post_in_PLAIN_TEXT

Also, I think people are generally more accepting of links that are
openly using a known redirect tracker such as bit.ly, rather than
embedding a hidden redirect link using html as you did here [1].

Your email will probably get out to more people on the list, as some
email clients will identify this technique and mark it as spam or a
phishing message.  Having been the victim of a CRSF attack that used
this method, it tends to stand out as a red flag in my view when I
recognize it (but that's just me, I don't speak for the list in
general).

[1]
<a href=3D"http://www.linkedin.com/redirect?url=3Dhttp%=
3A%2F%2Fwww%2Eidelfuschini%2Eit%2Fit%2Fapache-mobile-filter-v2x%2Ehtml&amp;=
urlhash=3D0M2h&amp;_t=3Ddisc_detail_link" target=3D"_blank">http://www.idel=
fuschini.it/it/apache-mobile-filter-v2x.html</a>

> Demo link: http://apachemobilefilter.nogoogle.it/php_test.php
>
> --
> Idel
>

Re: Apache Mobile Filter

Re: Apache Mobile Filter

Re: Apache Mobile Filter

Accessing apache request configuration from mp2

This is a case of I'm pretty sure I saw this before but can't for the
life of me remember where -- so it might not even be possible.

I'm trying to access the values of the 'Order', 'Allow', and 'Deny'
apache directives, as they're set at request time, i.e. after merging.
Basically what I want to do is set a flag if a directory has changed
the default Order/Allow/Deny via .htaccess, so it can add a header
than a reverse proxy upstream can know not to cache it. This is on
apache 2.2.10 w/ mod_perl 2.0.4. I haven't been able to track down in
the mod_perl2 API, since I'm not sure exacty what to look for (and the
only relevant search terms I can think of turn up an endless amount of
false hits), and indeed it might not even be possible.

I've tried playing around with Apache2::Module mostly. If I do
something like (with Apache::DB going):

DB<31> my $module = Apache2::Module::find_linked_module(
'mod_authz_host.c' );
DB<32> print $module->get_config( $r->server, $r->per_dir_config  )

This returns undef too:

DB<26> my $c = Apache2::Module::get_config( $module, $r->server,
$r->per_dir_config  ); print $c

I never get anything back besides undef. I've tried also looking at
things like Apache2::RequestUtil::request_config and
$r->per_dir_config, but everything returns the same undocumented type
Apache2::ConfVector, which appears to be not able to be peeked at.

Any words of wisdom or hints or even just confirmations that it's even
possible? Thanks!