1. Forum
  2. Usenet
  3. COMP.SYS.IBM.AS400.MISC

  • EIM and kerberos authentication in http

    From Marco Franchini@21:1/5 to All on Wed Dec 11 09:47:00 2019
    I need to know the username of remote users who accesses to the webserver via browser

    I configured EIM on MYAS400 and the entries listed below are in keytab

    krbsvr400/MYAS400@SOCIETA.IT
    HTTP/MYAS400@SOCIETA.IT
    HOST/MYAS400@SOCIETA.IT
    cifs/MYAS400@SOCIETA.IT
    krbsvr400/MYAS400.societa.it@SOCIETA.IT
    HTTP/MYAS400.SOCIETA.IT@SOCIETA.IT
    HOST/MYAS400.societa.it@SOCIETA.IT
    cifs/MYAS400.societa.it@SOCIETA.IT


    I have configured a webserver in /QOpenSys
    /QOpenSys/test
    and in /QOpenSys/test/appl/bin I put a script testcgi.sh to run


    Script testcgi.sh:

    #!/QOpenSys/usr/bin/sh
    echo "Content-type: text/plain\n\n<HTML>\n"
    echo "---- test environment variable REMOTE_USER ----"
    echo REMOTE_USER=[$REMOTE_USER] "\n"


    I entered in httpd.conf the entries for kerberos authentication

    <Directory /QOpenSys/test/appl/bin>
    order allow,deny
    allow from all
    AuthType Kerberos
    PasswdFile %%KERBEROS%%
    UserID %%CLIENT%%
    Require valid-user
    </Directory>
    ScriptAlias /testcgi/ /QOpenSys/test/appl/bin/


    when I run the script http://MYAS400/testcgi/testcgi.sh
    I get the error 403

    removing the entrances for KERBEROS authentication the script works correctly but REMOTE_USER variable is not set


    can anyone help my ?
    thanks

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)