We are using Apache with mod_auth_kerb to authenticate our users configured in an Active Directory. While trying to extract REMOTE_USER from the Environment Variables I observed something strange - I was able to retrieve the user when SSL is enabled by loading mod_ssl library, but gave me "null" value for non-SSL variable.
Here are the configurations for my Apache Server:
<Location /my-site-page>
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate on
KrbMethodK5Passwd on
KrbSaveCredentials on
KrbLocalUserMapping off
KrbAuthRealms MY.REALM.COM
KrbServiceName Any
Krb5KeyTab /path/to/my/keytab
RequestHeader set X-REMOTE-USER %{REMOTE_USER}e
RequestHeader append X-REMOTE-USER %{REMOTE_USER}s
As I understand from Apache Mod Header Docs
%{VARNAME}e The contents of the environment variable VARNAME.
%{VARNAME}s The contents of the SSL environment variable VARNAME, if mod_ssl is enabled.
I tried by both turning SSL on and off, and here are the results that I see
when SSL is enabled
X-REMOTE-USER: (null), harman
when SSL is disabled
X-REMOTE-USER: (null), (null)