Objective: Use Apache/mod_auth_kerb using a custom krb5.conf file, not system standard /etc/krb5.conf
.
Issue: I've got a strongly regimented environment where we application owners are able to configure apache instances within their assigned directories, but the baseline configuration (OS and Apache core) are maintained by a separate group. As such, any changes I make to core config such as /etc/krb5.conf
will mean replicating change to thousands of servers (risk+) or scripting a custom system configuration for this server (risk+,$+).
Model for success: In order to invoke kinit
to test or ktutil
to generate keytab files for use by Apache in this environment, overloading the KRB5_CONFIG
environmental variable (discussed in StackOverflow:pass kinit a custom krb5.conf file)
Question: Is there anyway to specify either the KRB5_CONFIG
environmental variable for Apache or force mod_auth_kerb to use another configuration?
Failed Attempts: I've tried running the same env
command on the apachectl restart. Apache Directive SetEnv was overlooked as it applies to script execution based on user requests, not to Apache 'backoffice' functions.
Best Answer
On most systems there is also an
/etc/init.d/httpd
that does the original startup of the apache server. I think your only solution is to set an environmental variable in that script and use something liketo restart apache with the new environmental variables. You have to modify the environment of the process that starts httpd somehow.