[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos + PHP

To: Jerome Walter <walter+kerberos@efrei.fr>
Subject: Re: Kerberos + PHP
From: Onime Clement <onime@ictp.trieste.it>
Date: Thu, 24 Apr 2003 14:25:53 +0200 (CEST)
cc: heimdal-discuss@sics.se
In-Reply-To: <20030423233338.GA23033@efrei.fr>
Sender: owner-heimdal-discuss@sics.se

Hi,
I had some "not too good" expirience on using apache with mod_PAM and 
krb5. 
On concurrent logins (more than one user at the same time) would sometimes
results in Failed/incorrect logins by apache. 
I did not investigated the problem in detail, but I suspect that it is
related to the fact a process (or user) may not have more than 1 ticket
for the same realm, or maybe the PAM library is not completely thread 
safe.
Well, now I use a different solution.
For webmail, I use the excellent squirrelmail (PHP) package, it is quite 
complete and authenticates users against an IMAP server (Also does secure 
IMAP). It also has modules to ensure that the user is 
connected/authenticated over HTTPS. My IMAP server does plain login but 
uses PAM/krb5 to authenticate the users. 

Possibly you could find something similar for webnews..

Someone else (for a web conferencing application) I know uses the IMAP 
support in PHP for authenticating users, that is the supplied username and 
password are verified via a successful IMAP connection from PHP, which is 
closed immediately.  

Thanks
Clement Onime

On Thu, 24 Apr 2003, Jerome Walter wrote:

> Hello everyone,
> 
> I am not sure this is the best place to find the info, but i have to try :
> 
> Do you know any mean to authenticate someone in a PHP application through a
> Kerberos server ? We have an existing Kerberos server having the
> authentication info for users who are inside our university network
> (physically speaking, there is no VPN). We would like to offer some services
> (webmail and webnews to start, plus some info requiring authentication of
> user) to students through an intranet application.
> 
> have you ever have experience of a way to use the information stored in the
> Kerberos KDC for such an application ? If it is not directly possible, do you
> know a mean to circumvent this ?
> 
> Thank you for your help,
> 
> 
> Sincerely yours,
> 
> Jerome Walter
> 
> -- 
> -+--   Jérôme Walter - 	I2 EFREI student	          ----+-
>  Equipe Système - Efrei Robotique - Jap'Efrei - Erasmus Tutors
>  "The World is my country" - "Nihon no tomodachi desu"
> EFREI System and Networking guide http://perso.efrei.fr/~walter/  
>

References:
- Kerberos + PHP
  - From: Jerome Walter <walter+kerberos@efrei.fr>

Prev by Date: Re: Kerberos + PHP
Next by Date: Re: [OpenAFS] Problems with openafs 1.2.9 and KTH Kerberos 1.2.2
Prev by thread: Re: Kerberos + PHP
Next by thread: Patch for gss ftp client to work through stateful firewalls
Index(es):
- Date
- Thread