On Wed, 21 Dec 2005 01:58:41 -0500 Wez Furlong <[EMAIL PROTECTED]> wrote:
> Just curious, why aren't you writing this as an apache module? > > Is this of any use; it seems a bit dated, but could save you some effort: > http://meta.cesnet.cz/cms/opencms/en/docs/software/devel/negotiate.html Well for one, mod_auth_gss_krb5 only does authentication. My *real* product is Windows integration libraries for non-Windows environments (i.e. LAMP). So, for example, this SSO module is going to include Windows authorization functionality for integration with AD. Meaning the developer can restrict content based on group membership of groups defined in an AD domain: $auth = sso_authenticate(); if (!sso_is_member($auth, "Authenticated Users")) { header("Location: /login.php"); die("You are not authorized to access this content."); } ... if (sso_is_member($auth, "FOONET\\Engineers")) { echo "Engineers rule!"; } else if (sso_is_member($auth, "FOONET\\Consultants")) { echo "Consultants rule!"; } Also I think there's also alot of polish that can go into failing over to other authentication methods and redirecting to login pages and so on. You just can't do any of this well unless your at the language level. Mike -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
