So you're duplicating the ldap extension? :)
--Jani
On Wed, 21 Dec 2005, Michael B Allen wrote:
On Wed, 21 Dec 2005 01:58:41 -0500
Wez Furlong <[EMAIL PROTECTED]> wrote:
Just curious, why aren't you writing this as an apache module?
Is this of any use; it seems a bit dated, but could save you some effort:
http://meta.cesnet.cz/cms/opencms/en/docs/software/devel/negotiate.html
Well for one, mod_auth_gss_krb5 only does authentication. My *real*
product is Windows integration libraries for non-Windows environments
(i.e. LAMP). So, for example, this SSO module is going to include Windows
authorization functionality for integration with AD. Meaning the developer
can restrict content based on group membership of groups defined in an
AD domain:
$auth = sso_authenticate();
if (!sso_is_member($auth, "Authenticated Users")) {
header("Location: /login.php");
die("You are not authorized to access this content.");
}
...
if (sso_is_member($auth, "FOONET\\Engineers")) {
echo "Engineers rule!";
} else if (sso_is_member($auth, "FOONET\\Consultants")) {
echo "Consultants rule!";
}
Also I think there's also alot of polish that can go into failing over to
other authentication methods and redirecting to login pages and so on. You
just can't do any of this well unless your at the language level.
Mike
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
