Hi Bryan, The code is fairly tightly integrated with the Apache kerberos handler, so probably won't work for you. I intend to put it up on sourceforge at some point (lack of arounds to it, not withstanding). At that point it should be available to all.
On Mon, 2009-07-27 at 16:08 -0700, Bryan Boone wrote: > Hi Edward thanks for the reply. Unfortunatly due to certain > restrictions at this company I cannot use the apache mod. Also I > meant the LDAP group, sorry about the wrong use of > terminology. However the sample code you have would be very helpful > for me to learn from if you don't mind. > > > > > > > > > > Subject: Re: noob question on where to start with Kerberos > > From: [email protected] > > To: [email protected] > > Date: Tue, 28 Jul 2009 10:44:59 +1200 > > > > For Apache: > > http://modauthkerb.sourceforge.net/ > > > > Should do everything you want already. > > > > Also, since group information is not stored on a Kerberos server, I > > assume you're going to be looking up LDAP information. I have some > code > > that simplifies this somewhat, if you are using RFC 2307 (posix/NIS) > > compliant LDAP schemas. Other people have already written (and to be > > fair, support much better) php libraries for handling active > directory > > LDAP lookups. > > > > Cheers, > > Edward Murrell > > > > On Mon, 2009-07-27 at 15:07 -0700, Bryan Boone wrote: > > > Hi everyone I have a noob question for ya. > > > > > > > > > > > > I need to develop a website for a company that uses kerberos > login, the web server resides on a different > > > server than the kerberos server. Unfortunatly I cannot use the > built in PHP functions for kerberos, so > > > I need to write my own C kerberos client as a PHP extension. Also > to eliminate possible man-in-the-middle > > > attacks, I need to have the keytab file manually uploaded to the > web server. > > > > > > > > > > > > So this web page will simply authenticate the users username and > password and then pull that users group name > > > from the kerberos server (while having the keytab on the web > server). There is no need to kerberize any > > > application here. Also I will not be needing to cache tickets or > pass any tickets here. I will use > > > PHP sessions for the website. I just need the authentication side > of kerberos once per user login on the website. > > > > > > > > > > > > I read the O'Reilly Kerberos book and still have some questions. > > > > > > > > > > > > My question is, what methods are best for accomplishing my task. > Can this be accomplished with the > > > pam_krb5 api, the SASL for GSSAPI, or do I need to stick with > native GSSAPI? Which one would be > > > easier for a noob? > > > > > > > > > > > > thanks > > > > > > _________________________________________________________________ > > > Windows Live™ SkyDrive™: Store, access, and share your photos. See > how. > > > > http://windowslive.com/Online/SkyDrive?ocid=TXT_TAGLM_WL_CS_SD_photos_072009 > > > ________________________________________________ > > > Kerberos mailing list [email protected] > > > https://mailman.mit.edu/mailman/listinfo/kerberos > > > > ________________________________________________ > > Kerberos mailing list [email protected] > > https://mailman.mit.edu/mailman/listinfo/kerberos > > > > > ______________________________________________________________________ > Windows Live™ Hotmail®: Search, add, and share the web’s latest sports > videos. Check it out. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
