[27891] in Kerberos
Kerberos for authentication, php for authorization
daemon@ATHENA.MIT.EDU (Steve Webb)
Thu Jun 7 09:17:06 2007
Message-ID: <1fa1db430706070616q2eed5537w45f6e5227ce0b6a0@mail.gmail.com>
Date: Thu, 7 Jun 2007 23:16:26 +1000
From: "Steve Webb" <webbsta@gmail.com>
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello,
I have been requested to build a web app for my medium sized organization
that currently have Kerberos 5 running on the network. The webapp will
require non-technical users to be able to log on remotely through a web
browser (IE only is fine but there must not be any other client programs
involved) and then be given different privilidges within the app depending
on their role.
Being a newbie to kerberos I have done some reading about possible
implementation techniques for Kerberos in web apps but have one question I
am hoping some of the gurus out there may be able to help with:
*Q. Can Kerberos be used to authenticate users and a php script then given
access to a users username in order to authorize privilidges??*
>From my reading I believe that using the mod_auth_kerb module for Apache in
Negotiation mode may be the best bet for my needs but am hoping to confirm
whether or not a php script on the same apache server can gain access to the
users username in order to ascertain roles from a database, where I am quite
happy to duplicate usernames if need be.
If this scenario is not possible, can anyone offer suggestions as to a
viable method to implement such a web application.
Thanks in advance!
George
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
