[27892] in Kerberos
Re: Kerberos for authentication, php for authorization
daemon@ATHENA.MIT.EDU (Ali, Saqib)
Thu Jun 7 10:03:27 2007
Message-ID: <addede3b0706070702s2df9e765x7d26be461ca80ab3@mail.gmail.com>
Date: Thu, 7 Jun 2007 07:02:49 -0700
From: "Ali, Saqib" <docbook.xml@gmail.com>
To: "Steve Webb" <webbsta@gmail.com>
In-Reply-To: <1fa1db430706070616q2eed5537w45f6e5227ce0b6a0@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Use SPNEGO for kerberos authentication for web apps. And the username
will be set in the REMOTE_HTTP_USER server variable
saqib
http://www.full-disk-encryption.net
On 6/7/07, Steve Webb <webbsta@gmail.com> wrote:
> Hello,
>
> I have been requested to build a web app for my medium sized organization
> that currently have Kerberos 5 running on the network. The webapp will
> require non-technical users to be able to log on remotely through a web
> browser (IE only is fine but there must not be any other client programs
> involved) and then be given different privilidges within the app depending
> on their role.
>
> Being a newbie to kerberos I have done some reading about possible
> implementation techniques for Kerberos in web apps but have one question I
> am hoping some of the gurus out there may be able to help with:
> *Q. Can Kerberos be used to authenticate users and a php script then given
> access to a users username in order to authorize privilidges??*
>
> >From my reading I believe that using the mod_auth_kerb module for Apache in
> Negotiation mode may be the best bet for my needs but am hoping to confirm
> whether or not a php script on the same apache server can gain access to the
> users username in order to ascertain roles from a database, where I am quite
> happy to duplicate usernames if need be.
>
> If this scenario is not possible, can anyone offer suggestions as to a
> viable method to implement such a web application.
>
> Thanks in advance!
> George
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
