Kerberos and Coldfusion
Mark Montague
markmont at umich.edu
Thu Jun 2 14:59:26 EDT 2005
On Wed, 1 Jun 2005, Puidokas, Eric wrote:
> I am a student programmer for Michigan State's business college.
>
> I have been asked to implement the university's Kerberos system with our
> website. However, the rest of the college is programmed using PHP and I
> am using coldfusion, so I have no examples to work from.
Getting and manipulating Kerberos tickets from within Cold Fusion is
probably a mistake, unless you need your Cold Fusion application to
access Kerberos-authenticated resources (such as file servers
or email servers) on behalf of the end user -- this can be quite
complicated.
If you instead just need to verify the user's identity for use
within your own Cold Fusion application, then I'd suggest letting
the web server handle all of the Kerberos authentication for
your application. If you SSL protect your application (or just
certain pages) and require authentication then the web server
will ensure that the user is properly authenticated before your
Cold Fusion code is run.
I am not familiar with Microsoft IIS (maybe someone else can
provide assistance if that is what you are using), but if you
are running your Cold Fusion code under Apache then you
might want to look at mod_auth_gss_krb5 (available
at http://modgssapache.sourceforge.net/) or mod_auth_kerb
(available at http://modauthkerb.sourceforge.net/)
I hope this helps.
Mark Montague
LS&A Information Technology
The University of Michigan
markmont at umich.edu
More information about the Kerberos
mailing list