No subject

Dennis Putnam dennis.putnam at aimaudit.com
Thu Dec 7 07:31:36 EST 2006


Thanks for the reply. The reply from Jiva DeVoe (thank you very much)  
may be the one that gets me out of this jam. I am going to forward  
that to the author of the Authen::Krb5 module to see if that helps. I  
did answer your questions below in case you or someone else has  
additional comments or suggestions.

On Dec 6, 2006, at 9:21 PM, Michael B Allen wrote:
>
>
>
> Are you using the PHP SAPI (server API) or CLI (commandline)?
>
> API.
>
>
> You said "page" as in HTLM page so I will assume SAPI in which case  
> I'm
> confused for two reasons.
>
> First, how you are calling Perl from within PHP?
>


system($command,$ret_code);

>
>
> Second how are you getting initial credentials? Is your web app
> authenticating browser clients using Kerberos?

I'm not, which is the crux of the problem. I'm using the Authen:Krb5  
module for perl. As I said above, I call my script using 'system';

>
> Mike
>
> PS: The next revision of our product (see sig) will enable PHP to
> directly perform a wide variety authentication, authorization and
> account management tasks with both SAPI and CLI (e.g. do HTTP SSO  
> and use
> delegated cred with Kerberos aware clients like curl, ldap, pgsql,  
> etc).

That is a big hole in the current implementation of PHP. It provides  
a few methods of authentication but adding Kerberos support to the  
API will be a very welcome addition.

>
> -- 
> Michael B Allen
> PHP Active Directory SSO
> http://www.ioplex.com/
>
Dennis Putnam
Sr. IT Systems Administrator
AIM Systems, Inc.
11675 Rainwater Dr., Suite 200
Alpharetta, GA  30004
Phone: 678-240-4112
Main Phone: 678-297-0700
FAX: 678-297-2666 or 770-576-1000
The information contained in this e-mail and any attachments is  
strictly confidential. If you are not the intended recipient, any  
use, dissemination, distribution, or duplication of any part of this  
e-mail or any attachment is prohibited. If you are not the intended  
recipient, please notify the sender by return e-mail and delete all  
copies, including the attachments.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20061207/add4a0e3/attachment.bin


More information about the Kerberos mailing list