generating keys from a web app(php)

Michael B Allen mba2000 at ioplex.com
Sat Apr 7 00:09:26 EDT 2007


On Fri, 06 Apr 2007 09:58:50 -0700
Matthew Andrews <mnandrews at lbl.gov> wrote:

> I'm looking to see if anyone has any suggestions on how best to go about
> generating krb5 keys from a password(string_to_key) within a php based
> web application. the intent here is to extend our current account
> management software(which currently generates an md5 hash of the
> password and stores it in a database) to generate krb5 keys. The idea is
> that we currently do not have a central krb5 infrastructure, but are
> interested in being able to deploy one in the future. We currently
> require all users to change their passwords at regular intervals, and
> figured that if we started saving keys away now, then any time after the
> password change interval had elapsed, we could populate a krb5 kdc based
> on the key's we'd been saving.
> 
> has anyone else done anything like this in php?

I am not aware of any generic kerberos extension for PHP. We have a
product that can do common things like set passwords and generate keytab
files but I'm not sure it would help you (see sig).

Why not deploy Kerberos but use it only to accept password changes from
a bridge script in the old infrastructure. After some time, when you
feel most or all of the passwords are set in both stores, migrate your
applications to the new Kerberos infrastructure.

Mike

-- 
Michael B Allen
PHP Active Directory Kerberos SSO
http://www.ioplex.com/



More information about the Kerberos mailing list