problem obtaining tickets on a webserver
Michael B Allen
mba2000 at ioplex.com
Sun Feb 4 12:15:41 EST 2007
On Sun, 4 Feb 2007 09:57:50 +0100
dk <dk at kadenpartner.ch> wrote:
> Hello
>
> I want to build a web based application where a client sends a
> request to server 1,
> on which a php application resides. This application has to send a
> request to
> a gateway. The gateway itself then calls the target application on
> server 3
> which again is protected by kerberos:
>
> Client (fTGT) ---> Server 1 (Apache, mod_auth_kerb) ---> Gateway --->
> Server 3 (Apache, mod_auth_kerb)
>
> Everything should work as a single sign on application.
Hi Donald,
The next version of our product is specifically designed to do what
you want. We provide a PHP module that can do SSO, direct Krb5 logon w/
user/pass, check group membership, use delegated creds to initiate with
other tiers, advanced LDAP routines, set passwords and more.
For example, to use the delegated credential to initiate with another SSO
web server a minimalistic Plexcel script might look like the following:
<?php
require_once("plexcel.php");
$px = plexcel_authenticate(TRUE, array("putenv_krb5ccname" => "true"));
if ($px == FALSE)
die("Plexcel error: <pre>" . $plexcel_status . "</pre>");
$ch = curl_init("http://server2.example.com/protected.html");
$fp = fopen("/tmp/out.html", "w");
curl_setopt($ch, CURLOPT_FILE, $fp);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_FAILONERROR, FALSE);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_GSSNEGOTIATE);
curl_setopt($ch, CURLOPT_USERPWD, "bogus at EXAMPLE.COM:"); // why?
curl_exec($ch);
curl_close($ch);
fclose($fp);
?>
You can also use the keytab credential to initate with the second teir
as well.
Let me know if you're interested. I'm going to have a beta ready very
soon.
Mike
--
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/
More information about the Kerberos
mailing list