Kerberos for authentication, php for authorization

Steve Webb webbsta at gmail.com
Thu Jun 7 09:16:26 EDT 2007


Hello,

I have been requested to build a web app for my medium sized organization
that currently have Kerberos 5 running on the network.  The webapp will
require non-technical users to be able to log on remotely through a web
browser (IE only is fine but there must not be any other client programs
involved) and then be given different privilidges within the app depending
on their role.

Being a newbie to kerberos I have done some reading about possible
implementation techniques for Kerberos in web apps but have one question I
am hoping some of the gurus out there may be able to help with:
*Q. Can Kerberos be used to authenticate users and a php script then given
access to a users username in order to authorize privilidges??*

>From my reading I believe that using the mod_auth_kerb module for Apache in
Negotiation mode may be the best bet for my needs but am hoping to confirm
whether or not a php script on the same apache server can gain access to the
users username in order to ascertain roles from a database, where I am quite
happy to duplicate usernames if need be.

If this scenario is not possible, can anyone offer suggestions as to a
viable method to implement such a web application.

Thanks in advance!
George



More information about the Kerberos mailing list