Kerberos for authentication, php for authorization

[Ali, Saqib]

Use SPNEGO for kerberos authentication for web apps. And the username
will be set in the REMOTE_HTTP_USER server variable



saqib
http://www.full-disk-encryption.net

On 6/7/07, Steve Webb <webbsta at gmail.com> wrote:
> Hello,
>
> I have been requested to build a web app for my medium sized organization
> that currently have Kerberos 5 running on the network.  The webapp will
> require non-technical users to be able to log on remotely through a web
> browser (IE only is fine but there must not be any other client programs
> involved) and then be given different privilidges within the app depending
> on their role.
>
> Being a newbie to kerberos I have done some reading about possible
> implementation techniques for Kerberos in web apps but have one question I
> am hoping some of the gurus out there may be able to help with:
> *Q. Can Kerberos be used to authenticate users and a php script then given
> access to a users username in order to authorize privilidges??*
>
> >From my reading I believe that using the mod_auth_kerb module for Apache in
> Negotiation mode may be the best bet for my needs but am hoping to confirm
> whether or not a php script on the same apache server can gain access to the
> users username in order to ascertain roles from a database, where I am quite
> happy to duplicate usernames if need be.
>
> If this scenario is not possible, can anyone offer suggestions as to a
> viable method to implement such a web application.
>
> Thanks in advance!
> George
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>


-- 
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net