noob question on where to start with Kerberos

Edward Murrell edward at murrell.co.nz
Mon Jul 27 18:44:59 EDT 2009 

For Apache:
http://modauthkerb.sourceforge.net/

Should do everything you want already.

Also, since group information is not stored on a Kerberos server, I
assume you're going to be looking up LDAP information. I have some code
that simplifies this somewhat, if you are using RFC 2307 (posix/NIS)
compliant LDAP schemas. Other people have already written (and to be
fair, support much better) php libraries for handling active directory
LDAP lookups.

Cheers,
Edward Murrell

On Mon, 2009-07-27 at 15:07 -0700, Bryan Boone wrote:
> Hi everyone I have a noob question for ya.
> 
>  
> 
> I need to develop a website for a company that uses kerberos login, the web server resides on a different
> server than the kerberos server.  Unfortunatly I cannot use the built in PHP functions for kerberos, so
> I need to write my own C kerberos client as a PHP extension.  Also to eliminate possible man-in-the-middle
> attacks, I need to have the keytab file manually uploaded to the web server.
> 
>  
> 
> So this web page will simply authenticate the users username and password and then pull that users group name
> from the kerberos server (while having the keytab on the web server).  There is no need to kerberize any
> application here.  Also I will not be needing to cache tickets or pass any tickets here.  I will use
> PHP sessions for the website.  I just need the authentication side of kerberos once per user login on the website.
> 
>  
> 
> I read the O'Reilly Kerberos book and still have some questions.
> 
>  
> 
> My question is, what methods are best for accomplishing my task.  Can this be accomplished with the
> pam_krb5 api, the SASL for GSSAPI, or do I need to stick with native GSSAPI?  Which one would be
> easier for a noob?
> 
>  
> 
> thanks
> 
> _________________________________________________________________
> Windows Live™ SkyDrive™: Store, access, and share your photos. See how.
> http://windowslive.com/Online/SkyDrive?ocid=TXT_TAGLM_WL_CS_SD_photos_072009
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

More information about the Kerberos mailing list