Tuesday, April 17. 2007
php_krb5 beta / Negotiate auth with GSSAPI for PHP
I finally managed to get the krb5 extension for PHP ready for some kind of release, since the last time I wrote about it I felt the urge to implement yet another feature: Negotiate authentication using GSSAPI. This enables real kerberos single sign on support for webapplications in PHP and works in Mozilla (tested on Windows and Linux - using MIT kerberos/KfW) and should work on IE, too, but I have not yet had the chance to test using SSPI. Nice to have 
I'll post some article on this feature in the next days.
I now have copied the missing headers from the the mit-krb5 distribution, so the source is not needed anymore.
You can get it here -
php_krb5-beta.tar.gz - and maybe some day through PECL.
I'll post some article on this feature in the next days.
I now have copied the missing headers from the the mit-krb5 distribution, so the source is not needed anymore.
You can get it here -
php_krb5-beta.tar.gz - and maybe some day through PECL.
Trackbacks
Trackback specific URI for this entry
No Trackbacks
Comments
Display comments as
(Linear | Threaded)
I found a previous post stating that you are working on an AFS php extension;
I will need a similar extension and i wonder if you had some result.
I have no experience in building php extensions but if you have someting almost-working I can try to add functionalities.
I will need a similar extension and i wonder if you had some result.
I have no experience in building php extensions but if you have someting almost-working I can try to add functionalities.
I have been searching for a plugin to do User Authentication with Kerberos for a while. Can you post some sample code if you have any. I am really out of practice with my C/C++.
I would like to pass a username@REALM and password to php via SSL to Authenticate users of a web app.
Thanks
I would like to pass a username@REALM and password to php via SSL to Authenticate users of a web app.
Thanks
Doing this is as simple as initializing a credential cache and acquiring a TGT using a password. See my most recent post for a current version of the extension.
Verifying the users credentials against a KDC should be as simple as this:
as initPassword will throw an exception when it is unable to obtain a ticket using the given credentials. (This refers to the new version of the extension)
Verifying the users credentials against a KDC should be as simple as this:
- // assuming $princial and $password are available here
- $authenticated = false;
- $ccache = new KRB5CCache();
- try {
- $ccache->initPassword($principal, $password);
- $authenticated = true;
- } catch(Exception $e) { }
as initPassword will throw an exception when it is unable to obtain a ticket using the given credentials. (This refers to the new version of the extension)
