Apache + kerberos + php (not sure about php)
Thins is bugging me, but here is my situation and this is what I have so far:
I need my server “centos” to be able to communicate with the kerberos main server to do authentication with universal ID that we have. So far I was able to configure it to do the setup: so when I do kinit username@DOMAIN.. it works just fine.
But that was not the complicated issue, the complicated issue is how to allow php communicate directly with kerberos. I’ve tried this PECL package krb5php, compiled it “after hard time” and php still doesnt like to load the compiled module.
In case if you were wondering, I’ve used many resources such as this one apache + kerberos to get where I am so far:
Here are the quick settings: httpd.conf
added the following lines into
[code]
AllowOverride Limit AuthConfig Options
Options Includes Indexes FollowSymLinks MultiViews
Order allow,deny
Allow from all
[/code]
And in my .htaccess I entered the following:
[code]
AuthType Kerberos
AuthName “Kerberos Login”
KrbMethodNegotiate off
KrbAuthoritative on
KrbVerifyKDC off
KrbAuthRealm ND.EDU
Krb5Keytab /var/kerberos/krb5/kadm5.keytab
KrbSaveCredentials off
[/code]
In case if you were wondering of how to configure kerberos, check this link out.
Oh, the way I have it now is apache authenticates the user, if passes, then it will allow them to access the folder. In the folder I have my php script that grabs their username, by using $_SERVER['PHP_AUTH_USER']
I will keep you updated if I ever get the chance to get my krb5php compiled right and installed. Though krb5php is outdated and not being worked on since 2003.
Sphere: Related ContentIf you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
No comments yet.
Leave a comment