PHP 中的 Kerberos 身份验证 [英] Kerberos Authentication in PHP

问题描述

假设我对 Kerberos 知之甚少 - 只是基础知识.

Let's just assume that I don't know much about Kerberos - just the basics.

我有...

• Debian Linux 2.6 网络服务器
  • Apache 2.2
    • mod_auth_kerb/5.3
    • PHP/5.2
    • 火狐 3
    • MIT 网络身份管理器中的登录身份user@EXAMPLE.COM"

    如何在 PHP 脚本中使用此信息，以便在访问者拥有这样的 kerberos 票证时无需登录网站?我不希望 Apache 处理身份验证.我需要找出哪个用户正在通过 PHP 访问该站点.

    How do I use this information in a PHP script so that I don't need to log in to the website if the visitor has a kerberos ticket like that? I don't want Apache to handle the authentication. I need to find out which user is accessing the site via PHP.

    这可能吗?如果是这样:如何?

    Is that possible? If so: How?

    到目前为止我发现了什么:我必须在 Firefox 中启用"域.

    What I have found out so far: I have to "enable" the domain in Firefox.

    不过就是这样...

    推荐答案

    我不确定这是否会有所帮助，但看起来 Apache 会向 PHP 发送带有 modauthkerb 包，如果您使用 KrbSaveCredentials 参数.你应该在 php 中得到两个全局变量:

    I'm not sure if this will help, but it looks like Apache will send PHP the username information with the modauthkerb package if you use the KrbSaveCredentials parameter. You should get two global variables in php:

     $_SERVER['REMOTE_USER']
     $_SERVER['KRB5CCNAME']
    

    http://archives.postgresql.org/pgsql-admin/2004-08/msg00144.php 看起来他们已经开始工作了.

    http://archives.postgresql.org/pgsql-admin/2004-08/msg00144.php looks like they have got this working.

    这样，如果您可以看到用户是什么，那么实际上不需要 php 进行身份验证.

    That way if you can see what the user is, it really isn't a requirement that php actually does the authentication.

    这篇关于PHP 中的 Kerberos 身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！